ShokoServer is a media server which specializes in organizing anime. In affected versions the /api/Image/WithPath
endpoint is accessible without authentication and is supposed to return default server images. The endpoint accepts the parameter serverImagePath
, which is not sanitized in any way before being passed to System.IO.File.OpenRead
, which results in an arbitrary file read.
View the template here CVE-2023-43662.yaml
References:
https://nvd.nist.gov/vuln/detail/CVE-2023-43662