{"vulnerability": "cve-2023-25804", "sightings": [{"uuid": "44ec75e8-e645-472f-bda5-0a6a31ae268a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-25804", "type": "seen", "source": "https://t.me/cibsecurity/60074", "content": "\u203c CVE-2023-25804 \u203c\n\nRoxy-WI is a Web interface for managing Haproxy, Nginx, Apache, and Keepalived servers. Versions prior to 6.3.5.0 have a limited path traversal vulnerability. An SSH key can be saved into an unintended location, for example the `/tmp` folder using a payload `../../../../../tmp/test111_dev`. This issue has been fixed in version 6.3.5.0.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-15T21:29:58.000000Z"}]}