3 matches found
Authorization Bypass Through User-Controlled Key
Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the generic download endpoint when the disk and path parameters are supplied in the request. An attacker can access unrelated files stored on configured storage disks by manipulating...
Arbitrary File Upload
Overview Affected versions of this package are vulnerable to Arbitrary File Upload via the ApiFormUploadController function. An attacker can upload arbitrary files by manipulating the validationrule parameter to bypass all file type and extension restrictions. Note: This is only exploitable if th...
GHSA-9778-V769-QVJF code16 Sharp vulnerable to Cross Site Scripting (XSS)
code16 Sharp v9.6.6 is vulnerable to Cross Site Scripting XSS src/Form/Fields/SharpFormUploadField.php...