6 matches found
CVE-2026-30943
Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. Prior to 2.2.4, An insufficient authorization check in the file replace API allows a user with only list visibility permission UserPermListOtherUploads to delete another user's file by abusing the...
CVE-2026-30943 Gokapi has Privilege Escalation in File Replace
Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. Prior to 2.2.4, An insufficient authorization check in the file replace API allows a user with only list visibility permission UserPermListOtherUploads to delete another user's file by abusing the...
CVE-2026-30943 Gokapi has Privilege Escalation in File Replace
Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. Prior to 2.2.4, An insufficient authorization check in the file replace API allows a user with only list visibility permission UserPermListOtherUploads to delete another user's file by abusing the...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization in the file replace API. An attacker can delete files belonging to other users by abusing insufficient authorization checks on the deleteNewFile flag. Note: This is only exploitable if the attacker has permission...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization in the file replace API. An attacker can delete files belonging to other users by abusing insufficient authorization checks on the deleteNewFile flag. Note: This is only exploitable if the attacker has permission...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization in the file replace API. An attacker can delete files belonging to other users by abusing insufficient authorization checks on the deleteNewFile flag. Note: This is only exploitable if the attacker has permission...