CVE-2025-24971

DumpDrop is affected by an OS Command Injection in the /upload/init endpoint. The vulnerability can allow remote code execution when Apprise Notification is enabled. The issue is addressed in commit 4ff8469d and users are advised to patch. No public exploitation details are provided in the docume...

CVE-2025-24971 OS Command Injection endpoint '/upload/init' parameter 'filename' (RCE) in DumpDrop

DumpDrop is a stupid simple file upload application that provides an interface for dragging and dropping files. An OS Command Injection vulnerability was discovered in the DumbDrop application, /upload/init endpoint. This vulnerability could allow an attacker to execute arbitrary code remotely wh...

CVE-2025-24971 OS Command Injection endpoint '/upload/init' parameter 'filename' (RCE) in DumpDrop

DumpDrop is a stupid simple file upload application that provides an interface for dragging and dropping files. An OS Command Injection vulnerability was discovered in the DumbDrop application, /upload/init endpoint. This vulnerability could allow an attacker to execute arbitrary code remotely wh...

PT-2025-5612 · Dumpdrop · Dumpdrop

Name of the Vulnerable Software and Affected Versions: DumpDrop affected versions not specified Description: The issue is related to an OS Command Injection vulnerability in the DumpDrop application, specifically in the "/upload/init" endpoint. This vulnerability could allow an attacker to execut...