CVE-2026-3098

The Smart Slider 3 plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 3.5.1.33 via the 'actionExportAll' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read the contents of arbitrary files on th...

WordPress Smart Slider 3 plugin <= 3.5.1.33 - Authenticated (Subscriber+) Arbitrary File Read via actionExportAll vulnerability

Authenticated Subscriber+ Arbitrary File Read via actionExportAll vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin Smart Slider 3 versions = 3.5.1.33...

CVE-2026-3098

The Smart Slider 3 plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 3.5.1.33 via the 'actionExportAll' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read the contents of arbitrary files on th...

CVE-2026-3098

The Smart Slider 3 plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 3.5.1.33 via the 'actionExportAll' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read the contents of arbitrary files on th...

CVE-2026-29098 SuiteCRM has Relative Path Traversal via ModuleBuilder Modules ExportCustom Action

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Prior to versions 7.15.1 and 8.9.3, the actionexportCustom function in modules/ModuleBuilder/controller.php fails to properly neutralize path traversal sequences in the $modules and $name...

IBOS SQL注入漏洞

IBOS is a collaborative office management system. An SQL injection vulnerability exists in IBOS OA version 4.5.5, which stems from the function actionExport in the file ?r=contact/default/export that causes sql injection...

PT-2023-26179 · Ibos Oa · Ibos Oa

Name of the Vulnerable Software and Affected Versions: IBOS OA version 4.5.5 Description: A critical issue was found in the function actionExport of the component Personal Office Address Book, specifically in the file "?r=contact/default/export". This issue leads to SQL injection and can be...

CVE-2020-8889

The ShipStation.com plugin 1.0 for CS-Cart allows remote attackers to obtain sensitive information via action=export because a typo results in a successful comparison of a blank password and NULL...

PT-2023-11949 · Shipstation.Com · Shipstation.Com Plugin

Name of the Vulnerable Software and Affected Versions: ShipStation.com plugin version 1.0 for CS-Cart Description: The issue allows remote attackers to obtain sensitive information due to a typo that results in a successful comparison of a blank password and NULL. This can be achieved via the...

CVE-2022-43333

Telenia Software s.r.l TVox before v22.0.17 was discovered to contain a remote code execution RCE vulnerability in the component actionexportcontrol.php...

PT-2022-26856 · Telenia Software S.R.L · Tvox

Name of the Vulnerable Software and Affected Versions: Telenia Software s.r.l TVox versions prior to 22.0.17 Description: The issue is related to a remote code execution RCE vulnerability found in the component action export control.php. Recommendations: For versions prior to 22.0.17, update to...