.. / CVE-2023-5830

Exploit for ColumbiaSoft DocumentLocator - Improper Authentication (CVE-2023-5830)

Description:

Instances of ColumbiaSoft’s Document Locator prior to version 7.2 SP4 and 2021.1 are vulnerable to an Improper Authentication/SSRF vulnerability. This template identifies vulnerable instances of the ColumbiaSoft Document Locater application by confirming external DNS interaction/lookups by modifying the value of the client-side SERVER parameter at /api/authentication/login.

Nuclei Template

View the template here CVE-2023-5830.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2023/CVE-2023-5830.yaml
Copy

References:

https://github.com/advisories/GHSA-j89v-wm7x-4434
https://vuldb.com/?ctiid.243729
https://vuldb.com/?id.243729
https://nvd.nist.gov/vuln/detail/CVE-2023-5830