.. / CVE-2021-33807

Exploit for Cartadis Gespage 8.2.1 - Directory Traversal (CVE-2021-33807)

Description:

Cartadis Gespage through 8.2.1 allows Directory Traversal in gespage/doDownloadData and gespage/webapp/doDownloadData.

Nuclei Template

View the template here CVE-2021-33807.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2021/CVE-2021-33807.yaml
Copy

References:

https://nvd.nist.gov/vuln/detail/CVE-2021-33807
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33807
https://www.gespage.com/cartadis-db/
https://support.gespage.com/fr/support/solutions/articles/14000130201-security-advisory-gespage-directory-traversal
https://www.cartadis.com/gespage-website/
https://www.on-x.com/sites/default/files/on-x_-_security_advisory_-_gespage_-_cve-2021-33807.pdf