Lucene search
+L

6 matches found

RedhatCVE
RedhatCVE
added 2025/02/06 2:33 a.m.7 views

CVE-2025-24886

pwn.college is an education platform to learn about, and practice, core cybersecurity concepts in a hands-on fashion. Incorrect symlink checks on user specified dojos allows for users admin not required to perform an LFI from the CTFd container. When a user clones or updates repositories, a check...

7.7CVSS6.7AI score0.00455EPSS
Exploits0References1
NVD
NVD
added 2025/01/30 11:15 p.m.28 views

CVE-2025-24886

pwn.college is an education platform to learn about, and practice, core cybersecurity concepts in a hands-on fashion. Incorrect symlink checks on user specified dojos allows for users admin not required to perform an LFI from the CTFd container. When a user clones or updates repositories, a check...

7.7CVSS0.00455EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/01/30 10:40 p.m.10 views

CVE-2025-24886 pwn.college has Symlink LFI in Dojo repos

pwn.college is an education platform to learn about, and practice, core cybersecurity concepts in a hands-on fashion. Incorrect symlink checks on user specified dojos allows for users admin not required to perform an LFI from the CTFd container. When a user clones or updates repositories, a check...

7.7CVSS7.6AI score0.00455EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/01/30 10:40 p.m.23 views

CVE-2025-24886 pwn.college has Symlink LFI in Dojo repos

pwn.college is an education platform to learn about, and practice, core cybersecurity concepts in a hands-on fashion. Incorrect symlink checks on user specified dojos allows for users admin not required to perform an LFI from the CTFd container. When a user clones or updates repositories, a check...

7.7CVSS0.00455EPSS
Exploits0References1
OSV
OSV
added 2025/01/30 10:40 p.m.2 views

CVE-2025-24886 pwn.college has Symlink LFI in Dojo repos

pwn.college is an education platform to learn about, and practice, core cybersecurity concepts in a hands-on fashion. Incorrect symlink checks on user specified dojos allows for users admin not required to perform an LFI from the CTFd container. When a user clones or updates repositories, a check...

7.7CVSS6.7AI score0.00455EPSS
Exploits0References1
CVE
CVE
added 2025/01/30 10:40 p.m.59 views

CVE-2025-24886

CVE-2025-24886 involves pwn.college’s Dojo tooling where incorrect symbolic link checks on user-specified dojos allow an LFI from the CTFd container without admin privileges. A malicious user can craft a repository containing symlinks to sensitive files and retrieve them via the CTFd website when...

7.7CVSS7.6AI score0.00455EPSS
Exploits0References1
Rows per page
Query Builder