cbcvebase.
CVE-2023-39141
published 2023-08-22

CVE-2023-39141: webui-aria2 commit 4fe2e was discovered to contain a path traversal vulnerability.

PriorityP353high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
3.05%
85.9th percentile
webui-aria2 commit 4fe2e was discovered to contain a path traversal vulnerability.

Detection & IOCsextracted from sources · hover to see the quote

path/../../../../etc/passwd
yara
contains(body_1, "Aria2 WebUI") AND regex("root:x:0:0:", body_2)
  • Fingerprint vulnerable Aria2 WebUI instances by checking for 'Aria2 WebUI' in the base URL response body, then attempt path traversal to /../../../../etc/passwd and match 'root:x:0:0:' in the response.
  • Search for exposed Aria2 WebUI instances using Shodan query: title:"Aria2 WebUI" or http.title:"aria2 webui"; FOFA: title="aria2 webui"; Google: intitle:"aria2 webui".
  • The vulnerability exists in the node-server.js file of webui-aria2 at commit 4fe2e; review path handling logic at node-server.js line 10.
  • ·The path traversal payload uses relative traversal sequences (../../../../etc/passwd); depth may need adjustment depending on server working directory depth.
  • ·Exploitation requires no authentication (PR:N, UI:N per CVSS), making this vulnerability trivially exploitable against any exposed instance.
  • ·High EPSS score (0.85587, 99.37th percentile) indicates this CVE is very likely being actively exploited in the wild.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.