Lucene search
+L

5 matches found

snyk
snyk
added 2026/06/05 4:26 p.m.6 views

Directory Traversal

Overview dbgate-api is an Allows run DbGate data-manipulation scripts. Affected versions of this package are vulnerable to Directory Traversal via the unzipDirectory function. An attacker can write arbitrary files to the filesystem outside the intended extraction directory by uploading a speciall...

9.8CVSS6.8AI score0.00058EPSS
Exploits0References2
github
github
added 2026/06/05 4:26 p.m.17 views

DbGate: Zip Slip in archive/unzip allows arbitrary file write leading to RCE

The unzipDirectory function in packages/api/src/shell/unzipDirectory.js line 27 does not validate that extracted file paths stay within the output directory. A malicious ZIP with ../ entries writes files anywhere on the filesystem. In the default Docker deployment, DbGate runs as root and the non...

5.5AI score0.00058EPSS
Exploits0References3Affected Software1
cve
cve
added 2022/08/22 6:24 p.m.77 views

CVE-2022-30547

CVE-2022-30547 affects WWBN AVideo 11.6 and dev master commit 3f7c0364. The unzipDirectory function unzips uploaded ZIPs without validating path traversal, allowing arbitrary code execution via crafted archives (e.g., files placed as ../shell.php). Talos confirms vulnerability in aVideoEncoder.un...

9.9CVSS9.6AI score0.63666EPSS
Exploits1References2Affected Software1
ptsecurity
ptsecurity
added 2022/08/22 12:0 a.m.8 views

PT-2022-20170 · Wwbn · Avideo

Name of the Vulnerable Software and Affected Versions: WWBN AVideo versions 11.6 and prior, including dev master commit 3f7c0364 and earlier Description: A directory traversal issue exists in the unzipDirectory functionality, allowing an attacker to send a specially-crafted HTTP request that can...

9.9CVSS9.6AI score0.63666EPSS
Exploits1References4
talos
talos
added 2022/08/16 12:0 a.m.35 views

WWBN AVideo aVideoEncoder unzipDirectory directory traversal vulnerability

Talos Vulnerability Report TALOS-2022-1547 WWBN AVideo aVideoEncoder unzipDirectory directory traversal vulnerability August 16, 2022 CVE Number CVE-2022-30547 SUMMARY A directory traversal vulnerability exists in the unzipDirectory functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364...

9.9CVSS9.7AI score0.63666EPSS
Exploits1
Rows per page
Query Builder