CVE-2024-51483

changedetection.io is free, open source web page change detection software. Prior to version 0.47.5, when a WebDriver is used to fetch files, source:file:///etc/passwd can be used to retrieve local system files, where the more traditional file:///etc/passwd gets blocked. Version 0.47.5 fixes the...

CVE-2024-51483 changedetection.io Path Traversal vulnerability

changedetection.io is free, open source web page change detection software. Prior to version 0.47.5, when a WebDriver is used to fetch files, source:file:///etc/passwd can be used to retrieve local system files, where the more traditional file:///etc/passwd gets blocked. Version 0.47.5 fixes the...

CVE-2024-51483 changedetection.io Path Traversal vulnerability

changedetection.io is free, open source web page change detection software. Prior to version 0.47.5, when a WebDriver is used to fetch files, source:file:///etc/passwd can be used to retrieve local system files, where the more traditional file:///etc/passwd gets blocked. Version 0.47.5 fixes the...

CVE-2024-51483 changedetection.io Path Traversal vulnerability

changedetection.io is free, open source web page change detection software. Prior to version 0.47.5, when a WebDriver is used to fetch files, source:file:///etc/passwd can be used to retrieve local system files, where the more traditional file:///etc/passwd gets blocked. Version 0.47.5 fixes the...

changedetection.io 安全漏洞

changedetection.io is a website change detection, monitoring, and notification application from the individual developers at dgtlmoon. A security vulnerability exists in changedetection.io versions prior to 0.47.5, which stems from a flaw in the restriction of local file access that could result ...

PT-2024-34647 · Unknown · Changedetection.Io

Name of the Vulnerable Software and Affected Versions: changedetection.io versions prior to 0.47.5 Description: The issue allows retrieval of local system files when a WebDriver is used to fetch files, by utilizing source:file:///etc/passwd, which bypasses the block on traditional...

CVE-2022-23857

model/criteria/criteria.go in Navidrome before 0.47.5 is vulnerable to SQL injection attacks when processing crafted Smart Playlists. An authenticated user could abuse this to extract arbitrary data from the database, including the user table which contains sensitive information such as the users...

CVE-2022-23857

Navidrome (before 0.47.5) is affected by CVE-2022-23857 due to an SQL injection in model/criteria/criteria.go when processing crafted Smart Playlists. An authenticated user could exploit this to extract arbitrary data from the database, including the user table containing encrypted passwords. The...

Navidrome SQL注入漏洞

Navidrome is a web-based open source music collection server and streamer. Used to freely listen to music collections from any browser or mobile device, a SQL injection vulnerability exists in versions of Navidrome prior to 0.47.5, which stems from a lack of validation of externally entered SQL...