PT-2026-39724 · Tookie · Tookie
CVSS v4.0
6.7
Medium
| Vector | AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
Tookie versions prior to 4.1fix
Description
An issue exists in the
modules/modules.py file where the write txt(), write csv(), write json(), and scan file() helper functions open output files using the open(f"{user}.<ext>") method. The user variable, which is sourced from the -u CLI flag or a -U usernames file, is not sanitized. A username containing path-separator sequences such as .., /, ``, or an absolute path allows the tool to write scan output to any arbitrary path where the invoking user has write permissions.Recommendations
Update to version 4.1fix.
Exploit
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Tookie