CVE-2025-27092 | cmu-sei GHOSTS prior 8.2.7.90 /api/npcs/{id}/photo photoLink path traversal (GHSA-qr67-m6w9-wj3j)

Inserito da Angelo Barbosa | Feb 20, 2025 | CVE

A vulnerability classified as critical has been found in cmu-sei GHOSTS. This affects an unknown part of the file /api/npcs/{id}/photo. The manipulation of the argument photoLink leads to path traversal.

This vulnerability is uniquely identified as CVE-2025-27092. The attack can only be done within the local network. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2025-27092 | cmu-sei GHOSTS prior 8.2.7.90 /api/npcs/{id}/photo photoLink path traversal (GHSA-qr67-m6w9-wj3j)

Post correlati

CVE-2025-1859 | PHPGurukul News Portal 4.1 /login.php id sql injection

CVE-2024-10431 | Codezips Pet Shop Management System 1.0 /deletebird.php t1 sql injection

CVE-2024-42469 | openhab-webui up to 4.2.0 path traversal (GHSA-f729-58×4-gqgf)

CVE-2024-45797 | OISF libhtp up to 0.5.48 HTTP Protocol Parser allocation of resources (ID 7191)