Chyrp Lite has a Path Traversal to Remote Code Execution

Chyrp Lite is an ultra-lightweight blogging engine. Prior to 2026.01, a path traversal vulnerability exists in the administration console that allows an administrator or a user with Change Settings permission to change the uploads path to any folder. This vulnerability allows the user to download any file on the server, including config.json.php with database credentials and overwrite critical system files, leading to remote code execution. This vulnerability is fixed in 2026.01.

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

对路径名的限制不恰当(路径遍历)

chyrp-lite 代码问题漏洞

chyrp-lite是Daniel Pimley个人开发者的一个自托管的博客与网站发布平台。 chyrp-lite 2026.01之前版本存在代码问题漏洞，该漏洞源于管理控制台存在路径遍历，可能导致任意文件下载或远程代码执行。

N/A

N/A