What the vulnerability does
01Description
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Saleswonder Team: Tobias WebinarIgnition webinar-ignition allows Path Traversal.This issue affects WebinarIgnition: from n/a through < 4.08.253.
Explanation of Vulnerability in Simple Terms
02Summary
WebinarIgnition versions up to 4.08.253 contain a path traversal vulnerability that allows an authenticated attacker to read, modify, or delete arbitrary files on the server. The vulnerability requires low-level user privileges and network access, but no user interaction. Impact extends beyond the vulnerable component, potentially compromising the entire site.
What an attacker can do
03Attacker Capabilities
Read, modify, or delete arbitrary files on the server.
Potential impact on your site
04Site Impact
An authenticated user can access sensitive files, alter site configuration, or disable the site entirely.
Conditions required to exploit
05Prerequisites
Attacker must have a low-privilege user account on the site.
Key dates
06Disclosure timeline
May 27, 2026
CVE published
May 27, 2026
Record updated