6 matches found
CVE-2025-24886
pwn.college is an education platform to learn about, and practice, core cybersecurity concepts in a hands-on fashion. Incorrect symlink checks on user specified dojos allows for users admin not required to perform an LFI from the CTFd container. When a user clones or updates repositories, a check...
CVE-2025-24886
pwn.college is an education platform to learn about, and practice, core cybersecurity concepts in a hands-on fashion. Incorrect symlink checks on user specified dojos allows for users admin not required to perform an LFI from the CTFd container. When a user clones or updates repositories, a check...
CVE-2025-24886 pwn.college has Symlink LFI in Dojo repos
pwn.college is an education platform to learn about, and practice, core cybersecurity concepts in a hands-on fashion. Incorrect symlink checks on user specified dojos allows for users admin not required to perform an LFI from the CTFd container. When a user clones or updates repositories, a check...
CVE-2025-24886 pwn.college has Symlink LFI in Dojo repos
pwn.college is an education platform to learn about, and practice, core cybersecurity concepts in a hands-on fashion. Incorrect symlink checks on user specified dojos allows for users admin not required to perform an LFI from the CTFd container. When a user clones or updates repositories, a check...
CVE-2025-24886 pwn.college has Symlink LFI in Dojo repos
pwn.college is an education platform to learn about, and practice, core cybersecurity concepts in a hands-on fashion. Incorrect symlink checks on user specified dojos allows for users admin not required to perform an LFI from the CTFd container. When a user clones or updates repositories, a check...
CVE-2025-24886
CVE-2025-24886 involves pwn.college’s Dojo tooling where incorrect symbolic link checks on user-specified dojos allow an LFI from the CTFd container without admin privileges. A malicious user can craft a repository containing symlinks to sensitive files and retrieve them via the CTFd website when...