BTCPay Server through 1.0.7.0 suffers from directory traversal, which allows an attacker with admin privileges to achieve code execution. The attacker must craft a malicious plugin file with special characters to upload the file outside of the restricted directory.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2021-05-05T12:25:43

Updated: 2024-08-03T22:02:51.544Z

Reserved: 2021-03-26T00:00:00

Link: CVE-2021-29246

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2021-05-05T13:15:07.650

Modified: 2024-11-21T06:00:52.507

Link: CVE-2021-29246

cve-icon Redhat

No data.