Lucene search
K

4 matches found

OSV
OSV
added 2026/05/07 3:19 a.m.3 views

CVE-2026-41203 ci4ms Theme::upload is vulnerable to Zip Slip leading to RCE

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.5.0, ci4ms Theme::upload extracts user uploaded ZIP archives without validating entry names, allowing an authenticated backend user...

9.4CVSS6.6AI score0.00484EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.11 views

PT-2026-34598

Name of the Vulnerable Software and Affected Versions CI4MS Theme affected versions not specified Description The upload function in CI4MS Theme fails to validate entry names when extracting user-uploaded ZIP archives. This allows an authenticated backend user with theme create permissions to...

9.4CVSS6.2AI score0.00484EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/01/30 3:24 a.m.6 views

CVE-2026-24897

Erugo is a self-hosted file-sharing platform. In versions up to and including 0.2.14, an authenticated low-privileged user can upload arbitrary files to any specified location due to insufficient validation of user‑supplied paths when creating shares. By specifying a writable path within the publ...

10CVSS6.7AI score0.03008EPSS
Exploits3References1
Vulnrichment
Vulnrichment
added 2026/01/28 10:24 p.m.4 views

CVE-2026-24897 Authenticated Remote Code Execution via Arbitrary File Upload

Erugo is a self-hosted file-sharing platform. In versions up to and including 0.2.14, an authenticated low-privileged user can upload arbitrary files to any specified location due to insufficient validation of user‑supplied paths when creating shares. By specifying a writable path within the publ...

10CVSS6.7AI score0.03008EPSS
Exploits3References3
Rows per page
Query Builder