Lucene search
K

30 matches found

nvd
nvd
added 2025/12/12 7:15 a.m.19 views

CVE-2025-67728

Fireshare facilitates self-hosted media and link sharing. Versions 1.2.30 and below allow an authenticated user, or unauthenticated user if the Public Uploads setting is enabled, to craft a malicious filename when uploading a video file. The malicious filename is then concatenated directly into a...

9.8CVSS0.006EPSS
Exploits0References2
cvelist
cvelist
added 2025/12/12 7:10 a.m.35 views

CVE-2025-67728 Fireshare Public Uploads feature is vulnerable to OS Command Injection (RCE)

Fireshare facilitates self-hosted media and link sharing. Versions 1.2.30 and below allow an authenticated user, or unauthenticated user if the Public Uploads setting is enabled, to craft a malicious filename when uploading a video file. The malicious filename is then concatenated directly into a...

9.8CVSS0.006EPSS
Exploits0References2
osv
osv
added 2025/12/12 7:10 a.m.4 views

CVE-2025-67728 Fireshare Public Uploads feature is vulnerable to OS Command Injection (RCE)

Fireshare facilitates self-hosted media and link sharing. Versions 1.2.30 and below allow an authenticated user, or unauthenticated user if the Public Uploads setting is enabled, to craft a malicious filename when uploading a video file. The malicious filename is then concatenated directly into a...

9.8CVSS7.5AI score0.006EPSS
Exploits0References4
euvd
euvd
added 2025/12/12 7:10 a.m.5 views

EUVD-2025-203055

Fireshare facilitates self-hosted media and link sharing. Versions 1.2.30 and below allow an authenticated user, or unauthenticated user if the Public Uploads setting is enabled, to craft a malicious filename when uploading a video file. The malicious filename is then concatenated directly into a...

9.8CVSS7AI score0.006EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2025/12/12 7:10 a.m.2 views

CVE-2025-67728 Fireshare Public Uploads feature is vulnerable to OS Command Injection (RCE)

Fireshare facilitates self-hosted media and link sharing. Versions 1.2.30 and below allow an authenticated user, or unauthenticated user if the Public Uploads setting is enabled, to craft a malicious filename when uploading a video file. The malicious filename is then concatenated directly into a...

9.8CVSS7.1AI score0.006EPSS
Exploits0References2
cve
cve
added 2025/12/12 7:10 a.m.25 views

CVE-2025-67728

Fireshare is affected by an OS command injection in versions 1.2.30 and earlier. The vulnerability arises when a malicious filename, supplied during video uploads (authenticated user or public uploads enabled), is concatenated directly into a shell command, enabling path traversal to arbitrary di...

9.8CVSS7.1AI score0.006EPSS
Exploits0References2Affected Software1
ptsecurity
ptsecurity
added 2025/12/12 12:0 a.m.5 views

PT-2025-50895

Name of the Vulnerable Software and Affected Versions Fireshare versions 1.2.30 and below Description Fireshare is a self-hosted media and link sharing platform. Versions 1.2.30 and below allow an authenticated user, or an unauthenticated user if Public Uploads are enabled, to construct a malicio...

9.8CVSS7.1AI score0.006EPSS
Exploits0References6
cnnvd
cnnvd
added 2025/12/12 12:0 a.m.5 views

Fireshare 命令注入漏洞

Fireshare is a media hosting software by the individual developer Shane Israel. A command injection vulnerability exists in Fireshare versions 1.2.30 and earlier, which stems from uploading a video file with the filename spliced directly into a shell command, which could lead to remote code...

9.8CVSS8.2AI score0.006EPSS
Exploits0References2
cnnvd
cnnvd
added 2025/09/02 12:0 a.m.3 views

Fireshare 安全漏洞

Fireshare is a media hosting software by the individual developer Shane Israel. A security vulnerability exists in Fireshare version 1.2.25, which stems from improper handling of the sort parameter and could lead to a time-based blind SQL injection attack...

6.5CVSS7.5AI score0.00239EPSS
Exploits1References5
cvelist
cvelist
added 2025/09/02 12:0 a.m.9 views

CVE-2025-55476

FireShare FileShare 1.2.25 contains a time-based blind SQL injection vulnerability in the sort parameter of the endpoint: GET /api/videos/public?sort= This parameter is unsafely evaluated in a SQL ORDER BY clause without proper sanitization, allowing an attacker to inject arbitrary SQL subqueries...

0.00239EPSS
Exploits1References3
Rows per page
Query Builder