← Back

Civetweb Project

civetweb_project

4 CVEs • 1 product

Products (1)

Click to collapse
Toggle
Civetweb
civetweb
4 CVEs

CVEs (4)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2026-5789
1Civetweb Project
1Civetweb
Apr 22, 2026
Apr 21, 2026
8.5 HIGH· v4
7.8 HIGH· v3
N/A· v2
Vulnerability related to an unquoted search path in CivetWeb v1.16. This vulnerability allows a local attacker to execute arbitrary code with elevated privileges by placing a malicious executable in a directory that is s...Show more
Vulnerability related to an unquoted search path in CivetWeb v1.16. This vulnerability allows a local attacker to execute arbitrary code with elevated privileges by placing a malicious executable in a directory that is scanned before the intended application path (C:\Program Files\CivetWeb\CivetWeb.exe --), due to the absence of quotes in the service configuration.Show less
CVE-2025-55763
1Civetweb Project
1Civetweb
Sep 9, 2025
Aug 29, 2025
N/A· v4
7.5 HIGH· v3
N/A· v2
Buffer Overflow in the URI parser of CivetWeb 1.14 through 1.16 (latest) allows a remote attacker to achieve remote code execution via a crafted HTTP request. This vulnerability is triggered during request processing and...Show more
Buffer Overflow in the URI parser of CivetWeb 1.14 through 1.16 (latest) allows a remote attacker to achieve remote code execution via a crafted HTTP request. This vulnerability is triggered during request processing and may allow an attacker to corrupt heap memory, potentially leading to denial of service or arbitrary code execution.Show less
CVE-2020-27304
2Civetweb Project
Siemens
2Civetweb
Sinec Infrastructure Network Services
Nov 21, 2024
Oct 21, 2021
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
The CivetWeb web library does not validate uploaded filepaths when running on an OS other than Windows, when using the built-in HTTP form-based file upload mechanism, via the mg_handle_form_request API. Web applications...Show more
The CivetWeb web library does not validate uploaded filepaths when running on an OS other than Windows, when using the built-in HTTP form-based file upload mechanism, via the mg_handle_form_request API. Web applications that use the file upload form handler, and use parts of the user-controlled filename in the output path, are susceptible to directory traversalShow less
CVE-2018-12684
1Civetweb Project
1Civetweb
Nov 21, 2024
Jun 22, 2018
N/A· v4
7.1 HIGH· v3
5.8 MEDIUM· v2
Out-of-bounds Read in the send_ssi_file function in civetweb.c in CivetWeb through 1.10 allows attackers to cause a Denial of Service or Information Disclosure via a crafted SSI file.