.. / CVE-2023-26469

Exploit for Jorani 1.0.0 - Remote Code Execution (CVE-2023-26469)

Description:

Jorani 1.0.0, an attacker could leverage path traversal to access files and execute code on the server.

Nuclei Template

View the template here CVE-2023-26469.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2023/CVE-2023-26469.yaml
Copy

References:

https://jorani.org/security-features-in-lms.html
http://packetstormsecurity.com/files/174248/Jorani-Remote-Code-Execution.html
https://github.com/advisories/GHSA-7r9h-9r47-7vjj
https://github.com/Orange-Cyberdefense/CVE-repository/blob/master/PoCs/CVE_Jorani.py
https://nvd.nist.gov/vuln/detail/CVE-2023-26469