| Titre | Sanster IOPaint 1.5.3 Path Traversal - Arbitrary File Read |
|---|
| Description | The File Manager component in IOPaint contains a path traversal vulnerability in the _get_file() method. The filename parameter received from user HTTP query strings is directly concatenated with a base directory path using Python's Path / operator without any sanitization or validation. This allows an attacker to use ../ sequences to escape the intended directory and read arbitrary files on the server. |
|---|
| La source | ⚠️ https://github.com/August829/CVEP/issues/11 |
|---|
| Utilisateur | Yu_Bao (UID 89348) |
|---|
| Soumission | 16/03/2026 06:56 (il y a 17 jours) |
|---|
| Modérer | 31/03/2026 18:20 (15 days later) |
|---|
| Statut | Accepté |
|---|
| Entrée VulDB | 354448 [Sanster IOPaint 1.5.3 File Manager file_manager.py _get_file filename directory traversal] |
|---|
| Points | 20 |
|---|