cbcvebase.
CVE-2023-37474
published 2023-07-14

CVE-2023-37474: Copyparty is a portable file server. Versions prior to 1.8.2 are subject to a path traversal vulnerability detected in the `.cpr` subfolder. The Path Traversal…

PriorityP271high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
42.83%
98.5th percentile
Copyparty is a portable file server. Versions prior to 1.8.2 are subject to a path traversal vulnerability detected in the `.cpr` subfolder. The Path Traversal attack technique allows an attacker access to files, directories, and commands that reside outside the web document root directory. This issue has been addressed in commit `043e3c7d` which has been included in release 1.8.2. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Affected

3 ranges
VendorProductVersion rangeFixed in
9001copyparty< 1.8.21.8.2
9001copyparty>= 0 < 1.8.21.8.2
9001copyparty>= 0 < 043e3c7dd683113e2b1c15cacb9c8e68f76513ff043e3c7dd683113e2b1c15cacb9c8e68f76513ff

Detection & IOCsextracted from sources · hover to see the quote

path/.cpr/%2Fetc%2Fpasswd
path/.cpr/
url{{BaseURL}}/.cpr/%2Fetc%2Fpasswd
  • Look for HTTP GET requests targeting the `.cpr` subfolder with URL-encoded path traversal sequences (e.g., %2F) in the request path, which indicates exploitation of CVE-2023-37474.
  • A successful exploit response will return HTTP 200 with content matching the pattern `root:[x*]:0:0`, indicating /etc/passwd was read from the server.
  • Use Shodan or FOFA to identify exposed Copyparty instances via their page title for proactive asset discovery.
  • The vulnerability is unauthenticated (PR:N) and network-exploitable (AV:N), so no credentials are required to exploit it.
  • ·The vulnerability affects Copyparty versions strictly prior to 1.8.2; the fix was introduced in commit 043e3c7d included in release 1.8.2.
  • ·There are no known workarounds; upgrading to 1.8.2 or later is the only remediation.

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.