10 matches found
CVE-2020-11055
BookStack versions >= 0.18.0 and
CVE-2021-4194
CVE-2021-4194 is linked to BookStack (bookstackapp/bookstack) and described across multiple feeds as an Improper Access Control vulnerability. The connected documents identify the issue as an access control error but do not provide concrete technical details such as affected versions, root-cause ...
CVE-2021-4026
CVE-2021-4026 affects BookStack (open-source PHP/Laravel app). The vulnerability is an Improper Access Control in which users with API access can view attachments they should not have read access to, potentially exposing sensitive information. The issue is documented across multiple feeds (NVD en...
CVE-2023-6199
The CVE-2023-6199 entry concerns Book Stack (BookStack) v23.10.2 with a Server-Side Request Forgery flaw that enables Local File Read via SSRF. The connected exploits/documentation show an attack chain using php://filter to read server files (e.g., /etc/passwd) by abusing the SSRF entry point ( o...
CVE-2021-3944
CVE-2021-3944 affects BookStack. Multiple connected sources confirm a cross-site request forgery (CSRF) vulnerability in BookStack/BookStackApp, caused by insufficient CSRF validation. Documented details indicate the issue is CSRF without explicit exploitation vectors or patched versions in the p...
CVE-2021-3916
CVE-2021-3916 affects BookStack (bookstackapp/bookstack). The vulnerability is an Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) in the web-facing file handling, enabling access to files under the storage directory via crafted pathnames. The PoC demonstrates traversa...
CVE-2021-3906
CVE-2021-3906 affects BookStack (bookstackapp/bookstack) via Unrestricted Upload of File with Dangerous Type. The root cause is a validation bypass: trim is applied to single-quoted strings, so an extension like pngr becomes png after trimming, allowing dangerous files to pass validation. This en...
CVE-2020-26260
Summary: CVE-2020-26260 affects BookStack prior to v0.30.5. A user with page-edit permissions could set certain image URLs to manipulate the exporting system, enabling server-side requests and access to a wider scope of files within BookStack’s file storage. Root cause / impact (as stated): The v...
CVE-2021-3758
CVE-2021-3758 affects BookStack (bookstackapp/bookstack). The vulnerability is an SSRF flaw in how a page exported to PDF handles HTML content (e.g., an tag referencing external resources). The PoC shows server-side requests triggered during PDF export, enabling access to internal resources from...
CVE-2021-3874
CVE-2021-3874: Path traversal in bookstackapp/bookstack (BookStack) due to improper restriction of restricted-directory pathnames. Impact described in connected sources as exposure of sensitive files via crafted pathnames (e.g., accessing logs/.htaccess) in BookStack export/filesystem operations....