229 matches found
CVE-2023-26957
onekeyadmin v1.3.9 was discovered to contain an arbitrary file delete vulnerability via the component \admin\controller\plugins...
CVE-2023-26957
CVE-2023-26957 affects onekeyadmin v1.3.9. The vulnerability exists in the component admin\controller\plugins and allows an arbitrary file deletion . The CVSS data indicates a network-based, unauthenticated, high-severity impact with integrity and availability both affected. No explicit remediati...
CVE-2023-26957
onekeyadmin v1.3.9 was discovered to contain an arbitrary file delete vulnerability via the component \admin\controller\plugins...
PT-2023-14730 · Razer · Razercentral
Name of the Vulnerable Software and Affected Versions: Razer Central versions prior to 7.8.0.381 Description: The issue is related to an Arbitrary File Delete vulnerability when handling files in the Accounts directory. Recommendations: For versions prior to 7.8.0.381, update to version 7.8.0.381...
CVE-2022-45697
Arbitrary File Delete vulnerability in Razer Central before v7.8.0.381 when handling files in the Accounts directory...
CVE-2022-45697
CVE-2022-45697 affects Razer Central prior to v7.8.0.381, with an Arbitrary File Delete vulnerability when handling files in the Accounts directory. Impact details from the associated records indicate a local-only exposure with high impact on confidentiality, integrity, and availability (CVSS v3....
CVE-2023-23698
Dell Command | Update, Dell Update, and Alienware Update versions before 4.6.0 and 4.7.1 contain Insecure Operation on Windows Junction in the installer component. A local malicious user may potentially exploit this vulnerability leading to arbitrary file delete...
Design/Logic Flaw
Dell Command | Update, Dell Update, and Alienware Update versions before 4.6.0 and 4.7.1 contain Insecure Operation on Windows Junction in the installer component. A local malicious user may potentially exploit this vulnerability leading to arbitrary file delete...
CVE-2023-23698
Dell Command | Update, Dell Update, and Alienware Update prior to 4.6.0 and 4.7.1 are affected. The installer component performs an insecure operation on Windows Junction, allowing a local attacker to delete arbitrary files without user interaction. Impact: high for availability/integrity; exploi...
CVE-2023-23698
Dell Command | Update, Dell Update, and Alienware Update versions before 4.6.0 and 4.7.1 contain Insecure Operation on Windows Junction in the installer component. A local malicious user may potentially exploit this vulnerability leading to arbitrary file delete...
CVE-2022-42002
SonicJS through 0.6.0 allows file overwrite. It has the following mutations that are used for updating files: fileCreate and fileUpdate. Both of these mutations can be called without any authentication to overwrite any files on a SonicJS application, leading to Arbitrary File Write and Delete...
CVE-2022-42002
CVE-2022-42002 affects SonicJS up to version 0.6.0. The vulnerability stems from unauthenticated access to the file mutation mutations, specifically fileCreate and fileUpdate , which can overwrite arbitrary files on a SonicJS application. This leads to Arbitrary File Write and Delete . Connection...
Path traversal in Concrete CMS
Concrete 8.5.7 and below as well as Concrete 9.0 through 9.0.2 allow traversal in /index.php/ccm/system/file/upload which could result in an Arbitrary File Delete exploit. This was remediated by sanitizing /index.php/ccm/system/file/upload to ensure Concrete doesn’t allow traversal and by changin...
CVE-2022-30117
Concrete 8.5.7 and below as well as Concrete 9.0 through 9.0.2 allow traversal in /index.php/ccm/system/file/upload which could result in an Arbitrary File Delete exploit. This was remediated by sanitizing /index.php/ccm/system/file/upload to ensure Concrete doesn’t allow traversal and by changin...
CVE-2022-30117
Concrete 8.5.7 and below as well as Concrete 9.0 through 9.0.2 allow traversal in /index.php/ccm/system/file/upload which could result in an Arbitrary File Delete exploit. This was remediated by sanitizing /index.php/ccm/system/file/upload to ensure Concrete doesn’t allow traversal and by changin...
Design/Logic Flaw
Concrete 8.5.7 and below as well as Concrete 9.0 through 9.0.2 allow traversal in /index.php/ccm/system/file/upload which could result in an Arbitrary File Delete exploit. This was remediated by sanitizing /index.php/ccm/system/file/upload to ensure Concrete doesn’t allow traversal and by changin...
CVE-2022-30117
Concrete CMS versions affected: 8.5.7 and below, and 9.0–9.0.2. The issue is a path traversal in /index.php/ccm/system/file/upload that could enable Arbitrary File Deletion. Root cause: inadequate input validation allowing traversal, enabling access to arbitrary files. Remediation implemented: sa...
GHSA-WCJ4-FF9M-5R7G ImpressCMS Path Traversal to Arbitrary File Delete
Absolute path traversal vulnerability in htdocs/libraries/image-editor/image-edit.php in ImpressCMS before 1.3.6 allows remote attackers to delete arbitrary files via a full pathname in the imagepath parameter in a cancel action...
ImpressCMS Path Traversal to Arbitrary File Delete
Absolute path traversal vulnerability in htdocs/libraries/image-editor/image-edit.php in ImpressCMS before 1.3.6 allows remote attackers to delete arbitrary files via a full pathname in the imagepath parameter in a cancel action...
GHSA-X73X-7GMX-W835 Arbitrary file delete in baserCMS
baserCMS version 3.0.14 and earlier, 4.0.5 and earlier allows remote attackers to delete arbitrary files via unspecified vectors when the "File" field is being used in the mail form...