Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Chyrp Lite has a Path Traversal to Remote Code Execution
Vulnerability Description
Chyrp Lite is an ultra-lightweight blogging engine. Prior to 2026.01, a path traversal vulnerability exists in the administration console that allows an administrator or a user with Change Settings permission to change the uploads path to any folder. This vulnerability allows the user to download any file on the server, including config.json.php with database credentials and overwrite critical system files, leading to remote code execution. This vulnerability is fixed in 2026.01.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
chyrp-lite 代码问题漏洞
Vulnerability Description
chyrp-lite是Daniel Pimley个人开发者的一个自托管的博客与网站发布平台。 chyrp-lite 2026.01之前版本存在代码问题漏洞,该漏洞源于管理控制台存在路径遍历,可能导致任意文件下载或远程代码执行。
CVSS Information
N/A
Vulnerability Type
N/A