Enviar #799583: HBAI-Ltd Toonflow 1.1.1 Remote Code Executioninformación

TítuloHBAI-Ltd Toonflow 1.1.1 Remote Code Execution
DescripciónThe Toonflow application's update mechanism (/api/setting/about/downloadApp) downloads a ZIP file from a user-controlled URL without any integrity verification (no signature, no checksum, no domain allowlist). The ZIP is extracted without path traversal validation, and its contents are then copied directly over the application's own server code (data/serve/), web frontend (data/web/), prompt templates (data/skills/), and ML models (data/models/). An authenticated attacker can supply a URL pointing to a malicious ZIP file to achieve complete remote code execution by replacing the application's server-side JavaScript.
Fuente⚠️ https://github.com/HBAI-Ltd/Toonflow-app/issues/96
Usuario
 Yu Bao (UID 88956)
Sumisión2026-04-08 11:03 (hace 20 días)
Moderación2026-04-26 10:16 (18 days later)
EstadoAceptado
Entrada de VulDB359660 [HBAI-Ltd Toonflow-app hasta 1.1.1 downloadApp Endpoint downloadApp.ts z.url recorrido de directorios]
Puntos20

AnteriorVisión De ConjuntoPróximo

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!