Directory Traversal vulnerability in file cn/roothub/store/FileSystemStorageService in function store in Roothub 2.6.0 allows remote attackers with low privlege to arbitrarily upload files via /common/upload API, which could lead to remote arbitrary code execution.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.0 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H | 2.1 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| roothub | roothub | 2.6.0 |
Roothub v2.5 was discovered to contain an arbitrary file upload vulnerability via the customPath parameter in the upload() function. This vulnerability allows attackers to execute arbitrary code via a crafted JSP file.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| roothub | roothub | 2.5.0 |
Roothub v2.6 was discovered to contain a SQL injection vulnerability via the 's' parameter in the search() function.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| roothub | roothub | 2.6.0 |
Roothub v2.6 was discovered to contain a SQL injection vulnerability via the topic parameter in the list() function.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| roothub | roothub | 2.6.0 |
Roothub v2.6 was discovered to contain a SQL injection vulnerability via the nodeTitle parameter in the parentNode() function..
Products Affected
| Vendor | Product | Version |
|---|---|---|
| roothub | roothub | 2.6.0 |
A vulnerability was found in Roothub up to 2.6. It has been declared as problematic. Affected by this vulnerability is the function Edit of the file src/main/java/cn/roothub/web/admin/SystemConfigAdminController.java. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| cna@vuldb.com | 3.5 | LOW | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N | 2.1 | 1.4 |
| nvd@nist.gov | 6.1 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | 2.8 | 2.7 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,CWE-94,CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| roothub | roothub | * |