Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

10 matches found

Positive Technologies
Positive Technologiesadded 2026/04/27 12:0 a.m.0 views

PT-2026-35437

A vulnerability was found in code-projects Online Lot Reservation System up to 1.0. This affects the function readfile of the file /download.php. The manipulation of the argument File results in path traversal. It is possible to launch the attack remotely. The exploit has been made public and cou...

6.9CVSS5.2AI score0.00062EPSS
Exploits0References6
Vulnrichment
Vulnrichmentadded 2026/02/03 10:1 p.m.4 views

CVE-2020-37088 School ERP Pro 1.0 - Arbitrary File Read

School ERP Pro 1.0 contains a file disclosure vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the 'document' parameter in download.php. Attackers can access sensitive configuration files by supplying directory traversal paths to retrieve system...

8.7CVSS5.5AI score0.02185EPSS
Exploits1References4
CNNVD
CNNVDadded 2026/02/03 12:0 a.m.3 views

Arox School ERP Pro 路径遍历漏洞

Arox School ERP Pro is a one-stop automation management platform offered by Arox Corporation. Version 1.0 of Arox School ERP Pro contains a path traversal vulnerability. This vulnerability stems from a file leakage issue in the document parameter within the download.php file. Attackers can access...

8.7CVSS7.3AI score0.02185EPSS
Exploits1References6
RedhatCVE
RedhatCVEadded 2026/01/09 10:39 a.m.6 views

CVE-2017-12761

http://codecanyon.net/user/Endober WebFile Explorer 1.0 is affected by: SQL Injection. The impact is: Arbitrary File Download remote. The component is: $file = $GET'id' in download.php. The attack vector is:...

7.5CVSS7.6AI score0.01081EPSS
Exploits1References1
OSV
OSVadded 2024/06/04 1:15 p.m.2 views

CVE-2024-36800

A SQL injection vulnerability in SEMCMS v.4.8, allows a remote attacker to obtain sensitive information via the ID parameter in Download.php...

7.5CVSS5.9AI score
Exploits0References1
Cvelist
Cvelistadded 2022/05/26 12:55 p.m.18 views

CVE-2022-29720

74cmsSE v3.5.1 was discovered to contain an arbitrary file read vulnerability via the component \index\controller\Download.php...

7.7AI score0.00265EPSS
Exploits1References1
CNVD
CNVDadded 2016/11/14 12:0 a.m.1 views

Schoolhos CMS 'download.php' SQL Injection Vulnerability

Schoolhos CMS is a free and open source content management system. A SQL injection vulnerability exists in download.php in Schoolhos CMS version 2.29, which can be exploited by an attacker to compromise the application, access or modify data, or exploit a potential vulnerability in the underlying...

8AI score
Exploits0References1
seebug.org
seebug.orgadded 2013/08/13 12:0 a.m.21 views

NITC 3.21 /download.php 任意文件下载漏洞

No description provided by source...

7.1AI score
Exploits0
NVD
NVDadded 2008/08/11 11:41 p.m.13 views

CVE-2008-3589

Directory traversal vulnerability in download.php in moziloCMS 1.10.1, when magicquotesgpc is disabled, allows remote attackers to read arbitrary files via a .. dot dot in the cat parameter...

4.3CVSS6.5AI score0.04508EPSS
Exploits0References5
Packet Storm
Packet Stormadded 2008/07/21 12:0 a.m.30 views

ezwebalbum-disclose.txt

EZWebAlbum dlfilename Remote File Disclosure Vulnerability |, .-. .-. ,| Found by : Ghost Hacker R-H TeaM | o/ \o | My Site web : Real-hack.Net |/ /\ | Found by : Ghost Hacker R-H TeaM Home page : www.Real-hack.net Email : [email protected] Name Script : EZWebAlbum Download Script :...

7.4AI score
Exploits0
Rows per page
Query Builder