13 matches found
CVE-2024-40465
An issue in beego v.2.2.0 and before allows a remote attacker to escalate privileges via the getCacheFileName function in file.go file...
Beego privilege escalation vulnerability
An issue in beego v.2.2.0 and before allows a remote attacker to escalate privileges via the getCacheFileName function in the file.go file...
GHSA-WR3P-R5FJ-WF97 Beego privilege escalation vulnerability
An issue in beego v.2.2.0 and before allows a remote attacker to escalate privileges via the getCacheFileName function in the file.go file...
CVE-2024-40465
An issue in beego v.2.2.0 and before allows a remote attacker to escalate privileges via the getCacheFileName function in file.go file...
CVE-2024-40465
An issue in beego v.2.2.0 and before allows a remote attacker to escalate privileges via the getCacheFileName function in file.go file...
CVE-2024-40465
An issue in beego v.2.2.0 and before allows a remote attacker to escalate privileges via the getCacheFileName function in file.go file...
CVE-2024-40465
An issue in beego v.2.2.0 and before allows a remote attacker to escalate privileges via the getCacheFileName function in file.go file...
PT-2024-28858 · Beego · Beego
Name of the Vulnerable Software and Affected Versions: beego versions 2.2.0 and earlier Description: The issue allows a remote attacker to escalate privileges via the getCacheFileName function in the file.go file. Recommendations: For beego versions 2.2.0 and earlier, at the moment, there is no...
Arbitrary File Reads
github.com/1panel-dev/1panel is vulnerable to Arbitrary File Reads. The vulnerability exists in LoadFromFile at file.go due to not restricting the request parameters which allows an attacker to directly read arbitrary files on the system...
Path Traversal
github.com/dablelv/go-huge-util is vulnerable to Path Traversal. The vulnerability exists due to the Create function in file/file.go because the library fails to strip ../ from the uncompressed file name, which allows an attacker to traverse outside the expected directory...
CVE-2022-3939 lanyulei ferry API file.go path traversal
A vulnerability, which was classified as critical, has been found in lanyulei ferry. Affected by this issue is some unknown functionality of the file apis/public/file.go of the component API. The manipulation of the argument file leads to path traversal. The attack may be launched remotely...
PT-2022-24949 · Unknown · Lanyulei Ferry
Name of the Vulnerable Software and Affected Versions: lanyulei ferry affected versions not specified Description: A critical issue has been found in lanyulei ferry, affecting some unknown functionality of the file apis/public/file.go of the component API. The manipulation of the file argument...
CVE-2018-18925
Gogs 0.11.66 allows remote code execution because it does not properly validate session IDs, as demonstrated by a ".." session-file forgery in the file session provider in file.go. This is related to session ID handling in the go-macaron/session code for Macaron...