mirror of
https://github.com/0xMarcio/cve.git
synced 2025-05-28 01:04:30 +00:00
764 B
764 B
CVE-2019-14452
Description
Sigil before 0.9.16 is vulnerable to a directory traversal, allowing attackers to write arbitrary files via a ../ (dot dot slash) in a ZIP archive entry that is mishandled during extraction.
POC
Reference
- https://github.com/Sigil-Ebook/flightcrew/issues/52#issuecomment-505967936
- https://github.com/Sigil-Ebook/flightcrew/issues/52#issuecomment-505997355
Github
No PoCs found on GitHub currently.