4 matches found
CVE-2021-41714
In Tipask 3.5.9, path parameters entered by the user are not validated when downloading attachments, a registered user can download arbitrary files on the Tipask server such as .env, /etc/passwd, laravel.log, causing infomation leakage...
CVE-2021-41714
creationtimestamp| type| source ---|---|--- 2022-05-23 20:41:56+00:00| seen| https://t.me/cibsecurity/43177 2025-05-01 21:03:05+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3lo57i2a7js2e...
CVE-2021-41714
In Tipask 3.5.9, path parameters entered by the user are not validated when downloading attachments, a registered user can download arbitrary files on the Tipask server such as .env, /etc/passwd, laravel.log, causing infomation leakage...
CVE-2021-41714
CVE-2021-41714 affects Tipask versions prior to 3.5.9. The issue arises when users supply path parameters for attachment downloads, where the server fails to validate the path, enabling a registered user to download arbitrary files (e.g., .env, /etc/passwd, laravel.log) and cause information leak...