CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2020-27304 – civetweb: directory traversal when using the built-in example HTTP form-based file upload mechanism via the mg_handle_form_request API
https://notcve.org/view.php?id=CVE-2020-27304
21 Oct 2021 — The CivetWeb web library does not validate uploaded filepaths when running on an OS other than Windows, when using the built-in HTTP form-based file upload mechanism, via the mg_handle_form_request API. Web applications that use the file upload form handler, and use parts of the user-controlled filename in the output path, are susceptible to directory traversal La biblioteca web CivetWeb no comprueba las rutas de los archivos cargados cuando se ejecuta en un sistema operativo distinto de Windows, cuando es ... • https://cert-portal.siemens.com/productcert/pdf/ssa-222547.pdf • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-23: Relative Path Traversal •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-12684
https://notcve.org/view.php?id=CVE-2018-12684
22 Jun 2018 — Out-of-bounds Read in the send_ssi_file function in civetweb.c in CivetWeb through 1.10 allows attackers to cause a Denial of Service or Information Disclosure via a crafted SSI file. Lectura fuera de límites en la función send_ssi_file en civetweb.c en CivetWeb hasta la versión 1.10 permite que los atacantes provoquen una divulgación de información por denegación de servicio (DoS) mediante un archivo SSI manipulado. • https://github.com/civetweb/civetweb/commit/8fd069f6dedb064339f1091069ac96f3f8bdb552 • CWE-125: Out-of-bounds Read CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •