5 matches found
BIT-PILLOW-2026-55798 Pillow: WindowsViewer.get_command() OS command injection via unescaped shell path
Pillow is a Python imaging library. Prior to 12.3.0, WindowsViewer.getcommand constructed a cmd.exe shell command by directly embedding a file path into an f-string without escaping and passed the result to subprocess.Popen..., shell=True, allowing shell metacharacters in the file path to inject...
CVE-2026-34153 Coolify LocalFileVolume fs_path command injection enables RCE
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, LocalFileVolume::saveStorageOnServer builds shell commands using unescaped fspath and parentdir values before validation, and submitFileStorage does not validate the...
CVE-2026-55798
Pillow vulnerability CVE-2026-55798 affects WindowsViewer.get_command() in Pillow prior to 12.3.0. It builds a shell command by unescaped file path injected into an f-string and passes it to subprocess.Popen(..., shell=True), enabling injection of arbitrary cmd.exe commands. Impact is limited to ...
Unspecified Vulnerability in Sensio Labs Symfony
Sensio Labs Symfony is a free French Sensio Labs , based on the MVC architecture of the PHP development framework . The framework provides commonly used functional components and tools , can be used to quickly create complex WEB program . A security vulnerability exists in Sensio Labs Symfony...
ExpressionEngine: Image lib - unescaped file path
Under ./system/ee/legacy/libraries/Imagelib.php There are function from CodeIgniter to manipulate images. The issue is that the PHP function exec is used two times in two different functions: imageprocessimagemagick and imageprocessnetpbm In both cases the fullsrcpath and fulldstpath are given...