Submeter #752763: rachelos WeRSS WeRSS<=1.4.8 Pathname Traversalinformação

Títulorachelos WeRSS WeRSS<=1.4.8 Pathname Traversal
Descrição### Summary WeRSS(https://github.com/rachelos/we-mp-rss/)'s file download endpoint contains a path traversal vulnerability that allows authorized user to read sensitive files outside the intended application directory by crafting specially crafted HTTP requests. ## Detail https://www.notion.so/WeRSS-Path-Traversal-Vulnerability-Leads-to-Arbitrary-File-Read-2feea92a3c41804da1f1f5ddbf86e655
Fonte⚠️ https://www.notion.so/WeRSS-Path-Traversal-Vulnerability-Leads-to-Arbitrary-File-Read-2feea92a3c41804da1f1f5ddbf86e655
Utilizador
 din4 (UID 50867)
Submissão05/02/2026 10h12 (há 3 meses)
Moderação08/02/2026 09h32 (3 days later)
EstadoAceite
Entrada VulDB344933 [rachelos WeRSS we-mp-rss até 1.4.8 apis/tools.py download_export_file filename Travessia de Diretório]
Pontos16

VoltarVisão GeralPróximo

Do you want to use VulDB in your project?

Use the official API to access entries easily!