8 matches found
CVE-2021-47746
NodeBB Plugin Emoji 3.2.1 contains an arbitrary file write vulnerability that allows administrative users to write files to arbitrary system locations through the emoji upload API. Attackers with admin access can craft file upload requests with directory traversal to overwrite system files by...
CVE-2021-47746 NodeBB Plugin Emoji 3.2.1 - Arbitrary File Write
NodeBB Plugin Emoji 3.2.1 contains an arbitrary file write vulnerability that allows administrative users to write files to arbitrary system locations through the emoji upload API. Attackers with admin access can craft file upload requests with directory traversal to overwrite system files by...
EUVD-2026-3657
NodeBB Plugin Emoji 3.2.1 contains an arbitrary file write vulnerability that allows administrative users to write files to arbitrary system locations through the emoji upload API. Attackers with admin access can craft file upload requests with directory traversal to overwrite system files by...
CVE-2021-47746
NodeBB Plugin Emoji 3.2.1 contains an arbitrary file write vulnerability that allows administrative users to write files to arbitrary system locations through the emoji upload API. Attackers with admin access can craft file upload requests with directory traversal to overwrite system files by...
CVE-2021-47746
CVE-2021-47746 concerns an arbitrary file write in the NodeBB Plugin Emoji 3.2.1. The vulnerability exists in the emoji upload API where an attacker with administrative access can craft file upload requests using directory traversal to overwrite arbitrary system files. Affected software: NodeBB P...
PT-2026-3793
Name of the Vulnerable Software and Affected Versions NodeBB Plugin Emoji version 3.2.1 Description The NodeBB Plugin Emoji version 3.2.1 has a flaw that allows administrative users to write files to arbitrary system locations. This is possible through the emoji upload API by manipulating the fil...
NodeBB Emoji 3.2.1 Arbitrary FIle Write
Exploit Title: NodeBB Plugin Emoji 3.2.1 - Arbitrary File Write Date: 2021-02-01 Exploit Author: 1F98D Software Link: https://nodebb.org/ Version: Emoji for NodeBB ', r.text, re.IGNORECASE if csrf is None: print'! Could not extract csrf token to proceed.' sys.exit1 auth = 'username': USERNAME,...
@levi-m/ide-kit (=10.1.0-beta.14), dltsign-mobile (=0.1.0) +6 more potentially affected by CVE-2018-19048 via simditor (>=2.1.14 <=2.3.21)
simditor NPM version =2.1.14, =2.0.2, =1.0.1, =2.0.4, =0.1.7, =1.1.24 Source cves: CVE-2018-19048 Source advisory: OSV:GHSA-8V67-X8Q5-3X3G...