20 matches found
CVE-2026-41231
Froxlor is open source server administration software. Prior to version 2.3.6, DataDump.add constructs the export destination path from user-supplied input without passing the $fixedhomedir parameter to FileDir::makeCorrectDir, bypassing the symlink validation that was added to all other...
CVE-2026-41231
Froxlor is open source server administration software. Prior to version 2.3.6, DataDump.add constructs the export destination path from user-supplied input without passing the $fixedhomedir parameter to FileDir::makeCorrectDir, bypassing the symlink validation that was added to all other...
CVE-2026-41231 Froxlor has Incomplete Symlink Validation in DataDump.add() that Allows Arbitrary Directory Ownership Takeover via Cron
Froxlor is open source server administration software. Prior to version 2.3.6, DataDump.add constructs the export destination path from user-supplied input without passing the $fixedhomedir parameter to FileDir::makeCorrectDir, bypassing the symlink validation that was added to all other...
EUVD-2026-25182
Froxlor is open source server administration software. Prior to version 2.3.6, DataDump.add constructs the export destination path from user-supplied input without passing the $fixedhomedir parameter to FileDir::makeCorrectDir, bypassing the symlink validation that was added to all other...
PT-2026-34635
Froxlor is open source server administration software. Prior to version 2.3.6, DataDump.add constructs the export destination path from user-supplied input without passing the $fixed homedir parameter to FileDir::makeCorrectDir, bypassing the symlink validation that was added to all other...
Symlink Attack
Overview froxlor/froxlor is a server administration software. Affected versions of this package are vulnerable to Symlink Attack via the DataDump.add process. An attacker can gain ownership of arbitrary directories and their contents by creating a symlink within their own directory that points to...
EUVD-2021-19538
Malware in sbrugna...
EUVD-2024-42545
Malicious code in bioql PyPI...
CVE-2024-47612
DataDump is a MediaWiki extension that provides dumps of wikis. Several interface messages are unescaped more specifically, datadump-table-column-queued, datadump-table-column-in-progress, datadump-table-column-completed, datadump-table-column-failed. If these messages are edited which requires t...
CVE-2021-32774
DataDump is a MediaWiki extension that provides dumps of wikis. Prior to commit 67a82b76e186925330b89ace9c5fd893a300830b, DataDump had no protection against CSRF attacks so requests to generate or delete dumps could be forged. The vulnerability was patched in commit...
CVE-2024-47612
DataDump is a MediaWiki extension that provides dumps of wikis. Several interface messages are unescaped more specifically, datadump-table-column-queued, datadump-table-column-in-progress, datadump-table-column-completed, datadump-table-column-failed. If these messages are edited which requires t...
CVE-2024-47612
This CVE concerns DataDump, a MediaWiki extension used to export wiki dumps. The vulnerability arises from several interface messages being unescaped (datadump-table-column-queued, -in-progress, -completed, -failed). If an attacker edits these messages (requiring editinterface by default) and a u...
CVE-2024-47612 XSS in Special:DataDump when displaying dump status
DataDump is a MediaWiki extension that provides dumps of wikis. Several interface messages are unescaped more specifically, datadump-table-column-queued, datadump-table-column-in-progress, datadump-table-column-completed, datadump-table-column-failed. If these messages are edited which requires t...
DataDump 安全漏洞
DataDump is a Miraheze open source extension that provides wiki dumps. A security vulnerability exists in DataDump. An attacker exploited the vulnerability to execute a cross-site scripting attack...
CVE-2021-32774
DataDump is a MediaWiki extension that provides dumps of wikis. Prior to commit 67a82b76e186925330b89ace9c5fd893a300830b, DataDump had no protection against CSRF attacks so requests to generate or delete dumps could be forged. The vulnerability was patched in commit...
CVE-2021-32774
DataDump is a MediaWiki extension that provides dumps of wikis. Prior to commit 67a82b76e186925330b89ace9c5fd893a300830b, DataDump had no protection against CSRF attacks so requests to generate or delete dumps could be forged. The vulnerability was patched in commit...
Cross site request forgery (csrf)
DataDump is a MediaWiki extension that provides dumps of wikis. Prior to commit 67a82b76e186925330b89ace9c5fd893a300830b, DataDump had no protection against CSRF attacks so requests to generate or delete dumps could be forged. The vulnerability was patched in commit...
CVE-2021-32774 Cross-Site Request Forgery (CSRF) in DataDump
DataDump is a MediaWiki extension that provides dumps of wikis. Prior to commit 67a82b76e186925330b89ace9c5fd893a300830b, DataDump had no protection against CSRF attacks so requests to generate or delete dumps could be forged. The vulnerability was patched in commit...
CVE-2021-32774
DataDump (a MediaWiki extension) is affected by a CSRF vulnerability because it lacked CSRF protection before commit 67a82b76e186925330b89ace9c5fd893a300830b. The flaw allowed forged requests to generate or delete dumps. The issue was mitigated by the patch in the cited commit. There are no publi...
MediaWiki 跨站请求伪造漏洞
MediaWiki is a suite of free and freely available web-based Wiki engines from the MediaWiki Foundation. The product can be used to deploy internal knowledge management and content management systems. A security vulnerability exists in the MediaWiki extension DataDump, which stems from the fact th...