3 matches found
EUVD-2026-43000
Snipe-IT is an IT asset/license management system. Prior to 8.6.2, an authenticated user with import and assets.update permissions can place a path traversal string in an asset image field through CSV import and then trigger image deletion, allowing deletion of arbitrary files accessible to the...
CVE-2021-42183
MasaCMS 7.2.1 is affected by a path traversal vulnerability in /index.cfm/api/asset/image/...
Masa CMS 路径遍历漏洞
Masa CMS is a digital experience platform from MasaCMS. A security vulnerability exists in Masa CMS version 7.2.1, which stems from a path traversal vulnerability due to a lack of escaping for path parameters in /index.cfm/api/asset/image/...