Exopteron/BiblioRCE

Releases0

Stars14

CVE-2023-29478 - BiblioCraft File Manipulation/Remote Code Execution exploit affecting BiblioCraft versions prior to v2.4.6

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2023-29478 ↗	Apr 7, 2023Friday, 7 April 2023, 04:15	9.8 CRITICAL	—
BiblioCraft before 2.4.6 does not sanitize path-traversal characters in filenames, allowing restricted write access to almost anywhere on the filesystem. This includes the Minecraft mods folder, which results in code execution.