4 matches found
WhoDB < 0.45.0 - Path Traversal
WhoDB contains a path traversal caused by lack of validation when opening database files, letting unauthenticated attackers access arbitrary Sqlite3 databases on the host system, exploit requires attacker to manipulate database filename input. id: CVE-2025-24786 info: name: WhoDB 0.45.0 - Path...
CVE-2025-24786
WhoDB (CVE-2025-24786) contains a path-traversal vulnerability in the SQLite3 access logic. The app exposes databases that may be opened via a user-supplied filename, constructing a path with a default directory (/db or ./tmp in dev) and using .Join() without validating that the path stays within...
CVE-2025-24786 Path traversal opening Sqlite3 database in WhoDB
WhoDB is an open source database management tool. While the application only displays Sqlite3 databases present in the directory /db, there is no path traversal prevention in place. This allows an unauthenticated attacker to open any Sqlite3 database present on the host machine that the applicati...
CVE-2025-24786
creationtimestamp| type| source ---|---|--- 2025-02-06 18:32:11+00:00| published-proof-of-concept| https://github.com/clidey/whodb/security/advisories/GHSA-9r4c-jwx3-3j76 2025-02-06 18:43:44+00:00| seen| https://infosec.exchange/users/cve/statuses/113958415485426001 2025-02-06 19:15:42+00:00| see...