22 matches found
Improper Input Validation in Firefly III
Firefly III 4.7.17.3 is vulnerable to local file enumeration. An attacker can enumerate local files due to the lack of protocol scheme sanitization, such as for file:/// URLs. This is related to fintsurl to import/job/configuration, and import/create/fints...
CVE-2019-14671
Firefly III 4.7.17.3 is vulnerable to local file enumeration. An attacker can enumerate local files due to the lack of protocol scheme sanitization, such as for file:/// URLs. This is related to fintsurl to import/job/configuration, and import/create/fints...