CVE-2023-31059
published 2023-04-24CVE-2023-31059: Repetier Server through 1.4.10 allows ..%5c directory traversal for reading files that contain credentials, as demonstrated by connectionLost.php.
PriorityP179high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
5.57%
91.9th percentile
Repetier Server through 1.4.10 allows ..%5c directory traversal for reading files that contain credentials, as demonstrated by connectionLost.php.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| repetier-server | repetier-server | <= 1.4.10 | — |
Detection & IOCsextracted from sources · hover to see the quote
url{{BaseURL}}/views..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5cProgramData%5cRepetier-Server%5cdatabase%5cuser.sql%20/base/connectionLost.php
pathProgramData\Repetier-Server\database\user.sql
filenameconnectionLost.php
- →Detect directory traversal attempts against Repetier Server by looking for '..%5c' sequences in HTTP GET request paths, particularly targeting the /views path prefix. ↗
- →Match HTTP 200 responses whose body begins with the SQLite magic bytes (53514C69746520666F726D617420 3300) to confirm successful credential file exfiltration via traversal.
- →Use Shodan/FOFA queries 'title:"Repetier-Server"' or 'title="Repetier-Server"' to identify exposed instances for proactive scanning.
- →Flag HTTP GET requests where the URL path contains the pattern '/views..%5c' followed by repeated '..%5c' traversal sequences as exploitation attempts for CVE-2023-31059.
- ·Repetier Server runs as SYSTEM on Windows; successful exploitation of this directory traversal (CVE-2023-31059) chained with CVE-2023-31060 results in full system compromise, not just credential disclosure. ↗
- ·The traversal payload targets a Windows path (ProgramData); detection rules should account for URL-encoded backslashes (%5c) rather than forward slashes, as this is Windows-specific.
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
vulncheck7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-f4r6-mhq5-395w: Repetier Server through 1
ghsa_unreviewed·2023-04-24·CVSS 7.5
CVE-2023-31060 [HIGH] GHSA-f4r6-mhq5-395w: Repetier Server through 1
Repetier Server through 1.4.10 executes as SYSTEM. This can be leveraged in conjunction with CVE-2023-31059 for full compromise.
GHSA
GHSA-vqjx-gc4r-4cxp: Repetier Server through 1
ghsa_unreviewed·2023-04-24
CVE-2023-31059 [HIGH] CWE-22 GHSA-vqjx-gc4r-4cxp: Repetier Server through 1
Repetier Server through 1.4.10 allows ..%5c directory traversal for reading files that contain credentials, as demonstrated by connectionLost.php.
VulnCheck
repetier-server repetier-server Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
vulncheck·2023·CVSS 7.5
CVE-2023-31059 [HIGH] repetier-server repetier-server Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
repetier-server repetier-server Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Repetier Server through 1.4.10 allows ..%5c directory traversal for reading files that contain credentials, as demonstrated by connectionLost.php.
Affected: repetier-server repetier-server
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2025-01-13&host_type=src&vulnerability=cve-2023-31059; https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2025-01-14&host_type=src&vulnerability=cve-2023-31059; https://dashboard.shadowserver.org/statistics/hon
No detection rules found.
Nuclei
Repetier Server - Directory Traversal
nuclei·CVSS 7.5
CVE-2023-31059 [HIGH] Repetier Server - Directory Traversal
Repetier Server - Directory Traversal
Repetier Server through 1.4.10 allows ..%5c directory traversal for reading files that contain credentials, as demonstrated by connectionLost.php.
Template:
id: CVE-2023-31059
info:
name: Repetier Server - Directory Traversal
author: parthmalhotra,pdresearch
severity: high
description: |
Repetier Server through 1.4.10 allows ..%5c directory traversal for reading files that contain credentials, as demonstrated by connectionLost.php.
impact: |
An attacker can read, modify, or delete arbitrary files on the server, potentially leading to unauthorized access, data leakage, or system compromise.
remediation: |
Apply the latest security patches or updates provided by the vendor to fix the directory traversal vulnerability in Repetier Server.
reference:
-
2023-04-24
Published
Exploited in the wild