| 标题 | xiaoyunjie openvpn-cms-flask 1.2.7 Arbitrary File Write |
|---|
| 描述 | There is an unauthenticated arbitrary file upload vulnerability with path traversal capability exists in the upload_to_local endpoint (app/plugins/oss/app/controller.py), allowing attackers to upload arbitrary file into the server.
Details can be found in https://github.com/xiaoyunjie/openvpn-cms-flask/issues/23. |
|---|
| 来源 | ⚠️ https://github.com/xiaoyunjie/openvpn-cms-flask/issues/23 |
|---|
| 用户 | Tritium (UID 50779) |
|---|
| 提交 | 2025-06-22 16時26分 (10 月前) |
|---|
| 管理 | 2025-06-27 13時03分 (5 days later) |
|---|
| 状态 | 已接受 |
|---|
| VulDB条目 | 314092 [xiaoyunjie openvpn-cms-flask 直到 1.2.7 File Upload controller.py upload image 目录遍历] |
|---|
| 积分 | 19 |
|---|