Syspass Special Character Filename Handling Vulnerability Leading to Source Code Disclosure

Vulnerability

A vulnerability exists in Syspass versions 3.2.x within the account file upload feature, where special characters in filenames are not properly managed. This oversight allows for the unintentional disclosure of the web application's source code, revealing sensitive information such as the database password.

Impact

Exploitation of this vulnerability results in the unauthorized disclosure of the web application's source code, including sensitive information like the database password.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.8

impact

2.5

exploitability

6.4

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.8

impact

2.5

exploitability

6.4

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Syspass Special Character Filename Handling Vulnerability Leading to Source Code Disclosure

Vulnerability

Impact

Affected Products

Syspass

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating