CVE-2026-49133— typemill 路径遍历漏洞

Typemill < 2.24.0 Path Traversal via ControllerApiImage::getPagemedia()

Typemill before 2.24.0 contains a path traversal vulnerability that allows authenticated attackers with Author-level privileges to read arbitrary files outside the content directory by supplying traversal sequences in the path query parameter passed to Storage::getFile() with an empty folder argument. Attackers can bypass traversal-prevention controls in Storage::getFolderPath() to access sensitive files.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

对路径名的限制不恰当(路径遍历)

typemill 路径遍历漏洞

Typemill是Typemill个人开发者开源的一款适用于微出版商的轻量级平面文件 cms。 Typemill 2.24.0之前版本存在路径遍历漏洞，该漏洞源于路径遍历，可能导致经过身份验证的Author级攻击者通过向Storage::getFile()传递空文件夹参数并提供路径遍历序列，读取内容目录之外的任意文件。

N/A

N/A