Exploit for Code Injection in Craftcms Craft_Cms

CVE-2025-32432 - Craft CMS Unauthenticated RCE PoC Working...

Craft CMS's Missing Volume Permission Check in AssetsController::actionShowInFolder Allows Information Disclosure

Summary AssetsController::actionShowInFolder fetches an asset by ID and returns its filename and complete folder hierarchy including volume handle, volume UID, folder names, folder UIDs, and folder URI paths without checking whether the requesting user has viewAssets or viewPeerAssets permission ...

PT-2026-38287

Name of the Vulnerable Software and Affected Versions Craft CMS versions 5.0.0-RC1 through 5.9.17 Description The actionShowInFolder function within the AssetsController fetches an asset by ID and returns its filename and complete folder hierarchy, including volume handle, volume UID, folder name...

CVE-2026-32262 Craft CMS has a Path Traversal Vulnerability in AssetsController

Craft CMS is a content management system CMS. From version 4.0.0-RC1 to before version 4.17.5 and from version 5.0.0-RC1 to before version 5.9.11, the AssetsController-replaceFile method has a targetFilename body parameter that is used unsanitized in a deleteFile call before...

CVE-2026-32262

Craft CMS is affected by a path traversal vulnerability (CVE-2026-32262) where AssetsController->replaceFile() uses an unsanitized targetFilename in deleteFile() before Assets::prepareAssetName() on save. An authenticated user with replaceFiles permission can delete arbitrary files on the same...

CVE-2026-32262 Craft CMS has a Path Traversal Vulnerability in AssetsController

Craft CMS is a content management system CMS. From version 4.0.0-RC1 to before version 4.17.5 and from version 5.0.0-RC1 to before version 5.9.11, the AssetsController-replaceFile method has a targetFilename body parameter that is used unsanitized in a deleteFile call before...

Craft CMS has a Path Traversal Vulnerability in AssetsController

The AssetsController-replaceFile method has a targetFilename body parameter that is used unsanitized in a deleteFile call before Assets::prepareAssetName is applied on save. This allows an authenticated user with replaceFiles permission to delete arbitrary files within the same filesystem root by...

CVE-2023-29770

In Sentrifugo 3.5, the AssetsController::uploadsaveAction function allows an authenticated attacker to upload any file without extension filtering...

PT-2023-22411 · Unknown · Sentrifugo

Name of the Vulnerable Software and Affected Versions: Sentrifugo version 3.5 Description: The issue allows an authenticated attacker to upload any file without extension filtering through the AssetsController::uploadsaveAction function. Recommendations: For Sentrifugo version 3.5, consider...

Play Framework's Assets controller vulnerable to directory traversal

A directory traversal vulnerability has been found in the Assets controller in Play Framework 2.6.12 through 2.6.15 fixed in 2.6.16 when running on Windows. It allows a remote attacker to download arbitrary files from the target server via specially crafted HTTP requests...

GHSA-V4MQ-P756-P4F5 Play Framework's Assets controller vulnerable to directory traversal

A directory traversal vulnerability has been found in the Assets controller in Play Framework 2.6.12 through 2.6.15 fixed in 2.6.16 when running on Windows. It allows a remote attacker to download arbitrary files from the target server via specially crafted HTTP requests...

snipe-it 跨站脚本漏洞

Snipe-IT is an open source IT asset/license management system. Snipe-IT has a cross-site scripting vulnerability that stems from the lack of filtering and escaping of user-submitted data in AssetsController, for which no detailed vulnerability details are currently available...

Directory traversal

A directory traversal vulnerability has been found in the Assets controller in Play Framework 2.6.12 through 2.6.15 fixed in 2.6.16 when running on Windows. It allows a remote attacker to download arbitrary files from the target server via specially crafted HTTP requests...

Directory Traversal

Play Assets Controller is affected by a path traversal vulnerability. The application incorrectly handles file paths, making it possible to access files on the classpath that are stored outside of the public folder. This vulnerability only affects the application running on Windows...