Improper input validation in Evbee Dc-80

CVE-2026-22102

A POST request sent to a specific webserver endpoint can be used to write to arbitrary file locations. The endpoint accepts the filename parameter in the Content-Disposition header without verification. This can be used to cause a denial o…

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

Affected products

Weakness classification (CWE)

References