CVE-2026-45233: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in danpros htmly
HTMLy CMS through 3.1.1 contains a path traversal vulnerability that allows low-privileged authenticated attackers to relocate arbitrary files by supplying directory traversal sequences in the oldfile parameter at the admin autosave endpoint. Attackers can pass unsanitized traversal sequences directly to file_exists() and rename() functions in admin.php without canonicalization or directory boundary enforcement to cause unintended relocation of any file writable by the web server process to an attacker-specified draft location.
AI Analysis
Technical Summary
CVE-2026-45233 is a path traversal vulnerability affecting HTMLy CMS through version 3.1.1. Authenticated users with low privileges can exploit this by providing directory traversal sequences in the oldfile parameter at the admin autosave endpoint. The application fails to sanitize these inputs before passing them to file_exists() and rename() in admin.php, allowing attackers to relocate any file writable by the web server to an attacker-controlled draft location. This improper limitation of pathname to a restricted directory can lead to unauthorized file manipulation.
Potential Impact
An attacker with low privileges can move arbitrary files writable by the web server to locations specified by the attacker, potentially leading to unauthorized file manipulation or disruption of application functionality. This could facilitate further attacks or data integrity issues. There is no indication of remote code execution or privilege escalation beyond file relocation in the provided data.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until a fix is available, restrict write permissions for the web server process to only necessary files and directories. Monitor for unusual file movements and consider limiting access to the admin autosave endpoint to trusted users only.
CVE-2026-45233: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in danpros htmly
Description
HTMLy CMS through 3.1.1 contains a path traversal vulnerability that allows low-privileged authenticated attackers to relocate arbitrary files by supplying directory traversal sequences in the oldfile parameter at the admin autosave endpoint. Attackers can pass unsanitized traversal sequences directly to file_exists() and rename() functions in admin.php without canonicalization or directory boundary enforcement to cause unintended relocation of any file writable by the web server process to an attacker-specified draft location.
CVSS v4.0
Score 7.2high
Affected software
Run on your own infrastructure? Check whether these packages are installed with threat-finder — our free open-source scanner.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-45233 is a path traversal vulnerability affecting HTMLy CMS through version 3.1.1. Authenticated users with low privileges can exploit this by providing directory traversal sequences in the oldfile parameter at the admin autosave endpoint. The application fails to sanitize these inputs before passing them to file_exists() and rename() in admin.php, allowing attackers to relocate any file writable by the web server to an attacker-controlled draft location. This improper limitation of pathname to a restricted directory can lead to unauthorized file manipulation.
Potential Impact
An attacker with low privileges can move arbitrary files writable by the web server to locations specified by the attacker, potentially leading to unauthorized file manipulation or disruption of application functionality. This could facilitate further attacks or data integrity issues. There is no indication of remote code execution or privilege escalation beyond file relocation in the provided data.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until a fix is available, restrict write permissions for the web server process to only necessary files and directories. Monitor for unusual file movements and consider limiting access to the admin autosave endpoint to trusted users only.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- VulnCheck
- Date Reserved
- 2026-05-11T14:14:49.612Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a3d5b504853345fc1337279
Added to database: 06/25/2026, 16:46:08 UTC
Last enriched: 06/25/2026, 17:01:33 UTC
Last updated: 06/25/2026, 20:14:30 UTC
Views: 4
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.