CVE-2026-8756

A vulnerability has been found in fishaudio Bert-VITS2 up to 8f7fbd8c4770965225d258db548da27dc8dd934c. The impacted element is the function generateconfig of the file webuipreprocess.py of the component Gradio Interface. Such manipulation of the argument datadir leads to path traversal. The attac...

CVE-2026-8756

CVE-2026-8756 affects fishaudio Bert-VITS2 (up to commit 8f7fbd8c4770965225d258db548da27dc8dd934c) with a path traversal vulnerability in the Gradio Interface’s webui_preprocess.py, specifically in generate_config. The issue arises from manipulating the data_dir argument, enabling remote exploita...

EUVD-2000-0586

Malware in sbrugna...

CVE-2024-39688 fishaudio/Bert-VITS2 Limited File Write in webui_preprocess.py generate_config function

Bert-VITS2 is the VITS2 Backbone with multilingual bert. User input supplied to the datadir variable is concatenated with other folders and used to open a new file in the generateconfig function, which leads to a limited file write. The issue allows for writing /config/config.json file in arbitra...

CVE-2023-41044

Graylog exposes a partial path traversal vulnerability in its Support Bundle feature (requires valid Admin credentials). The issue stems from improper input validation in an HTTP API resource, allowing reading or deleting files under sibling directories of the support-bundle directory (data_dir d...

CVE-2006-1839

PHP remote file inclusion vulnerability in language.php in PHP Album 0.3.2.3, when registerglobals is enabled, allows remote attackers to execute arbitrary code via an FTP URL in the datadir parameter, which satisfies the fileexists function call...

CVE-2006-1839

PHP remote file inclusion vulnerability in language.php in PHP Album 0.3.2.3, when registerglobals is enabled, allows remote attackers to execute arbitrary code via an FTP URL in the datadir parameter, which satisfies the fileexists function call...

CVE-2006-1839

CVE-2006-1839 affects PHP Album 0.3.2.3 via a remote file inclusion in language.php. When register_globals is enabled, an attacker can supply an FTP URL to the data_dir parameter, which satisfies file_exists and can lead to arbitrary PHP code execution on the affected server. The NVD entry and mu...

phpAlbum language.php data_dir Parameter Remote File Inclusion

The remote host is running phpAlbum, an open source web photo gallery written in PHP. The version of phpAlbum installed on the remote host fails to sanitize user-supplied input to the 'datadir' parameter of the 'language.php' script before using it in a PHP 'include' function. Provided PHP's...

CVE-2000-0590

CVE-2000-0590 affects the Poll It 2.0 CGI script. The vulnerability allows a remote attacker to read arbitrary files by supplying a file name in the data_dir parameter, with an example showing access to /etc/passwd. OpenVAS/Nessus entries corroborate arbitrary file access via the CGI. Remediation...

CVE-2000-0590

Poll It 2.0 CGI script allows remote attackers to read arbitrary files by specifying the file name in the datadir parameter...