| Titel | Sanster IOPaint 1.5.3 Path Traversal - Arbitrary File Read |
|---|
| Beschreibung | The File Manager component in IOPaint contains a path traversal vulnerability in the _get_file() method. The filename parameter received from user HTTP query strings is directly concatenated with a base directory path using Python's Path / operator without any sanitization or validation. This allows an attacker to use ../ sequences to escape the intended directory and read arbitrary files on the server. |
|---|
| Quelle | ⚠️ https://github.com/August829/CVEP/issues/11 |
|---|
| Benutzer | Yu_Bao (UID 89348) |
|---|
| Einreichung | 16.03.2026 06:56 (vor 17 Tagen) |
|---|
| Moderieren | 31.03.2026 18:20 (15 days later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 354448 [Sanster IOPaint 1.5.3 File Manager file_manager.py _get_file filename Directory Traversal] |
|---|
| Punkte | 20 |
|---|