| Название | Sanster IOPaint 1.5.3 Path Traversal - Arbitrary File Read |
|---|
| Описание | The File Manager component in IOPaint contains a path traversal vulnerability in the _get_file() method. The filename parameter received from user HTTP query strings is directly concatenated with a base directory path using Python's Path / operator without any sanitization or validation. This allows an attacker to use ../ sequences to escape the intended directory and read arbitrary files on the server. |
|---|
| Источник | ⚠️ https://github.com/August829/CVEP/issues/11 |
|---|
| Пользователь | Yu_Bao (UID 89348) |
|---|
| Представление | 16.03.2026 06:56 (22 дни назад) |
|---|
| Модерация | 31.03.2026 18:20 (15 days later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 354448 [Sanster IOPaint 1.5.3 File Manager file_manager.py _get_file filename обход каталога] |
|---|
| Баллы | 20 |
|---|