3 matches found
CVE-2026-41228 Froxlor has Local File Inclusion via path traversal in API `def_language` parameter that leads to Remote Code Execution
Froxlor is open source server administration software. Prior to version 2.3.6, the Froxlor API endpoint Customers.update and Admins.update does not validate the deflanguage parameter against the list of available language files. An authenticated customer can set deflanguage to a path traversal...
PT-2024-25518 · Linqi · Linqi
Name of the Vulnerable Software and Affected Versions: linqi versions prior to 1.4.0.1 Description: An issue was discovered in linqi, allowing local file inclusion via the /api/Cdn/GetFile API endpoint. Recommendations: For versions prior to 1.4.0.1, update to version 1.4.0.1 or later to resolve...
PT-2024-22681 · Memos · Memos
Name of the Vulnerable Software and Affected Versions: memos versions 0.13.2 through 0.16.0 Description: The issue is related to a Server-Side Request Forgery SSRF vulnerability. It exists at the "/o/get/httpmeta" API endpoint, allowing unauthenticated users to enumerate the internal network and...