CVE-2018-16493
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2018-16493
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
A path traversal vulnerability was found in module static-resource-server 1.7.2 that allows unauthorized read access to any file on the server by appending slashes in the URL.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
通过目录枚举导致的信息暴露
Source: NVD (National Vulnerability Database)
Vulnerability Title
static-resource-server 路径遍历漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
static-resource-server是一款静态服务器。 static-resource-server 1.7.2版本中存在路径遍历漏洞,该漏洞源于网络系统或产品未能正确地过滤资源或文件路径中的特殊元素。攻击者可利用该漏洞访问受限目录之外的位置。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| HackerOne | static-resource-server | 1.7.2 | - |
II. Public POCs for CVE-2018-16493
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2018-16493
请登录查看更多情报信息。
Same Patch Batch · HackerOne · 2019-02-01 · 14 CVEs total
| CVE-2018-16479 | http-live-simulator 路径遍历漏洞 | |
| CVE-2018-16480 | public module 跨站脚本漏洞 | |
| CVE-2018-16481 | html-page 跨站脚本漏洞 | |
| CVE-2018-16482 | node module mcstatic 路径遍历漏洞 | |
| CVE-2018-16483 | express-cart 访问控制错误漏洞 | |
| CVE-2018-16484 | m-server 跨站脚本漏洞 | |
| CVE-2018-16485 | m-server 路径遍历漏洞 | |
| CVE-2018-16486 | defaults-deep 注入漏洞 | |
| CVE-2018-16487 | lodash 资源管理错误漏洞 | |
| CVE-2018-16489 | just-extend 注入漏洞 | |
| CVE-2018-16490 | mpath module 注入漏洞 | |
| CVE-2018-16491 | node.extend 注入漏洞 | |
| CVE-2018-16492 | extend module 注入漏洞 |
IV. Related Vulnerabilities
Same weakness: CWE-548
- CVE-2023-38265
Improper Access Control and Exposure of Information Through - CVE-2020-36921
RED-V Super Digital Signage System 5.1.1 Log Information Dis - CVE-2022-50788
SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x Information Disclosure v - CVE-2021-47718
OpenBMCS Directory Listing Information Disclosure - CVE-2024-56464
IBM QRadar SIEM is affected by an information disclosure vul
V. Comments for CVE-2018-16493
No comments yet