CVE-2025-55476

Medium CVSS: 6.5

FireShare FileShare 1.2.25 contains a time-based blind SQL injection vulnerability in the sort parameter of the endpoint: GET /api/videos/public?sort= This parameter is unsafely evaluated in a SQL ORDER BY clause without proper sanitization, allowing an attacker to inject arbitrary SQL subqueries.

Vendor

Shaneisrael

Product

Fireshare

CWE

CWE-89

Yayın Tarihi

2025-09-02 18:15:35

Güncelleme

2025-09-05 18:10:09

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-89 Fireshare MEDIUM Shaneisrael 2025

Referanslar

https://cyber-ducky.com/blind-sql-injection-in-fireshare-found-in-an-api-sort-parameter/ https://github.com/ShaneIsrael/fireshare/issues/311 https://github.com/ShaneIsrael/fireshare/releases/tag/v1.2.26

Benzer Kayıtlar

Critical

CVE-2026-34745

Fireshare facilitates self-hosted media and link sharing. Prior to version 1.5.3, the fix for CVE-2026-33645 was applied…

High

CVE-2026-33645

Fireshare facilitates self-hosted media and link sharing. In version 1.5.1, an authenticated path traversal vulnerabilit…

Critical

CVE-2025-67728

Fireshare facilitates self-hosted media and link sharing. Versions 1.2.30 and below allow an authenticated user, or unau…