2 matches found
EUVD-2026-39447
The K2 article gallery upload path accepts a zip/tar archive, extracts it under /media/k2/galleries//, and only renames image files gif/jpg/jpeg/png/webp to safe names — non-image files including .php are extracted as-is and remain executable via direct HTTP access...
BusyBox 安全漏洞
BusyBox is a set of applications developed by Denis Vlasenko from Ukraine. It contains multiple Linux commands and tools. BusyBox has a security vulnerability, which stems from an incomplete cleanup of the archive extraction tool’s path. This could lead to arbitrary file overwriting when extracti...