The WebUI component in Deluge before 1.3.15 contains a directory traversal vulnerability involving a request in which the name of the render file is not associated with any template file.
oryginał ENCVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HDeluge Torrent Deluge
APPDeluge-Torrent≤ 1.3.14
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
Path Traversal
CWE
Referencje
Powiązane podatności
CVE-2017-7178HIGH8.8ten sam produkt
CSRF was discovered in the web UI in Deluge before 1.3.14. The exploitation methodology involves (1) hosting a...
CVE-2019-25585MEDIUM6.9ten sam produkt
Deluge 1.3.15 contains a denial of service vulnerability that allows local attackers to crash the application ...
CVE-2019-25586MEDIUM6.9ten sam produkt
Deluge 1.3.15 contains a denial of service vulnerability that allows local attackers to crash the application ...
CVE-2021-3427MEDIUM6.1ten sam produkt
The Deluge Web-UI is vulnerable to XSS through a crafted torrent file. The the data from torrent files is not ...