CVE-2025-49008
- EPSS 0.08%
- Veröffentlicht 05.06.2025 00:13:14
- Zuletzt bearbeitet 05.06.2025 20:12:23
Atheos is a self-hosted browser-based cloud integrated development environment. Prior to version 6.0.4, improper use of `escapeshellcmd()` in `/components/codegit/traits/execute.php` allows argument injection, leading to arbitrary command execution. ...
CVE-2025-47788
- EPSS 0.1%
- Veröffentlicht 15.05.2025 19:40:58
- Zuletzt bearbeitet 19.05.2025 15:15:25
Atheos is a self-hosted browser-based cloud IDE. Prior to v602, similar to GHSA-rgjm-6p59-537v/CVE-2025-22152, the `$target` parameter in `/controller.php` was not properly validated, which could allow an attacker to execute arbitrary files on the se...
CVE-2025-22152
- EPSS 0.25%
- Veröffentlicht 10.01.2025 16:15:29
- Zuletzt bearbeitet 10.01.2025 16:15:29
Atheos is a self-hosted browser-based cloud IDE. Prior to v600, the $path and $target parameters are not properly validated across multiple components, allowing an attacker to read, modify, or execute arbitrary files on the server. These vulnerabilit...
CVE-2002-0244
- EPSS 1.92%
- Veröffentlicht 29.05.2002 04:00:00
- Zuletzt bearbeitet 03.04.2025 01:03:51
Directory traversal vulnerability in chroot function in AtheOS 0.3.7 allows attackers to escape the jail via a .. (dot dot) in the pathname argument to chdir.