16 matches found
CVE-2026-41202 ci4ms Backup::restore is vulnerable to Zip Slip leading to RCE
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.5.0, ci4ms Backup::restore extracts user uploaded ZIP archives without validating entry names, allowing an authenticated backend user...
EUVD-2026-28255
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.5.0, ci4ms Backup::restore extracts user uploaded ZIP archives without validating entry names, allowing an authenticated backend user...
Out-of-bounds Read
Overview Affected versions of this package are vulnerable to Out-of-bounds Read through improper bounds checking in the CreateInstanceFromBackup and CreateInstanceFromMigration functions. An attacker can cause the daemon to crash by submitting a crafted backup archive with physical snapshot...
CVE-2025-14188
A security vulnerability has been detected in UGREEN DH2100+ up to 5.3.0.251125. This impacts the function handlerfilebackupcreate of the file /v1/file/backup/create of the component nassvr. The manipulation of the argument path leads to command injection. The attack is possible to be carried out...
EUVD-2025-201598
A security vulnerability has been detected in UGREEN DH2100+ up to 5.3.0.251125. This impacts the function handlerfilebackupcreate of the file /v1/file/backup/create of the component nassvr. The manipulation of the argument path leads to command injection. The attack is possible to be carried out...
CVE-2025-14188
A security vulnerability has been detected in UGREEN DH2100+ up to 5.3.0.251125. This impacts the function handlerfilebackupcreate of the file /v1/file/backup/create of the component nassvr. The manipulation of the argument path leads to command injection. The attack is possible to be carried out...
CVE-2025-14188
A security vulnerability has been detected in UGREEN DH2100+ up to 5.3.0.251125. This impacts the function handlerfilebackupcreate of the file /v1/file/backup/create of the component nassvr. The manipulation of the argument path leads to command injection. The attack is possible to be carried out...
CVE-2025-14188 UGREEN DH2100+ nas_svr create handler_file_backup_create command injection
A security vulnerability has been detected in UGREEN DH2100+ up to 5.3.0.251125. This impacts the function handlerfilebackupcreate of the file /v1/file/backup/create of the component nassvr. The manipulation of the argument path leads to command injection. The attack is possible to be carried out...
CVE-2025-14188
CVE-2025-14188 affects UGREEN DH2100+ (nas_svr) up to version 5.3.0.251125. The vulnerability is in the function handler_file_backup_create at /v1/file/backup/create, where manipulation of the path argument enables remote command injection. Multiple connected sources confirm the issue and state t...
CVE-2025-14187 UGREEN DH2100+ nas_svr create handler_file_backup_create buffer overflow
A weakness has been identified in UGREEN DH2100+ up to 5.3.0.251125. This affects the function handlerfilebackupcreate of the file /v1/file/backup/create of the component nassvr. Executing a manipulation of the argument path can lead to buffer overflow. The attack can be executed remotely. The...
CVE-2025-14187
A weakness has been identified in UGREEN DH2100+ up to 5.3.0.251125. This affects the function handlerfilebackupcreate of the file /v1/file/backup/create of the component nassvr. Executing a manipulation of the argument path can lead to buffer overflow. The attack can be executed remotely. The...
CVE-2025-14187 UGREEN DH2100+ nas_svr create handler_file_backup_create buffer overflow
A weakness has been identified in UGREEN DH2100+ up to 5.3.0.251125. This affects the function handlerfilebackupcreate of the file /v1/file/backup/create of the component nassvr. Executing a manipulation of the argument path can lead to buffer overflow. The attack can be executed remotely. The...
CVE-2025-14187
Summary of CVE-2025-14187 (UGREEN DH2100+) Affects the nas_svr component of UGREEN DH2100+ up to 5.3.0.251125. The vulnerability resides in the function handler_file_backup_create for the API endpoint /v1/file/backup/create where manipulation of the path argument can cause a remote buffer overflo...
UGREEN DH2100+ 安全漏洞
UGREEN DH2100+ is a private cloud storage device from China Greenlink UGREEN. A security vulnerability exists in UGREEN DH2100+ 5.3.0.251125 and earlier versions, which originates from a misbehavior of the parameter path in the function handlerfilebackupcreate in the file /v1/file/backup/create i...
PT-2025-49400
Name of the Vulnerable Software and Affected Versions UGREEN DH2100+ versions through 5.3.0.251125 Description A flaw exists in UGREEN DH2100+ that could allow for remote buffer overflow. The issue is related to the handler file backup create function within the nas svr component, specifically wh...
UGREEN DH2100+ 命令注入漏洞
UGREEN DH2100+ is a private cloud storage device from China Greenlink UGREEN. A command injection vulnerability exists in UGREEN DH2100+ 5.3.0.251125 and earlier versions, which stems from the incorrect manipulation of the parameter path by the function handlerfilebackupcreate in the file...