CNNVD-202601-1459 Information
CNNVD ID
CNNVD-202601-1459
Related CVE
- CNNVD Published: 2026-01-08
Description (Chinese)
Snuffleupagus是Julien Voisin个人开发者的一个安全模块。 Snuffleupagus 0.13.0之前版本存在安全漏洞,该漏洞源于上传验证功能配置不当,可能导致多部分POST请求中的文件被评估为PHP代码。
Description (English)
Snuffleupugus is a safe module for Julien Voisin personal developers. There was a security loophole in the pre-Snuffleupugus 01.13.0 that resulted from the inappropriate configuration of the upload authentication function, which could result in multiple POST requests for documents being assessed as PHP codes.
Hazard Level
Low
Vulnerability Type
其他
Affected Vendor
个人开发者
Published
2026-01-08
Last Modified
2026-02-24
References
https://github.com/jvoisin/snuffleupagus/blob/v0.12.0/scripts/upload_validation.php https://github.com/jvoisin/snuffleupagus/blob/v0.12.0/scripts/upload_validation.py https://github.com/php/php-src/blob/e4098da58a9eaee759d728d98a27d809cde37671/ext/standard/dl.c#L165-L166 https://github.com/jvoisin/snuffleupagus/commit/9278dc77bab2a219e770a1b31dd6797bc9070e37 https://github.com/php/php-src/blob/e4098da58a9eaee759d728d98a27d809cde37671/main/rfc1867.c#L1269-L1274 https://snuffleupagus.readthedocs.io/config.html#upload-validation https://github.com/jvoisin/snuffleupagus/blob/9278dc77bab2a219e770a1b31dd6797bc9070e37/src/sp_upload_validation.c#L92-L100 https://github.com/jvoisin/snuffleupagus/security/advisories/GHSA-c4ch-xw5p-2mvc https://access.redhat.com/security/cve/cve-2026-22034
Patch
https://github.com/jvoisin/snuffleupagus/releases
Share on: