12 matches found
Local File Inclusion (LFI)
PrivateBin is vulnerable to Local File Inclusion LFI. The vulnerability is due to improper validation of the template cookie in the template-switching feature, which allows an attacker to include arbitrary PHP files and potentially read sensitive data or achieve remote code execution...
GHSA-G2J9-G8R5-RG82 PrivateBin's template-switching feature allows arbitrary local file inclusion through path traversal
Summary An unauthenticated Local File Inclusion exists in the template-switching feature: if templateselection is enabled in the configuration, the server trusts the template cookie and includes the referenced PHP file. An attacker can read sensitive data or, if they manage to drop a PHP file...
EUVD-2025-175312
PrivateBin's template-switching feature allows arbitrary local file inclusion through path traversal...
PrivateBin's template-switching feature allows arbitrary local file inclusion through path traversal
Summary An unauthenticated Local File Inclusion exists in the template-switching feature: if templateselection is enabled in the configuration, the server trusts the template cookie and includes the referenced PHP file. An attacker can read sensitive data or, if they manage to drop a PHP file...
CVE-2025-64714
PrivateBin is an online pastebin where the server has zero knowledge of pasted data. Starting in version 1.7.7 and prior to version 2.0.3, an unauthenticated Local File Inclusion exists in the template-switching feature. If templateselection is enabled in the configuration, the server trusts the...
CVE-2025-64714
PrivateBin is an online pastebin where the server has zero knowledge of pasted data. Starting in version 1.7.7 and prior to version 2.0.3, an unauthenticated Local File Inclusion exists in the template-switching feature. If templateselection is enabled in the configuration, the server trusts the...
CVE-2025-64714 PrivateBin's template-switching feature allows arbitrary local file inclusion through path traversal
PrivateBin is an online pastebin where the server has zero knowledge of pasted data. Starting in version 1.7.7 and prior to version 2.0.3, an unauthenticated Local File Inclusion exists in the template-switching feature. If templateselection is enabled in the configuration, the server trusts the...
CVE-2025-64714
CVE-2025-64714 affects PrivateBin. When templateselection is enabled, an unauthenticated Local File Inclusion can occur via the template cookie, allowing inclusion of PHP files and potential data exposure or remote code execution if a crafted file exists. Affected versions are 1.7.7 up to and inc...
CVE-2025-64714 PrivateBin's template-switching feature allows arbitrary local file inclusion through path traversal
PrivateBin is an online pastebin where the server has zero knowledge of pasted data. Starting in version 1.7.7 and prior to version 2.0.3, an unauthenticated Local File Inclusion exists in the template-switching feature. If templateselection is enabled in the configuration, the server trusts the...
CVE-2025-64714 PrivateBin's template-switching feature allows arbitrary local file inclusion through path traversal
PrivateBin is an online pastebin where the server has zero knowledge of pasted data. Starting in version 1.7.7 and prior to version 2.0.3, an unauthenticated Local File Inclusion exists in the template-switching feature. If templateselection is enabled in the configuration, the server trusts the...
PrivateBin 安全漏洞
PrivateBin is a minimalist open source online pastebin from the PrivateBin project. A security vulnerability exists in PrivateBin version 1.7.7 up to and including version 2.0.3, which stems from the presence of a local file inclusion in the template switching feature that could lead to the readi...
PT-2025-46849
Name of the Vulnerable Software and Affected Versions PrivateBin versions 1.7.7 through 2.0.2 Description PrivateBin contains a Local File Inclusion issue in the template-switching feature. If templateselection is enabled in the configuration, the server trusts the template cookie and includes th...