4 matches found
CVE-2020-27304
CVE-2020-27304 relates to CivetWeb’s form-based file upload handling: when running on non-Windows OS, uploaded file paths are not validated, enabling directory traversal if a web app uses user-controlled filename segments in output paths. Public sources in connected docs tie this to Siemens SCALA...
CVE-2025-55763
CVE-2025-55763 describes a buffer overflow in CivetWeb’s URI parser (versions 1.14–1.16) that can be triggered by a crafted HTTP request, allowing a remote attacker to potentially execute arbitrary code or cause a denial of service by corrupting heap memory during request processing. The connecte...
CVE-2018-12684
CivetWeb up to version 1.10 contains an out-of-bounds read in the send_ssi_file function (civetweb.c) that allows an attacker to cause a Denial of Service or Information Disclosure via a crafted SSI file. The CVE description specifies affected software and root cause; no explicit exploit details ...
CVE-2026-5789
CVE-2026-5789 affects CivetWeb v1.16. The root cause is an unquoted search path in the service configuration, allowing a local attacker to execute arbitrary code with elevated privileges by placing a malicious executable in a directory scanned before the application path (e.g., C:\Program Files\C...