CVE-2024-39303

MEDIUM Year: 2024
CVSS v3 Score
5.4
Medium
Weakness Type
CWE-73
View all →

Vulnerability Description

Weblate is a web based localization tool. Prior to version 5.6.2, Weblate didn't correctly validate filenames when restoring project backup. It may be possible to gain unauthorized access to files on the server using a crafted ZIP file. This issue has been addressed in Weblate 5.6.2. As a workaround, do not allow untrusted users to create projects.

Related Vulnerabilities

CVE-2025-24054

MEDIUM
CVSS:5.4(Medium)

External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network.

CWE-732025

CVE-2024-0849

MEDIUM
CVSS:5.5(Medium)

Leanote version 2.7.0 allows obtaining arbitrary local files. This is possible because the application is vulnerable to LFR.

CWE-732024

CVE-2025-0202

MEDIUM
CVSS:5.5(Medium)

A vulnerability was found in TCS BaNCS 10. It has been classified as problematic. This affects an unknown part of the file /REPORTS/REPORTS_SHOW_FILE.jsp. The manipulation of the argument FilePath lea...

CWE-732025

CVE-2022-2400

MEDIUM
CVSS:5.3(Medium)

External Control of File Name or Path in GitHub repository dompdf/dompdf prior to 2.0.0.

CWE-732022

CVE-2022-34765

MEDIUM
CVSS:5.3(Medium)

A CWE-73: External Control of File Name or Path vulnerability exists that could cause loading of unauthorized firmware images when user-controlled data is written to the file path. Affected Products: ...

CWE-732022

CVE-2022-45213

MEDIUM
CVSS:5.3(Medium)

perfSONAR before 4.4.6 inadvertently supports the parse option for a file:// URL.

CWE-732022