CVE-2024-13907

The Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.16.8 via the 'download' function. This makes it possible for authenticated attackers, with Administrator-level...

WordPress plugin Total Upkeep 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...

CVE-2025-0401

A vulnerability classified as critical has been found in 1902756969 reggie 1.0. Affected is the function download of the file src/main/java/com/itheima/reggie/controller/CommonController.java. The manipulation of the argument name leads to path traversal. It is possible to launch the attack...

PT-2025-3872 · Reggie · Reggie

Name of the Vulnerable Software and Affected Versions: reggie version 1.0 Description: A critical vulnerability has been found in the function download of the file src/main/java/com/itheima/reggie/controller/CommonController.java. The manipulation of the name argument leads to path traversal. It ...

PT-2025-3796

Name of the Vulnerable Software and Affected Versions Tsinghua Unigroup Electronic Archives System version 3.2.21080262532 Description A problematic issue has been found in the Tsinghua Unigroup Electronic Archives System, affecting the function download of the file /collect/PortV4/downLoad.html...

PT-2024-17767 · WordPress · Database Backup/Check Tables Automated With Scheduler 2024

Name of the Vulnerable Software and Affected Versions: Database Backup and check Tables Automated With Scheduler 2024 plugin for WordPress versions up to, and including, 2.32 Description: The issue allows authenticated attackers with administrator-level access and above to read the contents of...

SYSCOM OMFLOW 安全漏洞

SYSCOM OMFLOW is an information maintenance management system from SYSCOM China. A security vulnerability exists in SYSCOM OMFLOW versions 1.1.6.0 through 1.2.1.2, which originates from user input that is not properly validated for the download function, allowing remote attackers with regular...

CVE-2024-43773

SQL Injection in download class learning course function of Easytest Online Test Platform ver.24E01 and earlier allow remote attackers to execute arbitrary SQL commands via the cstr parameter...

CVE-2024-43774

SQL Injection in download personal learning course function of Easytest Online Test Platform ver.24E01 and earlier allow remote authenticated users to execute arbitrary SQL commands via the uid parameter...

Code Injection

setuptools is vulnerable to Code Injection. The vulnerability is due to the packageindex module's download function, which can execute arbitrary OS commands when exposed to user-controlled inputs such as package URLs...

setuptools Code Injection Vulnerability

setuptools is a Python library open-sourced by PyPI. A code injection vulnerability exists in setuptools version 69.1.1 and earlier, which stems from allowing remote code execution via the download function and is vulnerable to code injection attacks...

WebRAT 代码问题漏洞

WebRAT is a simple remote web management tool. A code issue vulnerability exists in cyberaz0r WebRAT, which stems from a security issue in the downloadfile function in Server/api.php, which causes unrestricted uploads via the parameter name...

WordPress Plugin Backuply Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

GHSA-QQV2-35Q8-P2G2 PaddlePaddle command injection in paddle.utils.download._wget_download

Command injection in paddle.utils.download.wgetdownload bypass filter in paddlepaddle/paddle 2.6.0...

CVE-2024-0815

Command injection in paddle.utils.download.wgetdownload bypass filter in paddlepaddle/paddle 2.6.0...

IDURAR ERP/CRM Security Breach

IDURAR ERP/CRM is an open source content management system by Salah Eddine Lalami, an individual developer. A security vulnerability exists in IDURAR ERP/CRM v2.0.0, which stems from a path traversal vulnerability that can be exploited by an attacker to expose sensitive files via the download...

PYSEC-2024-143

PaddlePaddle before 2.6.0 has a command injection in wgetdownload. This resulted in the ability to execute arbitrary commands on the operating system...

Buildroot package hash checking data integrity vulnerabilities

Talos Vulnerability Report TALOS-2023-1844 Buildroot package hash checking data integrity vulnerabilities December 5, 2023 CVE Number CVE-2023-45841,CVE-2023-45842,CVE-2023-45838,CVE-2023-45839,CVE-2023-45840 SUMMARY Multiple data integrity vulnerabilities exist in the package hash checking...

CVE-2023-33273

An issue was discovered in DTS Monitoring 3.57.0. The parameter url within the WGET check function is vulnerable to OS command injection blind...

Missing Authorization

sentry is vulnerable to Missing Authorization. The vulnerability exists in the download function at debugfiles.py due to not restricting file downloads to unauthenticated users of a different project which allows an attacker to perform arbitrary file downloads of debug or artifact bundles of an...