4 matches found
CVE-2026-25575
NavigaTUM's propose_edits API had a path traversal flaw before commit 86f34c7, enabling unauthenticated users to overwrite files in directories writable by the application user (e.g., /cdn) by sending unsanitized file keys containing traversal sequences (../../) in JSON. This could allow replacin...
CVE-2026-25575
NavigaTUM is a website and API to search for rooms, buildings and other places. Prior to commit 86f34c7, there is a path traversal vulnerability in the proposeedits endpoint allows unauthenticated users to overwrite files in directories writable by the application user e.g., /cdn. By supplying...
CVE-2026-25575 NavigaTUM has a Path Traversal Vulnerability in the propose_edits functionality
NavigaTUM is a website and API to search for rooms, buildings and other places. Prior to commit 86f34c7, there is a path traversal vulnerability in the proposeedits endpoint allows unauthenticated users to overwrite files in directories writable by the application user e.g., /cdn. By supplying...
EUVD-2026-5325
NavigaTUM is a website and API to search for rooms, buildings and other places. Prior to commit 86f34c7, there is a path traversal vulnerability in the proposeedits endpoint allows unauthenticated users to overwrite files in directories writable by the application user e.g., /cdn. By supplying...