20 matches found
Linux Distros Unpatched Vulnerability : CVE-2024-28335
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Lektor before 3.3.11 does not sanitize DB path traversal. Thus, shell commands might be executed via a file that is added to the templates directory, if the...
CVE-2024-28335
Lektor before 3.3.11 does not sanitize DB path traversal. Thus, shell commands might be executed via a file that is added to the templates directory, if the victim's web browser accesses an untrusted website that uses JavaScript to send requests to localhost port 5000, and the web browser is...
Path Traversal
Lektor is vulnerable to Path Traversal. The vulnerability is due to improper sanitization of user-supplied input, allowing an attacker to execute arbitrary shell commands via manipulated files within the templates directory...
Lektor does not sanitize database path traversal
Lektor before 3.3.11 does not sanitize DB path traversal. Thus, shell commands might be executed via a file that is added to the templates directory, if the victim's web browser accesses an untrusted website that uses JavaScript to send requests to localhost port 5000, and the web browser is...
lektor-tekir (>=0.1.0 <=0.5.0) potentially affected by CVE-2024-28335 via lektor (=3.1.3)
lektor PYPI version =3.1.3 is affected by a known vulnerability. The following packages have a transitive dependency on lektor and may be impacted: - lektor-tekir =0.1.0, =0.5.0 Source cves: CVE-2024-28335 Source advisory: OSV:GHSA-WV28-7FPW-FJ49...
GHSA-WV28-7FPW-FJ49 Lektor does not sanitize database path traversal
Lektor before 3.3.11 does not sanitize DB path traversal. Thus, shell commands might be executed via a file that is added to the templates directory, if the victim's web browser accesses an untrusted website that uses JavaScript to send requests to localhost port 5000, and the web browser is...
CVE-2024-28335
Lektor before 3.3.11 does not sanitize DB path traversal. Thus, shell commands might be executed via a file that is added to the templates directory, if the victim's web browser accesses an untrusted website that uses JavaScript to send requests to localhost port 5000, and the web browser is...
CVE-2024-28335
Lektor before 3.3.11 does not sanitize DB path traversal. Thus, shell commands might be executed via a file that is added to the templates directory, if the victim's web browser accesses an untrusted website that uses JavaScript to send requests to localhost port 5000, and the web browser is...
PYSEC-2024-49
Lektor before 3.3.11 does not sanitize DB path traversal. Thus, shell commands might be executed via a file that is added to the templates directory, if the victim's web browser accesses an untrusted website that uses JavaScript to send requests to localhost port 5000, and the web browser is...
UBUNTU-CVE-2024-28335
Lektor before 3.3.11 does not sanitize DB path traversal. Thus, shell commands might be executed via a file that is added to the templates directory, if the victim's web browser accesses an untrusted website that uses JavaScript to send requests to localhost port 5000, and the web browser is...
lektor-tekir (>=0.1.0 <=0.5.0) potentially affected by CVE-2024-28335 via lektor (=3.1.3)
lektor PYPI version =3.1.3 is affected by a known vulnerability. The following packages have a transitive dependency on lektor and may be impacted: - lektor-tekir =0.1.0, =0.5.0 Source cves: CVE-2024-28335 Source advisory: OSV:PYSEC-2024-49...
PYSEC-2024-49
Lektor before 3.3.11 does not sanitize DB path traversal. Thus, shell commands might be executed via a file that is added to the templates directory, if the victim's web browser accesses an untrusted website that uses JavaScript to send requests to localhost port 5000, and the web browser is...
CVE-2024-28335
Lektor before 3.3.11 does not sanitize DB path traversal. Thus, shell commands might be executed via a file that is added to the templates directory, if the victim's web browser accesses an untrusted website that uses JavaScript to send requests to localhost port 5000, and the web browser is...
CVE-2024-28335
CVE-2024-28335 affects Lektor prior to 3.3.11. The issue is an unsanitized DB path traversal that can permit shell commands via a file added to the templates directory when a user’s browser visits an untrusted site that sends requests to localhost:5000, with the browser and the Lektor server runn...
CVE-2024-28335
Lektor before 3.3.11 does not sanitize DB path traversal. Thus, shell commands might be executed via a file that is added to the templates directory, if the victim's web browser accesses an untrusted website that uses JavaScript to send requests to localhost port 5000, and the web browser is...
CVE-2024-28335
Lektor before 3.3.11 does not sanitize DB path traversal. Thus, shell commands might be executed via a file that is added to the templates directory, if the victim's web browser accesses an untrusted website that uses JavaScript to send requests to localhost port 5000, and the web browser is...
PT-2024-22395 · Lektor · Lektor
Name of the Vulnerable Software and Affected Versions: Lektor versions prior to 3.3.11 Description: The issue concerns the lack of sanitization of database path traversal in Lektor. This allows shell commands to be executed via a file added to the templates directory under specific conditions. Th...
Lektor Code Issue Vulnerability
Lektor is a Lektor open source static file content management system. A code issue vulnerability exists in Lektor version 3.3.10, which stems from an arbitrary file upload issue...
Lektor Static CMS 3.3.10 Arbitrary File Upload / Remote Code Execution Vulnerabilities
Lektor Static CMS version 3.3.10 suffers from an arbitrary file upload vulnerability that can be leveraged to achieve remote code execution. Exploit Title: Lektor static content management system Version: 3.3.10 Arbitrary File upload Exploit Author: kai6u Vendor Homepage: https://www.getlektor.co...
Lektor Static CMS 3.3.10 Arbitrary File Upload / Remote Code Execution
Exploit Title: Lektor static content management system Version: 3.3.10 Arbitrary File upload Date: 20/03/2024 Exploit Author: kai6u Vendor Homepage: https://www.getlektor.com/ Software Link: https://github.com/lektor/lektor/releases/tag/v3.3.10 Version: 3.3.10 Tested on: Ubuntu 22.04 Summary:...