CodiMD 漏洞列表
共找到 3 个与 CodiMD 相关的漏洞
📅 加载漏洞趋势中...
-
CVE-2024-38353: CodiMD <2.5.4 - Insecure Filename Randomization POC
CodiMD does not require valid authentication to access uploaded images or to upload new image data. An attacker who can determine an uploaded image's URL can gain unauthorised access to uploaded image data. Due to the insecure random filename generation in the underlying Formidable library, an attacker can determine the filenames for previously uploaded images and the likelihood of this issue being exploited is increased. -
CVE-2024-38353: CodiMD <2.5.4 - Insecure Filename Randomization POC
CodiMD does not require valid authentication to access uploaded images or to upload new image data. An attacker who can determine an uploaded image's URL can gain unauthorised access to uploaded image data. Due to the insecure random filename generation in the underlying Formidable library, an attacker can determine the filenames for previously uploaded images and the likelihood of this issue being exploited is increased. -
codimd-unauth-file-upload: CodiMD - File Upload POC
CodiMD does not require valid authentication to access uploaded images or to upload new image data. An attacker who can determine an uploaded image's URL can gain unauthorised access to uploaded image data, or can create a denial of service condition by exhausting all available disk space.