CVE-2023-40020

PrivateUploader is an open source image hosting server written in Vue and TypeScript. In affected versions app/routes/v3/admin.controller.ts did not correctly verify whether the user was an administrator High Level or moderator Low Level causing the request to continue processing. The response...

CVE-2023-40020 Improper Authentication in PrivateUploader

PrivateUploader is an open source image hosting server written in Vue and TypeScript. In affected versions app/routes/v3/admin.controller.ts did not correctly verify whether the user was an administrator High Level or moderator Low Level causing the request to continue processing. The response...

PrivateUploader License Issue Vulnerability

PrivateUploader is the ultimate open source image uploader and file storage solution. An authorization issue vulnerability exists in versions prior to PrivateUploader 3.2.49, which stems from not properly validating whether a user is an administrator high level or a moderator low level, causing...

CVE-2022-2436

The Download Manager plugin for WordPress is vulnerable to deserialization of untrusted input via the 'filepackagedir' parameter in versions up to, and including 3.2.49. This makes it possible for authenticated attackers with contributor privileges and above to call files using a PHAR wrapper tha...

WordPress plugin Download Manager 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability exists i...

PT-2022-16638 · WordPress · Download Manager

Name of the Vulnerable Software and Affected Versions: Download Manager plugin for WordPress versions up to and including 3.2.49 Description: The issue allows authenticated attackers with contributor privileges and above to deserialize untrusted input via the filepackage dir parameter. This can...