7 matches found
CVE-2026-7594
A vulnerability was detected in Flux159 mcp-game-asset-gen 0.1.0. Affected is the function imageto3dasync of the file src/index.ts of the component MCP Interface. The manipulation of the argument statusFile results in path traversal. The attack can be executed remotely. The exploit is now public...
CVE-2026-7594 Flux159 mcp-game-asset-gen MCP index.ts image_to_3d_async path traversal
A vulnerability was detected in Flux159 mcp-game-asset-gen 0.1.0. Affected is the function imageto3dasync of the file src/index.ts of the component MCP Interface. The manipulation of the argument statusFile results in path traversal. The attack can be executed remotely. The exploit is now public...
MCP Asset Generation Server 路径遍历漏洞
MCP Asset Generation Server is a multi-type asset generation server for game development by the individual developer Suyog Sonwalkar. A path traversal vulnerability exists in MCP Asset Generation Server version 0.1.0, which stems from improper manipulation of the parameter statusFile in the...
Exploit for OS Command Injection in Cyberpanel
PoC: CVE-2024-51378 Command Injection, эмуляция 📌 Описан...
CyberPanel upgrademysqlstatus authentication bypass and command injection
Added: 11/07/2024 Background CyberPanel is a web hosting control panel. Problem A pair of vulnerabilities in the upgrademysqlstatus web resource could allow a remote attacker to bypass authentication using a PUT request and execute arbitrary commands with a specially crafted statusfile parameter...
CVE-2024-51378
getresetstatus in dns/views.py and ftp/views.py in CyberPanel aka Cyber Panel before 1c0c6cb allows remote attackers to bypass authentication and execute arbitrary commands via /dns/getresetstatus or /ftp/getresetstatus by bypassing secMiddleware which is only for a POST request and using shell...
VulnCheck KEV: CVE-2024-51378
CyberPanel contains an incorrect default permissions vulnerability that allows for authentication bypass and the execution of arbitrary commands using shell metacharacters in the statusfile property...