exploitDog

CVE-2025-56869

Опубликовано: 19 сент. 2025

Источник: nvd

CVSS3: 5.3

EPSS Низкий

Описание

Directory traversal vulnerability in Sync In server thru 1.1.1 allowing authenticated attackers to gain read and write access to the system via FilesManager.saveMultipart function in backend/src/applications/files/services/files-manager.service.ts, and FilesManager.compress function in backend/src/applications/files/services/files-manager.service.ts.

Ссылки

https://github.com/Sync-in/server
Product
https://github.com/Sync-in/server/releases/tag/v1.2.0
Release Notes
https://sync-in.com/
Product

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:sync-in:sync-in_server:*:*:*:*:*:*:*:*

Версия до 1.1.1 (включая)

EPSS

Процентиль: 39%

0.00176

Низкий

5.3 Medium

CVSS3

Дефекты

CWE-22

Связанные уязвимости

GHSA-xh7h-h275-6q2f

CVSS3: 5.3

github

5 месяцев назад

Directory traversal vulnerability in Sync In server thru 1.1.1 allowing authenticated attackers to gain read and write access to the system via FilesManager.saveMultipart function in backend/src/applications/files/services/files-manager.service.ts, and FilesManager.compress function in backend/src/applications/files/services/files-manager.service.ts.

EPSS

Процентиль: 39%

0.00176

Низкий

5.3 Medium

CVSS3

Дефекты

CWE-22