30 matches found
CVE-2025-67728
Fireshare facilitates self-hosted media and link sharing. Versions 1.2.30 and below allow an authenticated user, or unauthenticated user if the Public Uploads setting is enabled, to craft a malicious filename when uploading a video file. The malicious filename is then concatenated directly into a...
CVE-2025-67728 Fireshare Public Uploads feature is vulnerable to OS Command Injection (RCE)
Fireshare facilitates self-hosted media and link sharing. Versions 1.2.30 and below allow an authenticated user, or unauthenticated user if the Public Uploads setting is enabled, to craft a malicious filename when uploading a video file. The malicious filename is then concatenated directly into a...
CVE-2025-67728 Fireshare Public Uploads feature is vulnerable to OS Command Injection (RCE)
Fireshare facilitates self-hosted media and link sharing. Versions 1.2.30 and below allow an authenticated user, or unauthenticated user if the Public Uploads setting is enabled, to craft a malicious filename when uploading a video file. The malicious filename is then concatenated directly into a...
EUVD-2025-203055
Fireshare facilitates self-hosted media and link sharing. Versions 1.2.30 and below allow an authenticated user, or unauthenticated user if the Public Uploads setting is enabled, to craft a malicious filename when uploading a video file. The malicious filename is then concatenated directly into a...
CVE-2025-67728 Fireshare Public Uploads feature is vulnerable to OS Command Injection (RCE)
Fireshare facilitates self-hosted media and link sharing. Versions 1.2.30 and below allow an authenticated user, or unauthenticated user if the Public Uploads setting is enabled, to craft a malicious filename when uploading a video file. The malicious filename is then concatenated directly into a...
CVE-2025-67728
Fireshare is affected by an OS command injection in versions 1.2.30 and earlier. The vulnerability arises when a malicious filename, supplied during video uploads (authenticated user or public uploads enabled), is concatenated directly into a shell command, enabling path traversal to arbitrary di...
PT-2025-50895
Name of the Vulnerable Software and Affected Versions Fireshare versions 1.2.30 and below Description Fireshare is a self-hosted media and link sharing platform. Versions 1.2.30 and below allow an authenticated user, or an unauthenticated user if Public Uploads are enabled, to construct a malicio...
Fireshare 命令注入漏洞
Fireshare is a media hosting software by the individual developer Shane Israel. A command injection vulnerability exists in Fireshare versions 1.2.30 and earlier, which stems from uploading a video file with the filename spliced directly into a shell command, which could lead to remote code...
Fireshare 安全漏洞
Fireshare is a media hosting software by the individual developer Shane Israel. A security vulnerability exists in Fireshare version 1.2.25, which stems from improper handling of the sort parameter and could lead to a time-based blind SQL injection attack...
CVE-2025-55476
FireShare FileShare 1.2.25 contains a time-based blind SQL injection vulnerability in the sort parameter of the endpoint: GET /api/videos/public?sort= This parameter is unsafely evaluated in a SQL ORDER BY clause without proper sanitization, allowing an attacker to inject arbitrary SQL subqueries...