CVE-2026-30279

HIGH

My Location Travel Timeline 11.80 - File Overwrite

Title source: llm

Description

An arbitrary file overwrite vulnerability in Squareapps LLC My Location Travel Timeline v11.80 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure.

References (4)

Core 4

Core References

http://my.com

https://secsys.fudan.edu.cn/

https://lightapp3.firebaseapp.com/

https://github.com/Secsys-FDU/AF_CVEs/issues/28

Scores

CVSS v3 8.4

EPSS 0.0017

EPSS Percentile 6.5%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-22

Status published

Products (1)

squareapps/my_location 11.80

Published Mar 31, 2026

Tracked Since Mar 31, 2026