Vulnerabilities > Civetweb Project

DATE CVE VULNERABILITY TITLE RISK
2021-10-21 CVE-2020-27304 Path Traversal vulnerability in multiple products
The CivetWeb web library does not validate uploaded filepaths when running on an OS other than Windows, when using the built-in HTTP form-based file upload mechanism, via the mg_handle_form_request API.
network
low complexity
civetweb-project siemens CWE-22
critical
9.8
2018-06-22 CVE-2018-12684 Out-of-bounds Read vulnerability in Civetweb Project Civetweb
Out-of-bounds Read in the send_ssi_file function in civetweb.c in CivetWeb through 1.10 allows attackers to cause a Denial of Service or Information Disclosure via a crafted SSI file.
local
low complexity
civetweb-project CWE-125
7.1