2037 matches found
CVE-2024-51549 Absolute Path Traversal
Absolute File Traversal vulnerabilities allows access and modification of un-intended resources. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02...
OpenSolution Quick CMS 安全漏洞
OpenSolution Quick CMS is a free content management system from the OpenSolution organization. A security vulnerability exists in OpenSolution Quick CMS version 6.7 that stems from improper validation of user-supplied input, absolute path traversal, and allows an attacker to delete files stored o...
CVE-2024-52378
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in labs64 DigiPass digipass allows Absolute Path Traversal.This issue affects DigiPass: from n/a through = 0.3.0...
CVE-2024-11215
Absolute path traversal incorrect restriction of a path to a restricted directory vulnerability in the EasyPHP web server, affecting version 14.1. This vulnerability could allow remote users to bypass SecurityManager restrictions and retrieve any file stored on the server by setting only...
CVE-2024-11215 Path traversal vulnerability in EasyPHP
Absolute path traversal incorrect restriction of a path to a restricted directory vulnerability in the EasyPHP web server, affecting version 14.1. This vulnerability could allow remote users to bypass SecurityManager restrictions and retrieve any file stored on the server by setting only...
EasyPHP Webserver 路径遍历漏洞
EasyPHP Webserver is an EasyPHP open source platform for building development environments. A path traversal vulnerability exists in EasyPHP Webserver version 14.1, which stems from absolute path traversal in the web server...
PT-2024-16833
Name of the Vulnerable Software and Affected Versions EasyPHP version 14.1 Description The issue is an absolute path traversal vulnerability, which could allow remote users to bypass SecurityManager restrictions and retrieve any file stored on the server. This is achieved by setting consecutive...
PT-2024-35215 · Labs64 · Digipass
Name of the Vulnerable Software and Affected Versions: DigiPass versions 0.3.0 and earlier Description: The issue is related to an Improper Limitation of a Pathname to a Restricted Directory, also known as 'Path Traversal'. This allows Absolute Path Traversal in Labs64 DigiPass. Recommendations:...
PT-2024-35159 · Craft · Craft
Name of the Vulnerable Software and Affected Versions: Craft versions prior to 4.12.2 and 5.4.3 Description: The issue is related to a missing normalizePath in the FileHelper::absolutePath function, which could lead to Remote Code Execution on the server via twig Server Side Template Injection...
PT-2024-34873 · Unknown · Symphony Php Framework
Name of the Vulnerable Software and Affected Versions: Symphony PHP framework versions prior to 5.4.46 Symphony PHP framework versions prior to 6.4.14 Symphony PHP framework versions prior to 7.1.7 Description: The Symphony process module in the Symphony PHP framework executes commands in...
CVE-2024-7962
An arbitrary file read vulnerability exists in gaizhenbiao/chuanhuchatgpt version 20240628 due to insufficient validation when loading prompt template files. An attacker can read any file that matches specific criteria using an absolute path. The file must not have a .json extension and, except f...
CVE-2024-7962
An arbitrary file read vulnerability exists in gaizhenbiao/chuanhuchatgpt version 20240628 due to insufficient validation when loading prompt template files. An attacker can read any file that matches specific criteria using an absolute path. The file must not have a .json extension and, except f...
PYSEC-2024-112
An arbitrary file read vulnerability exists in gaizhenbiao/chuanhuchatgpt version 20240628 due to insufficient validation when loading prompt template files. An attacker can read any file that matches specific criteria using an absolute path. The file must not have a .json extension and, except f...
PYSEC-2024-112
An arbitrary file read vulnerability exists in gaizhenbiao/chuanhuchatgpt version 20240628 due to insufficient validation when loading prompt template files. An attacker can read any file that matches specific criteria using an absolute path. The file must not have a .json extension and, except f...
CVE-2024-7962 Arbitrary File Read via Insufficient Validation in gaizhenbiao/chuanhuchatgpt
An arbitrary file read vulnerability exists in gaizhenbiao/chuanhuchatgpt version 20240628 due to insufficient validation when loading prompt template files. An attacker can read any file that matches specific criteria using an absolute path. The file must not have a .json extension and, except f...
CVE-2024-7962
The CVE-2024-7962 issue affects gaizhenbiao/chuanhuchatgpt version 20240628, described as an arbitrary file read vulnerability caused by insufficient validation when loading prompt template files. An attacker can read files via an absolute path if the target file meets criteria (not ending in .js...
CVE-2024-7962 Arbitrary File Read via Insufficient Validation in gaizhenbiao/chuanhuchatgpt
An arbitrary file read vulnerability exists in gaizhenbiao/chuanhuchatgpt version 20240628 due to insufficient validation when loading prompt template files. An attacker can read any file that matches specific criteria using an absolute path. The file must not have a .json extension and, except f...
Absolute Path Traversal
Overview Affected versions of this package are vulnerable to Absolute Path Traversal via the HTML writer process when embedding images. An attacker can read arbitrary files on the server and perform arbitrary HTTP GET requests by constructing an XLSX file that links images from arbitrary paths or...
PhpSpreadsheet allows absolute path traversal and Server-Side Request Forgery in HTML writer when embedding images is enabled
Summary It's possible for an attacker to construct an XLSX file that links images from arbitrary paths. When embedding images has been enabled in HTML writer with $writer-setEmbedImagestrue; those files will be included in the output as data: URLs, regardless of the file's type. Also URLs can be...
Absolute Path Traversal
Overview Affected versions of this package are vulnerable to Absolute Path Traversal via the setPath method. An attacker can access or leak sensitive information by constructing a malicious XLSX file that manipulates the path to external or internal resources, exploiting the file reading mechanis...