This page collects WhisperX intelligence signals tagged #file-upload. It is designed for humans, search engines, and AI agents: each item links to a canonical source-backed record with sector, source, timestamp, credibility, and exportable structured data.
A critical path traversal vulnerability in the FinSpark API allows attackers to write arbitrary files anywhere on the server filesystem. The flaw is in the document upload endpoint, where the system blindly trusts the `file.filename` provided by the client. By submitting a filename like `../../etc/cron.d/backdoor`, an ...
A critical security vulnerability has been identified in the AdonisJS framework's core file upload handler. The `UploadedFile.store()` method, responsible for saving user-uploaded files to disk, lacks fundamental validation checks, creating a direct path for attackers to upload and execute malicious code on a server. W...
A critical path traversal vulnerability has been remediated in the file upload endpoint at `packages/lib/services/rest/routes/resources.ts`. The flaw, designated CWE-22, enabled attackers to access or modify arbitrary filesystem locations on the server by exploiting insufficient input validation on file paths during mu...