4 matches found
CVE-2026-30234
OpenProject is an open-source, web-based project management software. Prior to 17.2.0, an authenticated project member with BCF import permissions can upload a crafted .bcf archive where the value in markup.bcf is manipulated to contain an absolute or traversal local path for example: /etc/passwd...
CVE-2026-30234 OpenProject BIM BCF XML Import: <Snapshot> Path Traversal Leads to Arbitrary Local File Read (AFR)
OpenProject is an open-source, web-based project management software. Prior to 17.2.0, an authenticated project member with BCF import permissions can upload a crafted .bcf archive where the value in markup.bcf is manipulated to contain an absolute or traversal local path for example: /etc/passwd...
CVE-2026-30234 OpenProject BIM BCF XML Import: <Snapshot> Path Traversal Leads to Arbitrary Local File Read (AFR)
OpenProject is an open-source, web-based project management software. Prior to 17.2.0, an authenticated project member with BCF import permissions can upload a crafted .bcf archive where the value in markup.bcf is manipulated to contain an absolute or traversal local path for example: /etc/passwd...
PT-2026-24719
OpenProject is an open-source, web-based project management software. Prior to 17.2.0, an authenticated project member with BCF import permissions can upload a crafted .bcf archive where the value in markup.bcf is manipulated to contain an absolute or traversal local path for example: /etc/passwd...