cve/CVE-2022-25297.md at 43553e9af13bbdba84028635c21659dede3160a7

admin/cve

mirror of https://github.com/0xMarcio/cve.git synced 2025-05-06 02:31:38 +00:00

0xMarcio 48a00929ac Removed duplicates

2024-06-18 02:51:15 +02:00

Description

This affects the package drogonframework/drogon before 1.7.5. The unsafe handling of file names during upload using HttpFile::save() method may enable attackers to write files to arbitrary locations outside the designated target folder.

POC

Reference

https://snyk.io/vuln/SNYK-UNMANAGED-DROGONFRAMEWORKDROGON-2407243

Github

https://github.com/ARPSyndicate/cvemon
https://github.com/CVEDB/Poc-Git
https://github.com/CVEDB/cve
https://github.com/Kirill89/Kirill89
https://github.com/SkyBelll/CVE-PoC
https://github.com/jaeminLeee/cve
https://github.com/trickest/cve
https://github.com/w3security/PoCVE

1.0 KiB Raw Blame History

CVE-2022-25297

Description

POC

Reference

Github

1.0 KiB

Raw Blame History