Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Unauthenticated Path Traversal Arbitrary File Write in /api/uploadChunked/public
Vulnerability Description
Fireshare facilitates self-hosted media and link sharing. Prior to version 1.5.3, the fix for CVE-2026-33645 was applied to the authenticated /api/uploadChunked endpoint but was not applied to the unauthenticated /api/uploadChunked/public endpoint in the same file (app/server/fireshare/api.py). An unauthenticated attacker can exploit the checkSum parameter to write arbitrary files with attacker-controlled content to any writable path on the server filesystem. This issue has been patched in version 1.5.3.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
Fireshare 路径遍历漏洞
Vulnerability Description
Fireshare是Shane Israel个人开发者的一个媒体托管软件。 Fireshare 1.5.3之前版本存在路径遍历漏洞,该漏洞源于未经身份验证的/api/uploadChunked/public端点未应用修复,可能导致攻击者向服务器文件系统的任何可写路径写入任意文件。
CVSS Information
N/A
Vulnerability Type
N/A