2 matches found
CVE-2022-29637
CVE-2022-29637 affects Mindoc v2.1-beta.5, where an arbitrary file upload vulnerability in the Unzip/ZIP handling allows an attacker to execute arbitrary commands through a crafted Zip file. Multiple sources (Veracode and Snyk entries referencing Mindoc’s unzip/ziptil code paths) describe the iss...
CVE-2018-19114
MinDoc, up to v1.0.2 , contains an access control flaw: an attacker can escalate privileges by uploading an image containing an admin session and then using a Cookie: mindoc_id with a relative path to that file (e.g., aa/../../uploads/blog/201811/attach_#.jpg). This can grant elevated rights with...