Shodan
Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2019-13343

Butor Portal before 1.0.27 is affected by a Path Traversal vulnerability leading to a pre-authentication arbitrary file download. Effectively, a remote anonymous user can download any file on servers running Butor Portal. WhiteLabelingServlet is responsible for this vulnerability. It does not properly sanitize user input on the theme t parameter before reusing it in a path. This path is then used without validation to fetch a file and return its raw content to the user via the /wl?t=../../...&h= substring followed by a filename.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 67.0%
CVSS Severity
CVSS v3 Score 9.9
CVSS v2 Score 5.0
References
Products affected by CVE-2019-13343
  • Butor » Portal » Version: N/A
    cpe:2.3:a:butor:portal:-
  • Butor » Portal » Version: 1.0.12
    cpe:2.3:a:butor:portal:1.0.12
  • Butor » Portal » Version: 1.0.13
    cpe:2.3:a:butor:portal:1.0.13
  • Butor » Portal » Version: 1.0.14
    cpe:2.3:a:butor:portal:1.0.14
  • Butor » Portal » Version: 1.0.15
    cpe:2.3:a:butor:portal:1.0.15
  • Butor » Portal » Version: 1.0.16
    cpe:2.3:a:butor:portal:1.0.16
  • Butor » Portal » Version: 1.0.17
    cpe:2.3:a:butor:portal:1.0.17
  • Butor » Portal » Version: 1.0.18
    cpe:2.3:a:butor:portal:1.0.18
  • Butor » Portal » Version: 1.0.19
    cpe:2.3:a:butor:portal:1.0.19
  • Butor » Portal » Version: 1.0.20
    cpe:2.3:a:butor:portal:1.0.20
  • Butor » Portal » Version: 1.0.21
    cpe:2.3:a:butor:portal:1.0.21
  • Butor » Portal » Version: 1.0.22
    cpe:2.3:a:butor:portal:1.0.22
  • Butor » Portal » Version: 1.0.23
    cpe:2.3:a:butor:portal:1.0.23
  • Butor » Portal » Version: 1.0.24
    cpe:2.3:a:butor:portal:1.0.24
  • Butor » Portal » Version: 1.0.25
    cpe:2.3:a:butor:portal:1.0.25
  • Butor » Portal » Version: 1.0.26
    cpe:2.3:a:butor:portal:1.0.26
  • Butor » Portal » Version: 1.0.3
    cpe:2.3:a:butor:portal:1.0.3
  • Butor » Portal » Version: 1.0.5
    cpe:2.3:a:butor:portal:1.0.5
  • Butor » Portal » Version: 1.0.6
    cpe:2.3:a:butor:portal:1.0.6
  • Butor » Portal » Version: 1.0.7
    cpe:2.3:a:butor:portal:1.0.7
  • Butor » Portal » Version: 1.0.9
    cpe:2.3:a:butor:portal:1.0.9


Products
Pricing
Contact Us

Shodan ® - All rights reserved