2 matches found
CVE-2026-55474 Snipe-IT: Directory traversal in displaySig
Snipe-IT is an IT asset/license management system. Prior to 8.5.0, ActionlogController::displaySig concatenates the route filename parameter into a private upload-directory path without sanitization, allowing an authenticated attacker to traverse outside the intended directory and read arbitrary...
CVE-2026-55474
Snipe-IT (IT asset/license management) is affected by a directory-traversal in ActionlogController::displaySig prior to version 8.5.0. The route filename parameter is concatenated into a private upload-directory path without sanitization, enabling an authenticated attacker to read arbitrary files...