Description
The iThoughtsHD app 4.19 for iOS on iPad devices, when the WiFi Transfer feature is used, allows remote attackers to upload arbitrary files by placing a %00 sequence after a dangerous extension, as demonstrated by a .html%00.txt file.
References (1)
Core 1
Core References
Exploit x_refsource_misc
http://www.madirish.net/559
Scores
EPSS
0.0101
EPSS Percentile
58.9%
Details
CWE
CWE-20
Status
published
Products (1)
ithoughts/ithoughtshd
4.19
Published
Mar 26, 2014
Tracked Since
Feb 18, 2026