Lucene search
K

4 matches found

Github Security Blog
Github Security Blog
added 2026/05/29 10:6 p.m.22 views

Admidio has IDOR in `documents-files.php` `mode=move_save` that lets any folder-uploader exfiltrate files from private folders

Summary modules/documents-files.php gates state-changing modes by checking that the actor has hasUploadRight on the URL parameter folderuuid. The movesave handler then operates on a separate URL parameter fileuuid and calls File::moveToFolder$destFolderUUID. File::moveToFolder checks the upload...

5.7AI score0.00032EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/05/29 10:6 p.m.7 views

GHSA-X628-457G-2PW9 Admidio has IDOR in `documents-files.php` `mode=move_save` that lets any folder-uploader exfiltrate files from private folders

Summary modules/documents-files.php gates state-changing modes by checking that the actor has hasUploadRight on the URL parameter folderuuid. The movesave handler then operates on a separate URL parameter fileuuid and calls File::moveToFolder$destFolderUUID. File::moveToFolder checks the upload...

8.1CVSS5.7AI score0.00032EPSS
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/03/03 6:8 a.m.2 views

pfSense-pkg-WireGuard vulnerable to directory traversal

Overview pfSense-pkg-WireGuard provided by pfSense is an add-on package for pfSense CE and pfSense Plus. pfSense-pkg-WireGuard contains a directory traversal vulnerability CWE-22. Yutaka WATANABE of Ierae Security Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer...

6.5CVSS6.6AI score0.01714EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/03/03 12:0 a.m.71 views

JVN#85572374: pfSense-pkg-WireGuard vulnerable to directory traversal

pfSense-pkg-WireGuard provided by pfSense is an add-on package for pfSense CE and pfSense Plus. pfSense-pkg-WireGuard contains a directory traversal vulnerability CWE-22. Impact pfSense users may view files in the private folders which they do not have privileges to access. Solution Update the...

6.5CVSS6.4AI score0.01714EPSS
Exploits0
Rows per page
Query Builder