Dokploy is a free, self-hostable Platform as a Service (PaaS). In 0.29.1 and earlier, a command injection vulnerability exists in the Docker file upload functio…

A command injection vulnerability exists in Dokploy version 0.29.1 and earlier affecting the Docker file upload functionality. The vulnerability occurs when the destinationPath parameter is not properly sanitized and is directly interpolated into shell commands. Authenticated attackers can exploit this by including shell metacharacters like semicolons or quotes to escape the intended docker cp command. This allows execution of arbitrary OS commands on the Dokploy host system. The vulnerability affects the self-hostable Platform as a Service (PaaS) solution and requires authenticated access to exploit.