Lucene search
K

4 matches found

Nuclei
Nuclei
added 13 hours ago10 views

WhoDB < 0.45.0 - Path Traversal

WhoDB contains a path traversal caused by lack of validation when opening database files, letting unauthenticated attackers access arbitrary Sqlite3 databases on the host system, exploit requires attacker to manipulate database filename input. id: CVE-2025-24786 info: name: WhoDB 0.45.0 - Path...

10CVSS7.2AI score0.02652EPSS
Exploits1References3
CVE
CVE
added 2025/02/06 6:41 p.m.119 views

CVE-2025-24786

WhoDB (CVE-2025-24786) contains a path-traversal vulnerability in the SQLite3 access logic. The app exposes databases that may be opened via a user-supplied filename, constructing a path with a default directory (/db or ./tmp in dev) and using .Join() without validating that the path stays within...

10CVSS9.5AI score0.02652EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2025/02/06 6:41 p.m.24 views

CVE-2025-24786 Path traversal opening Sqlite3 database in WhoDB

WhoDB is an open source database management tool. While the application only displays Sqlite3 databases present in the directory /db, there is no path traversal prevention in place. This allows an unauthenticated attacker to open any Sqlite3 database present on the host machine that the applicati...

10CVSS0.02652EPSS
Exploits1References3
Circl
Circl
added 2025/02/06 6:32 p.m.6 views

CVE-2025-24786

creationtimestamp| type| source ---|---|--- 2025-02-06 18:32:11+00:00| published-proof-of-concept| https://github.com/clidey/whodb/security/advisories/GHSA-9r4c-jwx3-3j76 2025-02-06 18:43:44+00:00| seen| https://infosec.exchange/users/cve/statuses/113958415485426001 2025-02-06 19:15:42+00:00| see...

10CVSS7.2AI score0.02652EPSS
Exploits1References12
Rows per page
Query Builder