Lucene search
K

5 matches found

Veracode
Veracode
added 2026/05/11 5:29 p.m.24 views

Directory Traversal

SiYuan is vulnerable to Directory Traversal. The vulnerability is due to improper validation of file paths in the /export endpoint, which allows an attacker to use double-encoded traversal sequences to read arbitrary files and obtain sensitive information...

9.8CVSS7.3AI score0.01028EPSS
Exploits1References4Affected Software2
Github Security Blog
Github Security Blog
added 2026/03/07 2:19 a.m.9 views

SiYuan Vulnerable to Path Traversal in /export Endpoint Allows Arbitrary File Read and Secret Leakage

Summary A path traversal vulnerability in the /export endpoint allows an attacker to read arbitrary files from the server filesystem. By exploiting double‑encoded traversal sequences, an attacker can access sensitive files such as conf/conf.json, which contains secrets including the API token,...

9.8CVSS6.5AI score0.01028EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2026/01/28 6:16 p.m.5 views

CVE-2020-36973

PDW File Browser 1.3 contains a remote code execution vulnerability that allows authenticated users to upload and rename webshell files to arbitrary web server locations. Attackers can upload a .txt webshell, rename it to .php, and move it to accessible directories using double-encoded path...

8.7CVSS0.00425EPSS
Exploits0References3
EUVD
EUVD
added 2026/01/28 5:35 p.m.7 views

EUVD-2020-30880

PDW File Browser 1.3 contains a remote code execution vulnerability that allows authenticated users to upload and rename webshell files to arbitrary web server locations. Attackers can upload a .txt webshell, rename it to .php, and move it to accessible directories using double-encoded path...

8.7CVSS6.5AI score0.00425EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/01/28 5:35 p.m.5 views

CVE-2020-36973

PDW File Browser 1.3 contains a remote code execution vulnerability that allows authenticated users to upload and rename webshell files to arbitrary web server locations. Attackers can upload a .txt webshell, rename it to .php, and move it to accessible directories using double-encoded path...

8.7CVSS6.5AI score0.00425EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder