Tassos Framework Plugin 访问控制错误漏洞

The Tassos Framework Plugin is a Joomla extension and functionality enhancement framework developed by Tassos Marinos. The Tassos Framework Plugin has a security vulnerability related to access control, which allows users to delete any file on the affected site...

SUSE CVE-2025-66410

Gin-vue-admin is a backstage management system based on vue and gin. In 2.8.6 and earlier, attackers can delete any file on the server at will, causing damage or unavailability of server resources. Attackers can control the 'FileMd5' parameter to delete any file and folder...

GHSA-JRHG-82W2-VVJ7 Gin-vue-admin has an arbitrary file deletion vulnerability

Impact Attackers can delete any file on the server at will, causing damage or unavailability of server resources. Attackers can control the 'FileMd5' parameter to delete any file and folder The affected code: Affected interfaces: /api/fileUploadAndDownload/removeChunk POC: You can specify the...

CVE-2024-57452

ChestnutCMS =1.5.0 has an arbitrary file deletion vulnerability in contentcore.controller.FileController, which allows attackers to delete any file and folder...

CVE-2022-46331

An unauthorized user could possibly delete any file on the system...

CVE-2022-32328

Fast Food Ordering System v1.0 is vulnerable to Delete any file. via /ffos/classes/Master.php?f=deleteimg...

CVE-2022-32328

CVE-2022-32328 affects Fast Food Ordering System v1.0. The vulnerability is an arbitrary file deletion issue exploitable through the API endpoint /ffos/classes/Master.php?f=delete_img due to insufficient input/permission validation in the delete_img function. Impact statements in sources indicate...

CVE-2022-31973

Online Fire Reporting System v1.0 is vulnerable to Delete any file via /ofrs/classes/Master.php?f=deleteimg...

CVE-2022-31973

Online Fire Reporting System v1.0 is vulnerable to Delete any file via /ofrs/classes/Master.php?f=deleteimg...

The vulnerability of the Master Configuration Wizard component of Kaspersky’s antivirus protection tools—Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Small Office Security, and Kaspersky Security Cloud—allows a perpetrator to delete any file in the system.

The vulnerability of the Master Configuration Wizard component of Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Small Office Security, and Kaspersky Security Cloud antivirus products is related to errors in processing symbolic links. Exploiting this...

CVE-2020-25044

Kaspersky Virus Removal Tool KVRT prior to 15.0.23.0 was vulnerable to arbitrary file corruption that could provide an attacker with the opportunity to eliminate content of any file in the system...

The vulnerability of the Kaspersky Virus Removal Tool’s antivirus protection mechanism, related to deficiencies in access control, allows a malicious user to delete any file in the system.

The vulnerability of the Kaspersky Virus Removal Tool KVRT is related to deficiencies in access control. Exploiting this vulnerability could allow a hacker to delete the content of any arbitrary file in the system...