Invia #690873: SCADA-LTS Project Scada-LTS <= commit 1cfaed4b35117e4871bc3dfeae073f61d8e3bb3d Path traversal / Zip Slip leading to arbitrary file writeinformazioni

TitoloSCADA-LTS Project Scada-LTS <= commit 1cfaed4b35117e4871bc3dfeae073f61d8e3bb3d Path traversal / Zip Slip leading to arbitrary file write
DescrizioneScada-LTS before commit 1cfaed4b35117e4871bc3dfeae073f61d8e3bb3d is vulnerable to a Zip Slip path traversal in the project import feature. Crafted archive entries with directory traversal sequences are written outside the intended uploads/graphics folders, allowing arbitrary file overwrite under Common.getHomeDir().
Fonte⚠️ https://github.com/Xzzz111/exps/blob/main/archives/Scada-LTS-ZipSlip-1/report.md
Utente
 sh7err02 (UID 92378)
Sottomissione07/11/2025 08:43 (8 mesi fa)
Moderazione29/11/2025 21:33 (23 days later)
StatoAccettato
Voce VulDB333795 [Scada-LTS fino a 2.7.8.1 Project Import ZIPProjectManager.java Common.getHomeDir directory traversal]
Punti19

PrecedenteVisione D'ensembleIl prossimo

Interested in the pricing of exploits?

See the underground prices here!