| Title | SCADA-LTS Project Scada-LTS <= commit 1cfaed4b35117e4871bc3dfeae073f61d8e3bb3d Path traversal / Zip Slip leading to arbitrary file write |
|---|
| Description | Scada-LTS before commit 1cfaed4b35117e4871bc3dfeae073f61d8e3bb3d is vulnerable to a Zip Slip path traversal in the project import feature. Crafted archive entries with directory traversal sequences are written outside the intended uploads/graphics folders, allowing arbitrary file overwrite under Common.getHomeDir(). |
|---|
| Source | ⚠️ https://github.com/Xzzz111/exps/blob/main/archives/Scada-LTS-ZipSlip-1/report.md |
|---|
| User | sh7err02 (UID 92378) |
|---|
| Submission | 11/07/2025 08:43 (8 months ago) |
|---|
| Moderation | 11/29/2025 21:33 (23 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 333795 [Scada-LTS up to 2.7.8.1 Project Import ZIPProjectManager.java Common.getHomeDir path traversal] |
|---|
| Points | 19 |
|---|