Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2023-40160

Summary
Assigner-jpcert
Assigner Org ID-ede6fdc4-6654-4307-a26d-3331c018e2ce
Published At-18 Mar, 2024 | 00:32
Updated At-24 Mar, 2025 | 21:06
Rejected At-
Credits

Directory traversal vulnerability exists in Mailing List Search CGI (pmmls.exe) included in A.K.I Software's PMailServer/PMailServer2 products. If this vulnerability is exploited, a remote attacker may obtain arbitrary files on the server.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:jpcert
Assigner Org ID:ede6fdc4-6654-4307-a26d-3331c018e2ce
Published At:18 Mar, 2024 | 00:32
Updated At:24 Mar, 2025 | 21:06
Rejected At:
▼CVE Numbering Authority (CNA)

Directory traversal vulnerability exists in Mailing List Search CGI (pmmls.exe) included in A.K.I Software's PMailServer/PMailServer2 products. If this vulnerability is exploited, a remote attacker may obtain arbitrary files on the server.

Affected Products
Vendor
AKI SoftwareA.K.I Software
Product
pmmls.exe
Versions
Affected
  • 2.5.1.561 and earlier
Problem Types
TypeCWE IDDescription
textN/ADirectory traversal
Type: text
CWE ID: N/A
Description: Directory traversal
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://akisoftware.com/Vulnerability202301.html
N/A
https://jvn.jp/en/jp/JVN92720882/
N/A
Hyperlink: https://akisoftware.com/Vulnerability202301.html
Resource: N/A
Hyperlink: https://jvn.jp/en/jp/JVN92720882/
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CISA ADP Vulnrichment
Affected Products
Problem Types
TypeCWE IDDescription
CWECWE-22CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Type: CWE
CWE ID: CWE-22
Description: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Metrics
VersionBase scoreBase severityVector
3.13.7LOW
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Version: 3.1
Base score: 3.7
Base severity: LOW
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
2. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://akisoftware.com/Vulnerability202301.html
x_transferred
https://jvn.jp/en/jp/JVN92720882/
x_transferred
Hyperlink: https://akisoftware.com/Vulnerability202301.html
Resource:
x_transferred
Hyperlink: https://jvn.jp/en/jp/JVN92720882/
Resource:
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:vultures@jpcert.or.jp
Published At:18 Mar, 2024 | 01:15
Updated At:24 Mar, 2025 | 21:15

Directory traversal vulnerability exists in Mailing List Search CGI (pmmls.exe) included in A.K.I Software's PMailServer/PMailServer2 products. If this vulnerability is exploited, a remote attacker may obtain arbitrary files on the server.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.13.7LOW
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Type: Secondary
Version: 3.1
Base score: 3.7
Base severity: LOW
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-22Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-22
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://akisoftware.com/Vulnerability202301.htmlvultures@jpcert.or.jp
N/A
https://jvn.jp/en/jp/JVN92720882/vultures@jpcert.or.jp
N/A
https://akisoftware.com/Vulnerability202301.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
https://jvn.jp/en/jp/JVN92720882/af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: https://akisoftware.com/Vulnerability202301.html
Source: vultures@jpcert.or.jp
Resource: N/A
Hyperlink: https://jvn.jp/en/jp/JVN92720882/
Source: vultures@jpcert.or.jp
Resource: N/A
Hyperlink: https://akisoftware.com/Vulnerability202301.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://jvn.jp/en/jp/JVN92720882/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

5Records found
CVE-2026-22877
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-3.7||LOW
EPSS-0.09% / 25.85%
||
7 Day CHG~0.00%
Published-27 Feb, 2026 | 01:01
Updated-27 Feb, 2026 | 23:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Copeland XWEB and XWEB Pro Path Traversal

An arbitrary file-read vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling unauthenticated attackers to read arbitrary files on the system, and potentially causing a denial-of-service attack.

Action-Not Available
Vendor-copelandCopeland
Product-xweb_500d_proxweb_300d_proxweb_500b_proxweb_500d_pro_firmwarexweb_300d_pro_firmwarexweb_500b_pro_firmwareCopeland XWEB 300D PROCopeland XWEB 500D PROCopeland XWEB 500B PRO
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2024-42408
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-6.9||MEDIUM
EPSS-0.80% / 73.76%
||
7 Day CHG~0.00%
Published-08 Aug, 2024 | 17:27
Updated-29 Aug, 2024 | 14:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Dorsett Controls InfoScan Path Traversal

The InfoScan client download page can be intercepted with a proxy, to expose filenames located on the system, which could lead to additional information exposure.

Action-Not Available
Vendor-dorsettcontrolsDorsett Controlsdorsettcontrols
Product-infoscanInfoScaninfoscan
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2025-32943
Matching Score-4
Assigner-JFrog
ShareView Details
Matching Score-4
Assigner-JFrog
CVSS Score-3.7||LOW
EPSS-0.08% / 23.73%
||
7 Day CHG~0.00%
Published-15 Apr, 2025 | 10:24
Updated-10 Oct, 2025 | 16:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PeerTube HLS Video Files Path Traversal

The vulnerability allows any authenticated user to leak the contents of arbitrary “.m3u8” files from the PeerTube server due to a path traversal in the HLS endpoint.

Action-Not Available
Vendor-framasoft
Product-peertube
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2020-24406
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-3.7||LOW
EPSS-0.29% / 52.41%
||
7 Day CHG~0.00%
Published-09 Nov, 2020 | 00:39
Updated-17 Sep, 2024 | 01:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Document root path disclosure on Maintenance page

When in maintenance mode, Magento version 2.4.0 and 2.3.4 (and earlier) are affected by an information disclosure vulnerability that could expose the installation path during build deployments. This information could be helpful to attackers if they are able to identify other exploitable vulnerabilities in the environment.

Action-Not Available
Vendor-magentoAdobe Inc.
Product-magentoMagento Commerce
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2023-5142
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-3.7||LOW
EPSS-0.32% / 54.19%
||
7 Day CHG~0.00%
Published-24 Sep, 2023 | 22:00
Updated-02 Aug, 2024 | 07:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
H3C ER6300G2 Config File userLogin.asp path traversal

A vulnerability classified as problematic was found in H3C GR-1100-P, GR-1108-P, GR-1200W, GR-1800AX, GR-2200, GR-3200, GR-5200, GR-8300, ER2100n, ER2200G2, ER3200G2, ER3260G2, ER5100G2, ER5200G2 and ER6300G2 up to 20230908. This vulnerability affects unknown code of the file /userLogin.asp of the component Config File Handler. The manipulation leads to path traversal. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. VDB-240238 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-New H3C Technologies Co., Ltd.
Product-er2200g2_firmwareer5200g2gr-1200wer2100n_firmwaregr-3200_firmwaregr-8300er3260g2_firmwareer3260g2gr-1200w_firmwareer3200g2gr-2200_firmwareer5100g2_firmwareer2200g2gr-1108-pgr-1800ax_firmwaregr-5200_firmwaregr-1100-p_firmwaregr-8300_firmwareer5200g2_firmwaregr-2200er5100g2er6300g2er6300g2_firmwareer2100ngr-5200gr-1100-per3200g2_firmwaregr-1108-p_firmwaregr-1800axgr-3200GR-1800AXER2100nGR-8300ER3200G2ER5100G2GR-3200ER6300G2GR-1200WER3260G2ER2200G2GR-1108-PER5200G2GR-1100-PGR-2200GR-5200
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Details not found