3 matches found
CVE-2026-34735
The CVE concerns Hytale Modding Wiki (version 1.2.0 and prior). The issue resides in the quickUpload() endpoint: MIME-type validation via PHP finfo is performed, but the stored filename is constructed from the client-supplied extension (getClientOriginalExtension()). These independent checks allo...
CVE-2026-34735
The Hytale Modding Wiki is a free service for Hytale mods to host their documentation & wikis. In version 1.2.0 and prior, the quickUpload endpoint validates uploaded files by checking their MIME type via PHP's finfo, which inspects file contents but constructs the stored filename using the...
HytaleModding Wiki 代码问题漏洞
HytaleModding Wiki is an open-source documentation platform for Hytale Modding. Versions of HytaleModding Wiki prior to 1.2.0 had code vulnerabilities. These vulnerabilities stemmed from the quickUpload endpoint’s validation of MIME types, but it used file extensions provided by the client, which...