Description
Directory traversal vulnerability in the _get_file_path function in (1) lib/sessions.py in CherryPy 3.0.x up to 3.0.2, (2) filter/sessionfilter.py in CherryPy 2.1, and (3) filter/sessionfilter.py in CherryPy 2.x allows remote attackers to create or delete arbitrary files, and possibly read and write portions of arbitrary files, via a crafted session id in a cookie.
Remediation
References
Related Vulnerabilities
SharePoint CVE-2021-1716 Vulnerability (CVE-2021-1716)
Grafana Incorrect Authorization Vulnerability (CVE-2021-28146)
WordPress Plugin user files Arbitrary File Upload (2.4.2)
phpMyFAQ Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2024-28105)
MediaWiki Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-4302)