Primary

Context

TAGFREE X-Free Uploader Path Traversal Vulnerability Allowing Arbitrary File Download

Vulnerability

A path traversal vulnerability has been identified in TAGFREE X-Free Uploader versions 1.0.1.0084 prior to 1.0.1.0085 and 2.0.1.0034 prior to 2.0.1.0035. This vulnerability arises from inadequate validation of parameter values in the file download feature, allowing for the arbitrary download of files from the server.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive files on the server.

Remediation

Users are advised to update to X-Free Uploader version 1.0.1.0085 or 2.0.1.0035. Please check the TAGFREE website for update instructions.

Added: Aug 7, 2025, 2:32 AM

Updated: Aug 7, 2025, 2:32 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

7.7

relevance

0.3

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

7.7

relevance

0.3

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

TAGFREE X-Free Uploader Path Traversal Vulnerability Allowing Arbitrary File Download

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating