12 matches found
CVE-2026-41887 Flarum: Path traversal in LESS parser via theme color settings (incomplete fix for CVE-2023-27577)
Flarum is open-source forum software. Prior to versions 1.8.16 and 2.0.0-rc.1, Flarum's patch for CVE-2023-27577 restricted the @import and data-uri LESS features in the customless setting, but the same restriction was never applied to other settings registered as LESS config variables for exampl...
CVE-2026-41887
The CVE-2026-41887 entry affects Flarum core prior to versions 1.8.16 and 2.0.0-rc.1, where values assigned to LESS-configurable settings (e.g., theme_primary_color/theme_secondary_color) are interpolated into LESS at compile time. An authenticated administrator can inject an arbitrary @import, e...
Flarum: Path traversal in LESS parser via theme color settings (incomplete fix for CVE-2023-27577)
Summary Flarum's patch for CVE-2023-27577 restricted the @import and data-uri LESS features in the customless setting, but the same restriction was never applied to other settings registered as LESS config variables for example themeprimarycolor and themesecondarycolor, as well as any key...
Path Traversal Vulnerability in `LESS` Parser allows reading of sensitive server files
Impact If an admin account has already been compromised by an attacker, the LESS parser can be exploited to read sensitive files on the server through the use of path traversal techniques. An attacker can achieve this by providing an absolute path to a sensitive file in the custom LESS setting,...
GHSA-VHM8-WWRF-3GCW Path Traversal Vulnerability in `LESS` Parser allows reading of sensitive server files
Impact If an admin account has already been compromised by an attacker, the LESS parser can be exploited to read sensitive files on the server through the use of path traversal techniques. An attacker can achieve this by providing an absolute path to a sensitive file in the custom LESS setting,...
CVE-2023-27577
flarum is a forum software package for building communities. In versions prior to 1.7.0 an admin account which has already been compromised by an attacker may use a vulnerability in the LESS parser which can be exploited to read sensitive files on the server through the use of path traversal...
Path traversal
flarum is a forum software package for building communities. In versions prior to 1.7.0 an admin account which has already been compromised by an attacker may use a vulnerability in the LESS parser which can be exploited to read sensitive files on the server through the use of path traversal...
CVE-2023-27577
Summary : CVE-2023-27577 affects flarum prior to 1.7.0. A compromised admin account can exploit a flaw in the LESS parser to perform path traversal and read sensitive server files (e.g., /etc/passwd) by supplying an absolute path in the custom LESS setting. The vulnerability’s impact depends on t...
CVE-2023-27577 Path Traversal Vulnerability in `LESS` Parser allows reading of sensitive server files in flarum
flarum is a forum software package for building communities. In versions prior to 1.7.0 an admin account which has already been compromised by an attacker may use a vulnerability in the LESS parser which can be exploited to read sensitive files on the server through the use of path traversal...
CVE-2023-27577 Path Traversal Vulnerability in `LESS` Parser allows reading of sensitive server files in flarum
flarum is a forum software package for building communities. In versions prior to 1.7.0 an admin account which has already been compromised by an attacker may use a vulnerability in the LESS parser which can be exploited to read sensitive files on the server through the use of path traversal...
CVE-2023-27577 Path Traversal Vulnerability in `LESS` Parser allows reading of sensitive server files in flarum
flarum is a forum software package for building communities. In versions prior to 1.7.0 an admin account which has already been compromised by an attacker may use a vulnerability in the LESS parser which can be exploited to read sensitive files on the server through the use of path traversal...
PT-2023-21219
Name of the Vulnerable Software and Affected Versions flarum versions prior to 1.7.0 Description The issue affects the LESS parser in flarum, allowing an attacker with a compromised admin account to read sensitive files on the server using path traversal techniques. This can be achieved by...