CVE-2019-13343: CVE-2019-13343

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2019-13343

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

Butor Portal before 1.0.27 is affected by a Path Traversal vulnerability leading to a pre-authentication arbitrary file download. Effectively, a remote anonymous user can download any file on servers running Butor Portal. WhiteLabelingServlet is responsible for this vulnerability. It does not properly sanitize user input on the theme t parameter before reusing it in a path. This path is then used without validation to fetch a file and return its raw content to the user via the /wl?t=../../...&h= substring followed by a filename.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

Butor Portal 路径遍历漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Butor Portal是一套使用在Butor Framework中的Butor门户。 Butor Portal 1.0.27之前版本中存在路径遍历漏洞。攻击者可借助特制URL请求利用该漏洞在系统上下载任意文件。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	n/a	n/a	-

II. Public POCs for CVE-2019-13343

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2019-13343

Please Login to view more intelligence information

https://bitbucket.org/butor-team/portal/src/cd7055d33e194fcf530100ee1d8d13aa9cde230b/src/main/java/com/butor/portal/web/servlet/WhiteLabelingServlet.java?at=masterx_refsource_CONFIRM
https://bitbucket.org/account/user/butor-team/projects/PROJx_refsource_MISC
https://bitbucket.org/butor-team/portal/commits/cd7055d33e194fcf530100ee1d8d13aa9cde230bx_refsource_MISC
https://www.gosecure.net/blog/2019/09/30/butor-portal-arbitrary-file-download-vulnerability-cve-2019-13343x_refsource_MISC
https://bitbucket.org/butor-team/portal/commits/allx_refsource_CONFIRM
https://nvd.nist.gov/vuln/detail/CVE-2019-13343

New Vulnerabilities

Product: n/a

Vendor: n/a

V. Comments for CVE-2019-13343

No comments yet

Support Us — Your donation helps us keep running

I. Basic Information for CVE-2019-13343

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2019-13343

III. Intelligence Information for CVE-2019-13343

New Vulnerabilities

V. Comments for CVE-2019-13343

Leave a comment