25 matches found
PsiTransfer 安全漏洞
PsiTransfer is a simple open source hosted file sharing solution from the individual developer Christoph Wiechert. A security vulnerability exists in PsiTransfer versions prior to 2.2.0, which stems from an unrestricted endpoint that allows an attacker who receives a file distribution ID to alter...
File Integrity Manipulation
psitransfer is vulnerable to File integrity Manipulation. The vulnerability is due to the lack of proper access controls or restrictions on the endpoint designed for uploading files, allowing an attacker with the file distribution ID to alter the files within that distribution...
PsiTransfer: Violation of the integrity of file distribution
Summary The absence of restrictions on the endpoint, which allows you to create a path for uploading a file in a file distribution, allows an attacker to add arbitrary files to the distribution. Details Vulnerable endpoint: POST /files PoC 1. Create a file distribution. 2. Go to the link address ...
PT-2024-24088 · Unknown · Psitransfer
Name of the Vulnerable Software and Affected Versions: PsiTransfer versions prior to 2.2.0 Description: The issue arises from the absence of restrictions on the PATCH /files/id endpoint, which is designed for uploading files. This allows an attacker who has received the id of a file distribution ...
in psi-4ward/psitransfer
✍️ Description Hi, with PsiTransfer we can upload files and protect them with a password. However, there is an IDOR that let an attacker retrieve arbitrary files and get the AES encrypted data of these files. All is left is to perform an offline bruteforce to crack the password of this file and ge...