20762 matches found
CVE-2019-25579 phpTransformer 2016.9 Directory Traversal via jQueryFileUpload
phpTransformer 2016.9 contains a directory traversal vulnerability that allows unauthenticated attackers to access arbitrary files by manipulating the path parameter. Attackers can send requests to the jQueryFileUploadmaster server endpoint with traversal sequences ../../../../../../ to list and...
CVE-2019-25579
phpTransformer 2016.9 contains a directory traversal vulnerability that allows unauthenticated attackers to access arbitrary files by manipulating the path parameter. Attackers can send requests to the jQueryFileUploadmaster server endpoint with traversal sequences ../../../../../../ to list and...
CVE-2019-25577 SeoToaster Ecommerce 3.0.0 Local File Inclusion via backend_theme
SeoToaster Ecommerce 3.0.0 contains a local file inclusion vulnerability that allows authenticated attackers to read arbitrary files by manipulating path parameters in backend theme endpoints. Attackers can send POST requests to /backend/backendtheme/editcss/ or /backend/backendtheme/editjs/ with...
CVE-2019-25577
SeoToaster Ecommerce 3.0.0 contains a local file inclusion vulnerability that allows authenticated attackers to read arbitrary files by manipulating path parameters in backend theme endpoints. Attackers can send POST requests to /backend/backendtheme/editcss/ or /backend/backendtheme/editjs/ with...
CVE-2019-25577 SeoToaster Ecommerce 3.0.0 Local File Inclusion via backend_theme
SeoToaster Ecommerce 3.0.0 contains a local file inclusion vulnerability that allows authenticated attackers to read arbitrary files by manipulating path parameters in backend theme endpoints. Attackers can send POST requests to /backend/backendtheme/editcss/ or /backend/backendtheme/editjs/ with...
CVE-2019-25577
SeoToaster Ecommerce 3.0.0 has a local file inclusion vulnerability that lets authenticated attackers read arbitrary files by manipulating path parameters in backend_theme endpoints. Specifically, POST requests to /backend/backend_theme/editcss/ or /backend/backend_theme/editjs/ with directory tr...
CVE-2019-25574
CVE-2019-25574 affects Green CMS 2.x. The vulnerability is a path traversal flaw that enables authenticated attackers to download arbitrary files or directories. Attackers can exploit the themeexporthandle action by injecting directory traversal sequences into the theme_name parameter, or use bas...
CVE-2019-25574 Green CMS 2.x Path Traversal Arbitrary File Download
Green CMS 2.x contains a path traversal vulnerability that allows authenticated attackers to download arbitrary files and directories by injecting directory traversal sequences. Attackers can manipulate the themename parameter in the themeexporthandle action or supply base64-encoded file paths to...
CVE-2019-25574
Green CMS 2.x contains a path traversal vulnerability that allows authenticated attackers to download arbitrary files and directories by injecting directory traversal sequences. Attackers can manipulate the themename parameter in the themeexporthandle action or supply base64-encoded file paths to...
CVE-2019-25574 Green CMS 2.x Path Traversal Arbitrary File Download
Green CMS 2.x contains a path traversal vulnerability that allows authenticated attackers to download arbitrary files and directories by injecting directory traversal sequences. Attackers can manipulate the themename parameter in the themeexporthandle action or supply base64-encoded file paths to...
EUVD-2025-208918
The Invelity Product Feeds plugin for WordPress is vulnerable to arbitrary file deletion via path traversal in all versions up to, and including, 1.2.6. This is due to missing validation and sanitization in the 'createManageFeedPage' function. This makes it possible for authenticated...
CVE-2025-14037
The Invelity Product Feeds plugin for WordPress is vulnerable to arbitrary file deletion via path traversal in all versions up to, and including, 1.2.6. This is due to missing validation and sanitization in the 'createManageFeedPage' function. This makes it possible for authenticated...
CVE-2025-14037
The CVE concerns the Invelity Product Feeds plugin for WordPress (≤ v1.2.6). The root cause is missing validation and sanitization in the createManageFeedPage function, enabling an authenticated administrator to delete arbitrary files on the server via path traversal in specially crafted requests...
CVE-2025-14037 Invelity Products Feeds <= 1.2.6 - Cross-Site Request Forgery to Arbitrary File Deletion
The Invelity Product Feeds plugin for WordPress is vulnerable to arbitrary file deletion via path traversal in all versions up to, and including, 1.2.6. This is due to missing validation and sanitization in the 'createManageFeedPage' function. This makes it possible for authenticated...
CVE-2025-14037
The Invelity Product Feeds plugin for WordPress is vulnerable to arbitrary file deletion via path traversal in all versions up to, and including, 1.2.6. This is due to missing validation and sanitization in the 'createManageFeedPage' function. This makes it possible for authenticated...
CVE-2025-14037 Invelity Products Feeds <= 1.2.6 - Cross-Site Request Forgery to Arbitrary File Deletion
The Invelity Product Feeds plugin for WordPress is vulnerable to arbitrary file deletion via path traversal in all versions up to, and including, 1.2.6. This is due to missing validation and sanitization in the 'createManageFeedPage' function. This makes it possible for authenticated...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal due to using Path.resolve function without normalizing the path or checking if the resulting file remains within the intended results directory. An attacker can access sensitive files on the host system by crafting a...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via insufficient validation of the subDir parameter in volume identifiers. An attacker can cause unintended directories on the NFS server to be deleted or modified by crafting volume identifiers containing path...
EUVD-2026-13831
A vulnerability was discovered in the Kubernetes CSI Driver for NFS where the subDir parameter in volume identifiers was insufficiently validated. Attackers with the ability to create PersistentVolumes referencing the NFS CSI driver could craft volume identifiers containing path traversal sequenc...
GHSA-2MJQ-54QG-7W6J NFS CSI driver for Kubernetes is Vulnerable to Path Traversal through Volume Identifier Parameter
A vulnerability was discovered in the Kubernetes CSI Driver for NFS where the subDir parameter in volume identifiers was insufficiently validated. Attackers with the ability to create PersistentVolumes referencing the NFS CSI driver could craft volume identifiers containing path traversal sequenc...