Back to KEVs

CVE-2023-39026

Directory Traversal vulnerability in FileMage Gateway Windows Deployments v.1.10.8 and before allows a remote attacker to obtain sensitive...

Basic Information

CVE State
PUBLISHED
Reserved Date
July 25, 2023
Published Date
August 22, 2023
Last Updated
October 03, 2024
Vendor
n/a
Product
n/a
Description
Directory Traversal vulnerability in FileMage Gateway Windows Deployments v.1.10.8 and before allows a remote attacker to obtain sensitive information via a crafted request to the /mgmt/ component.

CVSS Scores

EPSS Score

Score
88.64% (Percentile: 99.46%) as of 2025-04-29

SSVC Information

Exploitation
poc
Automatable
Yes
Technical Impact
partial

Exploit Status

Exploited in the Wild
Yes (added 2025-04-27 00:00:00 UTC) Source

References

https://www.filemage.io/docs/updates.html#change-log https://raindayzz.com/technicalblog/2023/08/20/FileMage-Vulnerability.html http://packetstormsecurity.com/files/174491/FileMage-Gateway-1.10.9-Local-File-Inclusion.html

Known Exploited Vulnerability Information

Source Added Date
The Shadowserver (via CIRCL) 2025-04-27 00:00:00 UTC

Scanner Integrations

Scanner URL Date Detected
Nuclei https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2023/CVE-2023-39026.yaml 2025-04-26 00:00:00 UTC