3 matches found
Missing Authorization
Overview Affected versions of this package are vulnerable to Missing Authorization in the api/internal/sftp-event endpoint. An attacker can remove database records associated with media files by crafting custom HTTP requests that simulate internal SFTP events, provided they have knowledge of vali...
AzuraCast Vulnerable to Pre-Auth File Deletion & Admin RCE
An API endpoint that is intended for internal use by the SFTP software sftpgo was mistakenly exposed to the public-facing HTTP API for AzuraCast installations. This would allow a user with specific internal knowledge of a station's operations to craft a custom HTTP request that would affect the...
GHSA-9449-RPHM-MJQR AzuraCast Vulnerable to Pre-Auth File Deletion & Admin RCE
An API endpoint that is intended for internal use by the SFTP software sftpgo was mistakenly exposed to the public-facing HTTP API for AzuraCast installations. This would allow a user with specific internal knowledge of a station's operations to craft a custom HTTP request that would affect the...