← back
CVE-2023-24217

CVE-2023-24217

CVSS 8.8 HIGHEPSS 4.5%CWE-98
In short

AgileBio Electronic Lab Notebook v4.234 allows attackers to access files on the server that shouldn't be publicly available. This vulnerability could expose sensitive data like configuration files or internal documents.

Technical detail

A local file inclusion (LFI) vulnerability in AgileBio Electronic Lab Notebook v4.234 allows an unauthenticated or low-privileged attacker to read arbitrary files from the server filesystem through improper input validation. The attack vector is typically via malicious file path parameters, potentially exposing sensitive configuration files, credentials, or application source code.

Summary generated and translated by AI from the official description.
AgileBio Electronic Lab Notebook v4.234 was discovered to contain a local file inclusion vulnerability.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected products
n/a · n/a
public PoCs found2
cve_referencepacketstormsecurity.com/files/171252/Agilebio-Lab-Collector-4.234-Remote-Code-Execution.htmlunverifiedexploitdbwww.exploit-db.com/exploits/51307unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://packetstormsecurity.com/files/171252/Agilebio-Lab-Collector-4.234-Remote-Code-Execution.htmlhttps://labcollector.com/labcollector-lims/add-ons/eln-electronic-lab-notebook/