Lucene search
K

422 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 9:16 a.m.6 views

CVE-2019-16894

download.php in inoERP 4.15 allows SQL injection through insecure deserialization...

9.8CVSS7.9AI score0.03022EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:16 a.m.10 views

CVE-2012-6434

Multiple cross-site request forgery CSRF vulnerabilities in e107admin/download.php in e107 1.0.2 allow remote attackers to hijack the authentication of administrators for requests that conduct SQL injection attacks via the 1 downloadurl, 2 downloadurlextended, 3 downloadauthoremail, 4...

6.8CVSS8.5AI score0.01444EPSS
Exploits6References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:14 a.m.4 views

CVE-2014-10396

The epic theme through 2014-09-07 for WordPress allows arbitrary file downloads via the file parameter to includes/download.php...

7.5CVSS7.1AI score0.03208EPSS
Exploits1References1
OSV
OSV
added 2025/03/25 6:15 a.m.1 views

CVE-2024-13618

The aoa-downloadable WordPress plugin through 0.1.0 lacks authorization and authentication for requests to its download.php endpoint, allowing unauthenticated visitors to make requests to arbitrary URLs...

7.2CVSS7.4AI score0.00298EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/03/25 12:0 a.m.3 views

PT-2025-12757 · WordPress · Aoa-Downloadable

Name of the Vulnerable Software and Affected Versions: aoa-downloadable WordPress plugin version 0.1.0 Description: The issue concerns a lack of authorization and authentication for requests to the "download.php" endpoint, allowing unauthenticated visitors to make requests to arbitrary URLs...

7.2CVSS9.4AI score0.00298EPSS
Exploits1References6
CNNVD
CNNVD
added 2025/03/25 12:0 a.m.3 views

WordPress plugin aoa-downloadable 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security...

7.2CVSS8.9AI score0.00298EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/02/14 5:27 a.m.12 views

CVE-2024-36800

A SQL injection vulnerability in SEMCMS v.4.8, allows a remote attacker to obtain sensitive information via the ID parameter in Download.php...

7.5CVSS7.3AI score0.007EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/02/14 5:5 a.m.10 views

CVE-2024-36801

A SQL injection vulnerability in SEMCMS v.4.8, allows a remote attacker to obtain sensitive information via the lgid parameter in Download.php...

5.9CVSS7.3AI score0.00391EPSS
Exploits1References3
BDU FSTEC
BDU FSTEC
added 2025/01/20 12:0 a.m.5 views

The vulnerability in the download.php script (/phpoffice/phpspreadsheet/samples/download.php) of the PhpSpreadsheet library allows attackers to perform cross-site scripting attacks.

The vulnerability of the download.php /phpoffice/phpspreadsheet/samples/download.php PHP library in the PhpSpreadsheet library is related to the lack of measures taken to protect the website’s structure. Exploiting this vulnerability could allow a remote attacker to perform cross-site scripting...

8.5CVSS5.3AI score0.00312EPSS
Exploits1References4Affected Software1
Veracode
Veracode
added 2024/06/18 7:25 a.m.15 views

Insecure Deserialization

nukeviet/nukeviet vulnerable to a Insecure Deserialization. The vulnerability is due to improper handling of serialized data, allowing attackers to execute arbitrary code via download.php...

8.8CVSS7.8AI score0.00845EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2024/06/10 12:0 a.m.20 views

CVE-2024-36528

nukeviet v.4.5 and before and nukeviet-egov v.1.2.02 and before have a Deserialization vulnerability which results in code execution via /admin/extensions/download.php and /admin/extensions/upload.php...

0.00845EPSS
Exploits1References1
OSV
OSV
added 2024/06/04 1:15 p.m.4 views

CVE-2024-36800

A SQL injection vulnerability in SEMCMS v.4.8, allows a remote attacker to obtain sensitive information via the ID parameter in Download.php...

7.5CVSS5.9AI score0.007EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2024/06/04 12:0 a.m.3 views

PT-2024-27163 · Semcms · Semcms

Name of the Vulnerable Software and Affected Versions: SEMCMS version 4.8 Description: A SQL injection issue allows a remote attacker to obtain sensitive information via the ID parameter in "Download.php". Recommendations: For SEMCMS version 4.8, update to a version that fixes this issue, as usin...

7.5CVSS7AI score0.007EPSS
Exploits1References3
NVD
NVD
added 2024/05/07 3:15 p.m.9 views

CVE-2024-34523

AChecker 1.5 allows remote attackers to read the contents of arbitrary files via the download.php path parameter by using Unauthenticated Path Traversal. This occurs through readfile in PHP. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

7.5CVSS6.7AI score0.00824EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/05/07 12:0 a.m.8 views

CVE-2024-34523

AChecker 1.5 allows remote attackers to read the contents of arbitrary files via the download.php path parameter by using Unauthenticated Path Traversal. This occurs through readfile in PHP. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

7AI score0.00824EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2024/04/04 12:0 a.m.18 views

CVE-2020-25730

Cross Site Scripting XSS vulnerability in ZoneMinder before version 1.34.21, allows remote attackers execute arbitrary code, escalate privileges, and obtain sensitive information via PHPSELF component in classic/views/download.php...

8.2CVSS6.1AI score0.00629EPSS
Exploits0References2
NVD
NVD
added 2024/03/20 2:15 p.m.14 views

CVE-2024-28396

An issue in MyPrestaModules ordersexport v.6.0.2 and before allows a remote attacker to execute arbitrary code via the download.php component...

7.5CVSS7.6AI score0.00826EPSS
Exploits0References2
CVE
CVE
added 2024/03/20 12:0 a.m.65 views

CVE-2024-28396

CVE-2024-28396 affects MyPrestaModules ordersexport, version 6.0.2 and earlier. The vulnerability resides in the download.php component and allows a remote attacker to execute arbitrary code. Public sources consistently describe a need to update to a version that contains a fix; no exploit specif...

7.5CVSS7.9AI score0.00826EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2024/03/20 12:0 a.m.19 views

CVE-2024-28396

An issue in MyPrestaModules ordersexport v.6.0.2 and before allows a remote attacker to execute arbitrary code via the download.php component...

7.8AI score0.00826EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/03/20 12:0 a.m.4 views

PrestaShop Orders Export PRO Security Vulnerability

PrestaShop is an open source e-commerce solution from PrestaShop, Inc. in the United States. The solution provides multiple payment methods, short message alerts and product image scaling. A security vulnerability exists in PrestaShop Orders Export PRO v.6.0.2 and prior versions, which originated...

7.5CVSS7.9AI score0.00826EPSS
Exploits0References3
Rows per page
Query Builder