Vulnerabilities > Diyhi > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-03-28 CVE-2021-43099 Path Traversal vulnerability in Diyhi BBS 5.3
An Archive Extraction (AKA "Zip Slip) vulnerability exists in bbs 5.3 in the UpgradeNow function in UpgradeManageAction.java, which unzips the arbitrary upladed zip file without checking filenames.
network
low complexity
diyhi CWE-22
4.9
4.9