cve/CVE-2023-50264.md at b8bb3913ae5ed6689c69f4d953bda7435b2f2da7

admin/cve

mirror of https://github.com/0xMarcio/cve.git synced 2025-05-06 02:31:38 +00:00

0xMarcio 48a00929ac Removed duplicates

2024-06-18 02:51:15 +02:00

Description

Bazarr manages and downloads subtitles. Prior to 1.3.1, Bazarr contains an arbitrary file read in /system/backup/download/ endpoint in bazarr/app/ui.py does not validate the user-controlled filename variable and uses it in the send_file function, which leads to an arbitrary file read on the system. This issue is fixed in version 1.3.1.

POC

Reference

https://securitylab.github.com/advisories/GHSL-2023-192_GHSL-2023-194_bazarr/

Github

No PoCs found on GitHub currently.

964 B Raw Blame History

CVE-2023-50264

Description

POC

Reference

Github

964 B

Raw Blame History