Force Download Security Vulnerabilities

CVE-2022-39023

U-Office Force Download function has a path traversal vulnerability. A remote attacker with general user privilege can exploit this vulnerability to download arbitrary system...

CVE-2022-39022

U-Office Force Download function has a path traversal vulnerability. A remote attacker with general user privilege can exploit this vulnerability to download arbitrary system...

CVE-2022-0953

The Anti-Malware Security and Brute-Force Firewall WordPress plugin before 4.20.96 does not sanitise and escape the QUERY_STRING before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting in browsers which do not encode...

CVE-2007-5732

Directory traversal vulnerability in downloadfile.php in eLouai's Force Download of media files script, as available on 20071030 and earlier, allows remote attackers to read arbitrary files via the file parameter. NOTE: this issue only occurs in environments where the system administrator has not.....