2 matches found
CVE-2023-46863
Peppermint Ticket Management before 0.2.4 allows remote attackers to read arbitrary files via a /api/v1/users/file/download?filepath=./../ POST request...
CVE-2023-46863
Peppermint Ticket Management before 0.2.4 is affected by a directory-traversal flaw that allows remote attackers to read arbitrary files through a POST to /api/v1/users/file/download?filepath=./../. The issue concerns the file download API handling of the filepath parameter and is confirmed acros...