PinkDraconian

3 exploits Active since Oct 2021
CVE-2021-39433 NOMISEC HIGH WORKING POC
biqsdrive < 1.83 - Local File Inclusion via Download Endpoint File Parameter
A local file inclusion (LFI) vulnerability exists in version BIQS IT Biqs-drive v1.83 and below when sending a specific payload as the file parameter to download/index.php. This allows the attacker to read arbitrary files from the server with the permissions of the configured web-user.
5 stars
CVSS 7.5
CVE-2021-39433 WRITEUP HIGH WORKING POC
biqsdrive < 1.83 - Local File Inclusion via Download Endpoint File Parameter
A local file inclusion (LFI) vulnerability exists in version BIQS IT Biqs-drive v1.83 and below when sending a specific payload as the file parameter to download/index.php. This allows the attacker to read arbitrary files from the server with the permissions of the configured web-user.
CVSS 7.5
CVE-2024-28088 WRITEUP HIGH WORKING POC
langchain < 0.1.12 and langchain-core < 0.1.30 - Path Traversal via load_chain Path Parameter
LangChain through 0.1.10 allows ../ directory traversal by an actor who is able to control the final part of the path parameter in a load_chain call. This bypasses the intended behavior of loading configurations only from the hwchase17/langchain-hub GitHub repository. The outcome can be disclosure of an API key for a large language model online service, or remote code execution. (A patch is available as of release 0.1.29 of langchain-core.)
CVSS 8.1