7 matches found
Piano LED Visualizer 1.3 - Local File Inclusion
Piano LED Visualizer 1.3 and prior are vulnerable to local file inclusion. id: CVE-2022-24900 info: name: Piano LED Visualizer 1.3 - Local File Inclusion author: 0xAkoko severity: high description: | Piano LED Visualizer 1.3 and prior are vulnerable to local file inclusion. impact: | An attacker...
CVE-2022-24900
Piano LED Visualizer is software that allows LED lights to light up as a person plays a piano connected to a computer. Version 1.3 and prior are vulnerable to a path traversal attack. The os.path.join call is unsafe for use with untrusted input. When the os.path.join call encounters an absolute...
CVE-2022-24900
creationtimestamp| type| source ---|---|--- 2022-04-29 18:24:30+00:00| published-proof-of-concept| https://t.me/cibsecurity/41658...
CVE-2022-24900
Piano LED Visualizer is software that allows LED lights to light up as a person plays a piano connected to a computer. Version 1.3 and prior are vulnerable to a path traversal attack. The os.path.join call is unsafe for use with untrusted input. When the os.path.join call encounters an absolute...
CVE-2022-24900 Absolute Path Traversal due to incorrect use of `send_file` call in Piano LED Visualizer
Piano LED Visualizer is software that allows LED lights to light up as a person plays a piano connected to a computer. Version 1.3 and prior are vulnerable to a path traversal attack. The os.path.join call is unsafe for use with untrusted input. When the os.path.join call encounters an absolute...
CVE-2022-24900 Absolute Path Traversal due to incorrect use of `send_file` call in Piano LED Visualizer
Piano LED Visualizer is software that allows LED lights to light up as a person plays a piano connected to a computer. Version 1.3 and prior are vulnerable to a path traversal attack. The os.path.join call is unsafe for use with untrusted input. When the os.path.join call encounters an absolute...
CVE-2022-24900
CVE-2022-24900 affects Piano LED Visualizer 1.3 and earlier, where an insecure os.path.join allows path traversal when combined with untrusted input. If an absolute path is supplied, os.path.join discards the prior path and passes the result to flask.send_file, enabling access to unintended files...