Back to KEVs

CVE-2023-39026

Directory Traversal vulnerability in FileMage Gateway Windows Deployments v.1.10.8 and before allows a remote attacker to obtain sensitive...

Basic Information

CVE State
PUBLISHED
Reserved Date
July 25, 2023
Published Date
August 22, 2023
Last Updated
October 03, 2024
Vendor
n/a
Product
n/a
Description
Directory Traversal vulnerability in FileMage Gateway Windows Deployments v.1.10.8 and before allows a remote attacker to obtain sensitive information via a crafted request to the /mgmt/ component.
Tags
windows nuclei_scanner

CVSS Scores

CVSS v3.1

7.5 - HIGH

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS Score

Score
88.64% (Percentile: 99.47%) as of 2025-05-25

SSVC Information

Exploitation
poc
Automatable
Yes
Technical Impact
partial

Exploit Status

Exploited in the Wild
Yes (2025-04-27 00:00:00 UTC) Source

References

https://www.filemage.io/docs/updates.html#change-log https://raindayzz.com/technicalblog/2023/08/20/FileMage-Vulnerability.html http://packetstormsecurity.com/files/174491/FileMage-Gateway-1.10.9-Local-File-Inclusion.html

Known Exploited Vulnerability Information

Source Added Date
The Shadowserver (via CIRCL) 2025-04-27 00:00:00 UTC

Scanner Integrations

Scanner URL Date Detected
Nuclei https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2023/CVE-2023-39026.yaml 2025-04-26 00:00:00 UTC

Timeline

  • CVE ID Reserved

  • CVE Published to Public

  • Detected by Nuclei

  • Added to KEVIntel