5 matches found
CVE-2025-51475
Arbitrary File Overwrite AFO in superagi.controllers.resources.upload in TransformerOptimus SuperAGI 0.0.14 allows remote attackers to overwrite arbitrary files via unsanitised filenames submitted to the file upload endpoint, due to improper handling of directory traversal in os.path.join and lac...
CVE-2025-51475
Arbitrary File Overwrite AFO in superagi.controllers.resources.upload in TransformerOptimus SuperAGI 0.0.14 allows remote attackers to overwrite arbitrary files via unsanitised filenames submitted to the file upload endpoint, due to improper handling of directory traversal in os.path.join and lac...
CVE-2025-51475
Arbitrary File Overwrite AFO in superagi.controllers.resources.upload in TransformerOptimus SuperAGI 0.0.14 allows remote attackers to overwrite arbitrary files via unsanitised filenames submitted to the file upload endpoint, due to improper handling of directory traversal in os.path.join and lac...
CVE-2025-51475
Arbitrary File Overwrite AFO in superagi.controllers.resources.upload in TransformerOptimus SuperAGI 0.0.14 allows remote attackers to overwrite arbitrary files via unsanitised filenames submitted to the file upload endpoint, due to improper handling of directory traversal in os.path.join and lac...
CVE-2025-51475
The CVE-2025-51475 entry affects TransformerOptimus SuperAGI v0.0.14, specifically the file upload path handling in superagi.controllers.resources.upload. A directory-traversal flaw in os.path.join() and missing validation in get_root_input_dir() can allow an attacker to overwrite arbitrary files...