vabene1111

9 exploits Active since Jun 2022
CVE-2026-25964 WRITEUP MEDIUM WRITEUP
Tandoor Recipes <2.5.1 - Path Traversal
Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.5.1, a Path Traversal vulnerability in the RecipeImport workflow of Tandoor Recipes allows authenticated users with import permissions to read arbitrary files on the server. This vulnerability stems from a lack of input validation in the file_path parameter and insufficient checks in the Local storage backend, enabling an attacker to bypass storage directory restrictions and access sensitive system files (e.g., /etc/passwd) or application configuration files (e.g., settings.py), potentially leading to full system compromise. This vulnerability is fixed in 2.5.1.
CVSS 4.9
CVE-2026-25991 WRITEUP HIGH WRITEUP
Tandoor Recipes < 2.5.1 - Authenticated Blind Server-Side Request Forgery via Cookmate Recipe Import
Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.5.1, there is a Blind Server-Side Request Forgery (SSRF) vulnerability in the Cookmate recipe import feature of Tandoor Recipes. The application fails to validate the destination URL after following HTTP redirects, allowing any authenticated user (including standard users without administrative privileges) to force the server to connect to arbitrary internal or external resources. The vulnerability lies in cookbook/integration/cookmate.py, within the Cookmate integration class. This vulnerability can be leveraged to scan internal network ports, access cloud instance metadata (e.g., AWS/GCP Metadata Service), or disclose the server's real IP address. This vulnerability is fixed in 2.5.1.
CVSS 7.7
CVE-2022-23071 WRITEUP MEDIUM WRITEUP
Tandoor Recipes 0.9.1-1.2.5 - Server-Side Request Forgery via Import Recipe Functionality
In Recipes, versions 0.9.1 through 1.2.5 are vulnerable to Server Side Request Forgery (SSRF), in the “Import Recipe” functionality. When an attacker enters the localhost URL, a low privileged attacker can access/read the internal file system to access sensitive information.
CVSS 6.5
CVE-2022-23072 WRITEUP WRITEUP
Tandoor Recipes 1.0.5-1.2.5 - Stored Cross-Site Scripting via Food Name Parameter
In Recipes, versions 1.0.5 through 1.2.5 are vulnerable to Stored Cross-Site Scripting (XSS), in “Add to Cart” functionality. When a victim accesses the food list page, then adds a new Food with a malicious javascript payload in the ‘Name’ parameter and clicks on the Add to Shopping Cart icon, an XSS payload will trigger. A low privileged attacker will have the victim's API key and can lead to admin's account takeover.
CVE-2022-23073 WRITEUP WRITEUP
Tandoor Recipes 1.0.5-1.2.5 - Stored Cross-Site Scripting via Food Name Parameter in Copy to Clipboard
In Recipes, versions 1.0.5 through 1.2.5 are vulnerable to Stored Cross-Site Scripting (XSS), in copy to clipboard functionality. When a victim accesses the food list page, then adds a new Food with a malicious javascript payload in the ‘Name’ parameter and clicks on the clipboard icon, an XSS payload will trigger. A low privileged attacker will have the victim's API key and can lead to admin's account takeover.
CVE-2022-23074 WRITEUP WRITEUP
Tandoor Recipes 0.17.0-1.2.5 - Stored Cross-Site Scripting in Keyword/Food/Unit Name Field
In Recipes, versions 0.17.0 through 1.2.5 are vulnerable to Stored Cross-Site Scripting (XSS), in the ‘Name’ field of Keyword, Food and Unit components. When a victim accesses the Keyword/Food/Unit endpoints, the XSS payload will trigger. A low privileged attacker will have the victim's API key and can lead to admin's account takeover.
CVE-2025-23211 WRITEUP CRITICAL WRITEUP
Tandoor Recipes < 1.5.24 - Authenticated Server-Side Template Injection via Jinja2
Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. A Jinja2 SSTI vulnerability allows any user to execute commands on the server. In the case of the provided Docker Compose file as root. This vulnerability is fixed in 1.5.24.
CVSS 9.9
CVE-2025-23212 WRITEUP HIGH WRITEUP
Tandoor Recipes < 1.5.28 - Unauthenticated Sensitive Information Exposure via External Storage Feature
Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. The external storage feature allows any user to enumerate the name and content of files on the server. This vulnerability is fixed in 1.5.28.
CVSS 7.7
CVE-2025-23213 WRITEUP HIGH WRITEUP
Tandoor Recipes < 1.5.28 - Unrestricted Upload of Dangerous File Types
Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. The file upload feature allows to upload arbitrary files, including html and svg. Both can contain malicious content (XSS Payloads). This vulnerability is fixed in 1.5.28.
CVSS 8.7