Submit #602374: xiaoyunjie openvpn-cms-flask 1.2.7 Arbitrary File Writeinfo

Titlexiaoyunjie openvpn-cms-flask 1.2.7 Arbitrary File Write
DescriptionThere is an unauthenticated arbitrary file upload vulnerability with path traversal capability exists in the upload_to_local endpoint (app/plugins/oss/app/controller.py), allowing attackers to upload arbitrary file into the server. Details can be found in https://github.com/xiaoyunjie/openvpn-cms-flask/issues/23.
Source⚠️ https://github.com/xiaoyunjie/openvpn-cms-flask/issues/23
User
 Tritium (UID 50779)
Submission06/22/2025 16:26 (10 months ago)
Moderation06/27/2025 13:03 (5 days later)
StatusAccepted
VulDB entry314092 [xiaoyunjie openvpn-cms-flask up to 1.2.7 File Upload controller.py upload image path traversal]
Points19

PreviousOverviewNext

Might our Artificial Intelligence support you?

Check our Alexa App!