First published: Wed Apr 19 2023(Updated: )
Code Sector TeraCopy 3.9.7 does not perform proper access validation on the source folder during a copy operation. This leads to Arbitrary File Read by allowing any user to copy any directory in the system to a directory they control.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Codesector Teracopy | =3.9.7 | |
=3.9.7 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2023-29586.
The severity of CVE-2023-29586 is medium with a CVSS score of 6.5.
The affected software is Code Sector TeraCopy version 3.9.7.
This vulnerability allows any user to copy any directory in the system to a directory they control, leading to Arbitrary File Read.
Yes, you can find more information about CVE-2023-29586 at the following references: [Reference 1](https://packetstormsecurity.com/files/143984/TeraCopyService-3.1-Unquoted-Service-Path-Privilege-Escalation.html), [Reference 2](https://securityandstuff.com/posts/teracopy_arbitrary_read/).