CVEFinder.io

CVE-2023-37781

đŸ”ļ medium
🔍 Scan for this CVE
Summary

An issue in the emqx_sn plugin of EMQX v4.3.8 allows attackers to execute a directory traversal via uploading a crafted .txt file.

CVSS Score
6.5
Medium
EPSS Score
0.5
Exploit Probability
Published Date
2023-07-17
First Seen: 2026-01-05
📊 Relative Risk Intelligence

This CVE is Lower Risk - more severe than 47.8% of all 329,778 vulnerabilities in our database.

#172,206
Below average severity
Severity Percentile
đŸŽ¯ CISA SSVC Assessment Updated: Oct 30, 2024
🔍 Exploitation Status
Poc
Proof-of-concept available
⚙ī¸ Automatable
NO
Requires human interaction
đŸ’Ĩ Technical Impact
Partial
Limited system impact
SSVC data provided by CISA
Last Modified 2024-11-21
Source NVD 🔗
CVSS Vector 3.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
CWE IDs (Weakness Types)
CWE-22

đŸ“Ļ Affected Products 1

Vendor Product Status Affected Versions
emqx emqx Affected
v4.3.8

🔗 References 1

https://github.com/emqx/emqx/issues/10419
Exploit Issue Tracking Vendor Advisory

🔗 Related CVEs 3

CVE ID Severity CVSS EPSS Summary Published
CVE-2026-8741 ℹī¸ low 3.1 0.1 A vulnerability has been found in EMQX up to 6.2.0. This affects an unknown function of the file apps/emqx/src/emqx_pers... 2026-05-17
CVE-2025-52136 ℹī¸ low 3.0 0.0 In EMQX before 5.8.6, administrators can install arbitrary novel plugins via the Dashboard web interface. NOTE: the Supp... 2025-08-10
CVE-2021-46434 đŸ”ļ medium 5.3 0.2 EMQ X Dashboard V3.0.0 is affected by username enumeration in the "/api /v3/auth" interface. When a user login, the appl... 2022-03-28
These CVEs affect the same products