LORIS Neuroimaging Platform 输入验证错误漏洞

LORIS Neuroimaging Platform is a neuroimaging platform open source developed by ACElab. Versions of LORIS Neuroimaging Platform prior to 27.0.3 and 28.0.1 contained a vulnerability related to input validation errors. This vulnerability stemmed from the login redirection parameters not verifying...

CVE-2026-35169

LORIS Longitudinal Online Research and Imaging System is a self-hosted web application that provides data- and project-management for neuroimaging research. From to before 27.0.3 and 28.0.1, the helpeditor module of LORIS did not properly sanitize some user supplied variables which could result i...

EUVD-2026-20557

LORIS Longitudinal Online Research and Imaging System is a self-hosted web application that provides data- and project-management for neuroimaging research. From 20.0.0 to before 27.0.3 and 28.0.1, a bug in the static file router can allow an attacker to traverse outside of the intended directory...

LORIS Neuroimaging Platform 跨站脚本漏洞

LORIS Neuroimaging Platform is a neuroimaging platform open sourced by ACElab. Versions of LORIS Neuroimaging Platform from 15.10 to 27.0.3, as well as versions before 28.0.1, have a cross-site scripting vulnerability. This vulnerability stems from the surferaccounts module not setting the...

LORIS Neuroimaging Platform 安全漏洞

LORIS Neuroimaging Platform is a neuroimaging platform open sourced by ACElab. Versions of LORIS Neuroimaging Platform prior to 27.0.3 and 28.0.1 contained security vulnerabilities. These vulnerabilities were caused by path traversal in static file routers, which could lead to the download of...

LORIS Neuroimaging Platform 安全漏洞

LORIS Neuroimaging Platform is a neuroimaging platform open source developed by ACElab. Versions of LORIS Neuroimaging Platform from 21.0.0 to 27.0.3, as well as versions before 28.0.1, have security vulnerabilities. These vulnerabilities stem from the backend endpoints not properly verifying...

LORIS Neuroimaging Platform 安全漏洞

LORIS Neuroimaging Platform is a neuroimaging platform open sourced by ACElab. Versions of LORIS Neuroimaging Platform prior to 27.0.3 and 28.0.1 contained security vulnerabilities. These vulnerabilities stemmed from the helpeditor module not properly cleaning user inputs, which could lead to...

LORIS Neuroimaging Platform 后置链接漏洞

LORIS Neuroimaging Platform is a neuroimaging platform open sourced by ACElab. Versions of LORIS Neuroimaging Platform from 20.0.0 to 27.0.3, as well as versions before 28.0.1, had a postback link vulnerability. This vulnerability stemmed from an error in the endpoint of the publication module,...

LORIS Neuroimaging Platform SQL注入漏洞

LORIS Neuroimaging Platform is a neuroimaging platform open sourced by ACElab. Versions of LORIS Neuroimaging Platform prior to 27.0.3 and 28.0.1 contained a SQL injection vulnerability. This vulnerability stems from SQL injections in the MRI feedback pop-up window of the imaging browser, which...

LORIS Neuroimaging Platform 安全漏洞

LORIS Neuroimaging Platform is a neuroimaging platform open sourced by ACElab. Versions of LORIS Neuroimaging Platform prior to 27.0.3 and 28.0.1 contained security vulnerabilities. These vulnerabilities stemmed from lack of access checks in the media module backend, which could allow unauthorize...

LORIS Neuroimaging Platform 路径遍历漏洞

LORIS Neuroimaging Platform is a neuroimaging platform open source developed by ACElab. Versions 24.0.0 to 26.0.5, 27.0.2, and 28.0.0 of the LORIS Neuroimaging Platform had path traversal vulnerabilities. These vulnerabilities stem from path traversal attacks, which could lead to the reading of...

LORIS Neuroimaging Platform 代码问题漏洞

LORIS Neuroimaging Platform is a neuroimaging platform open sourced by ACElab. Versions of LORIS Neuroimaging Platform prior to 26.0.5, 27.0.2, and 28.0.0 contained code vulnerabilities. These vulnerabilities were caused by path traversal exploits, which could lead to arbitrary file uploads and...