| Título | Sanster IOPaint 1.5.3 Path Traversal - Arbitrary File Read |
|---|
| Descrição | The File Manager component in IOPaint contains a path traversal vulnerability in the _get_file() method. The filename parameter received from user HTTP query strings is directly concatenated with a base directory path using Python's Path / operator without any sanitization or validation. This allows an attacker to use ../ sequences to escape the intended directory and read arbitrary files on the server. |
|---|
| Fonte | ⚠️ https://github.com/August829/CVEP/issues/11 |
|---|
| Utilizador | Yu_Bao (UID 89348) |
|---|
| Submissão | 16/03/2026 06h56 (há 23 dias) |
|---|
| Moderação | 31/03/2026 18h20 (15 days later) |
|---|
| Estado | Aceite |
|---|
| Entrada VulDB | 354448 [Sanster IOPaint 1.5.3 File Manager file_manager.py _get_file filename Travessia de Diretório] |
|---|
| Pontos | 20 |
|---|