11 matches found
GHSA-5JPG-2RJ5-964C lsFusion Platform has a Path Traversal vulnerability
A vulnerability was found in lsfusion platform up to 6.1. Affected is the function DownloadFileRequestHandler of the file web-client/src/main/java/lsfusion/http/controller/file/DownloadFileRequestHandler.java. Performing manipulation of the argument Version results in path traversal. Remote...
CVE-2025-13261 lsfusion platform DownloadFileRequestHandler.java DownloadFileRequestHandler path traversal
A vulnerability was found in lsfusion platform up to 6.1. Affected is the function DownloadFileRequestHandler of the file web-client/src/main/java/lsfusion/http/controller/file/DownloadFileRequestHandler.java. Performing manipulation of the argument Version results in path traversal. Remote...
EUVD-2025-197758
A vulnerability was found in lsfusion platform up to 6.1. Affected is the function DownloadFileRequestHandler of the file web-client/src/main/java/lsfusion/http/controller/file/DownloadFileRequestHandler.java. Performing manipulation of the argument Version results in path traversal. Remote...
CVE-2025-13261
CVE-2025-13261 affects lsfusion platform up to 6.1. The vulnerability is in DownloadFileRequestHandler.java (web-client/src/main/java/lsfusion/http/controller/file/DownloadFileRequestHandler.java). Manipulation of the Version argument leads to path traversal with remote exploitation possible; exp...
PT-2025-47109
Name of the Vulnerable Software and Affected Versions lsfusion platform versions prior to 6.1 Description A flaw exists in the lsfusion platform that allows for path traversal. This issue affects the DownloadFileRequestHandler function located in the file...
CVE-2025-11842
A security vulnerability has been detected in Shazwazza Smidge up to 4.5.1. The impacted element is an unknown function of the component Bundle Handler. The manipulation of the argument Version leads to path traversal. Remote exploitation of the attack is possible. Upgrading to version 4.6.0 is...
Smidge is vulnerable to Path Traversal
A security vulnerability has been detected in Shazwazza Smidge up to 4.5.1. The impacted element is an unknown function of the component Bundle Handler. The manipulation of the argument Version leads to path traversal. Remote exploitation of the attack is possible. Upgrading to version 4.6.0 is...
CVE-2025-11842
A security vulnerability has been detected in Shazwazza Smidge up to 4.5.1. The impacted element is an unknown function of the component Bundle Handler. The manipulation of the argument Version leads to path traversal. Remote exploitation of the attack is possible. Upgrading to version 4.6.0 is...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via the Bundle Handler component when processing the Version argument. An attacker can access or modify files outside the intended directory by supplying crafted input remotely. Details A Directory Traversal attack...
CVE-2025-11842 Shazwazza Smidge Bundle path traversal
A security vulnerability has been detected in Shazwazza Smidge up to 4.5.1. The impacted element is an unknown function of the component Bundle Handler. The manipulation of the argument Version leads to path traversal. Remote exploitation of the attack is possible. Upgrading to version 4.6.0 is...
CVE-2025-11842
The CVE-2025-11842 entry concerns Smidge (up to 4.5.1) with a path traversal vulnerability in the Bundle Handler that abuses the Version argument. This enables remote access to files outside the intended directory. A fix is available: upgrade Smidge Core to version 4.6.0 or higher. Connected sour...