.. / CVE-2024-40348

Exploit for Bazarr < 1.4.3 - Arbitrary File Read (CVE-2024-40348)

Description:

Bazarr 1.4.3 and earlier versions have a arbitrary file read vulnerability.

Nuclei Template

View the template here CVE-2024-40348.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2024/CVE-2024-40348.yaml
Copy

References:

https://nvd.nist.gov/vuln/detail/CVE-2024-40348
https://www.bazarr.media/
https://github.com/4rdr/proofs/blob/main/info/Bazaar_1.4.3_File_Traversal_via_Filename.md
https://github.com/bigb0x/CVE-2024-40348