Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2003-1430

CWE-22Path Traversal4 documents4 sources
Severity
5.0MEDIUM
EPSS
3.6%
top 12.25%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Epic Games Unreal Engine
Timeline
PublishedDec 31
Latest updateApr 29

Description

Directory traversal vulnerability in Unreal Tournament Server 436 and earlier allows remote attackers to access known files via a ".." (dot dot) in an unreal:// URL.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDepic_games/unreal_engine226f, 433, 436+2

🔴Vulnerability Details

2
GHSA
GHSA-5w64-w3wc-5m39: Directory traversal vulnerability in Unreal Tournament Server 436 and earlier allows remote attackers to access known files via a "2022-04-29
CVEList
CVE-2003-1430: Directory traversal vulnerability in Unreal Tournament Server 436 and earlier allows remote attackers to access known files via a "2007-10-23

💥Exploits & PoCs

1
Exploit-DB
Epic Games Unreal Engine 436 - URL Directory Traversal2003-02-05
CVE-2003-1430 (MEDIUM CVSS 5) | Directory traversal vulnerability i | cvebase.io