BTCPay Server through 1.0.7.0 suffers from directory traversal, which allows an attacker with admin privileges to achieve code execution. The attacker must craft a malicious plugin file with special characters to upload the file outside of the restricted directory.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2021-05-05T12:25:43
Updated: 2024-08-03T22:02:51.544Z
Reserved: 2021-03-26T00:00:00
Link: CVE-2021-29246
Vulnrichment
No data.
NVD
Status : Modified
Published: 2021-05-05T13:15:07.650
Modified: 2024-11-21T06:00:52.507
Link: CVE-2021-29246
Redhat
No data.