CVE-2025-32371

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. A url could be crafted to the DNN ImageHandler to render text from a querystring parameter. This text would display in the resulting image and a user that trusts the domain might think that t...

CVE-2025-32371

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. A url could be crafted to the DNN ImageHandler to render text from a querystring parameter. This text would display in the resulting image and a user that trusts the domain might think that t...

User Interface (UI) Misrepresentation of Critical Information

Overview DotNetNuke.Core is a references provider to the DotNetNuke.dll to develop extensions for the DNN Platform. Affected versions of this package are vulnerable to User Interface UI Misrepresentation of Critical Information in the GenerateImage function, which does not sanitize URL text. An...

CVE-2025-32371 Unexpected external content may be displayed in DNN ImageHandler

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. A url could be crafted to the DNN ImageHandler to render text from a querystring parameter. This text would display in the resulting image and a user that trusts the domain might think that t...

CVE-2025-32371 Unexpected external content may be displayed in DNN ImageHandler

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. A url could be crafted to the DNN ImageHandler to render text from a querystring parameter. This text would display in the resulting image and a user that trusts the domain might think that t...

PT-2025-15703 · Dnn · Dnn

Name of the Vulnerable Software and Affected Versions: DNN versions prior to 9.13.4 Description: The issue allows manipulation of a URL for the ImageHandler to render text from a querystring parameter. This text would be displayed in the resulting image, potentially deceiving users who trust the...

CVE-2020-10212

upload.php in Responsive FileManager 9.13.4 and 9.14.0 allows SSRF via the url parameter because file-extension blocking is mishandled and because it is possible for a DNS hostname to resolve to an internal IP address. For example, an SSRF attempt may succeed if a .ico filename is added to the...

CVE-2020-10212

upload.php in Responsive FileManager 9.13.4 and 9.14.0 allows SSRF via the url parameter because file-extension blocking is mishandled and because it is possible for a DNS hostname to resolve to an internal IP address. For example, an SSRF attempt may succeed if a .ico filename is added to the...

CVE-2018-20789

tecrail Responsive FileManager 9.13.4 allows remote attackers to delete an arbitrary directory as a consequence of a paths0 path traversal mitigation bypass through the deletefolder action in execute.php...

CVE-2018-20792

tecrail Responsive FileManager 9.13.4 allows remote attackers to read arbitrary file via path traversal with the path parameter, through the getfile action in ajaxcalls.php...

CVE-2018-20790

tecrail Responsive FileManager 9.13.4 allows remote attackers to delete an arbitrary file as a consequence of a paths0 path traversal mitigation bypass through the deletefile action in execute.php...

CVE-2018-20795

tecrail Responsive FileManager 9.13.4 allows remote attackers to read arbitrary files via path traversal with the path parameter, through the copycut action in ajaxcalls.php and the pasteclipboard action in execute.php...

Path traversal

tecrail Responsive FileManager 9.13.4 allows remote attackers to read arbitrary file via path traversal with the path parameter, through the getfile action in ajaxcalls.php...

CVE-2018-20795

tecrail Responsive FileManager 9.13.4 allows remote attackers to read arbitrary files via path traversal with the path parameter, through the copycut action in ajaxcalls.php and the pasteclipboard action in execute.php...

CVE-2018-20790

The CVE-2018-20790 entry affects tecrail Responsive FileManager 9.13.4. A path traversal vulnerability exists in the delete_file action within execute.php, where a paths[0] traversal mitigation can be bypassed, enabling remote attackers to delete arbitrary files. This is initiated via the delete_...

CVE-2018-20793

The CVE-2018-20793 entry concerns tecrail Responsive FileManager version 9.13.4. A path traversal mitigation bypass in the create_file action of execute.php allows remote attackers to write arbitrary files, due to improper handling of paths[0]. This is a remote, unauthenticated vulnerability with...

CVE-2018-20792

tecrail Responsive FileManager 9.13.4 contains a path traversal vulnerability in ajax_calls.php (get_file action). Insufficient sanitization of directory traversal characters allows remote attackers to read arbitrary files. The issue is documented across multiple sources (NVD/CVE entries and vend...

tecrail Responsive FileManager path traversal vulnerability (CNVD-2019-12903)

tecrail Responsive FileManager is an open source file manager written in PHP by the Italian company tecrail. The product supports the uploading and management of videos, images or other files. A path traversal vulnerability exists in tecrail Responsive FileManager version 9.13.4. A remote attacke...

tecrail Responsive FileManager path traversal vulnerability (CNVD-2019-12898)

tecrail Responsive FileManager is an open source file manager written in PHP by the Italian company tecrail. The product supports the uploading and management of videos, images or other files. A path traversal vulnerability exists in the 'deletefile' function of the execute.php file in version...

tecrail Responsive FileManager path traversal vulnerability (CNVD-2019-12902)

tecrail Responsive FileManager is an open source file manager written in PHP by the Italian company tecrail. The product supports the uploading and management of videos, images or other files. A path traversal vulnerability exists in the 'saveimg' function of the ajaxcalls.php file in version...