PT-2025-34963

Name of the Vulnerable Software and Affected Versions: File Manager, Code Editor, and Backup by Managefy plugin for WordPress versions prior to 1.4.9 Description: The File Manager, Code Editor, and Backup by Managefy plugin for WordPress is susceptible to a Path Traversal issue in versions up to...

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the downloadFile function in the ModuleController.php file, which fails to validate the query parameter file. An authenticated attacker with access to the backend module can access...

CVE-2025-6866

A vulnerability has been found in code-projects Simple Forum 1.0 and classified as critical. This vulnerability affects unknown code of the file /forumdownloadfile.php. The manipulation of the argument filename leads to path traversal. The attack can be initiated remotely. The exploit has been...

CVE-2025-5381

A vulnerability, which was classified as problematic, was found in Yifang CMS up to 2.0.2. Affected is the function downloadFile of the file /api/File/downloadFile of the component Admin Panel. The manipulation of the argument File leads to path traversal. It is possible to launch the attack...

CVE-2025-5381

A vulnerability, which was classified as problematic, was found in Yifang CMS up to 2.0.2. Affected is the function downloadFile of the file /api/File/downloadFile of the component Admin Panel. The manipulation of the argument File leads to path traversal. It is possible to launch the attack...

CVE-2025-5381 Yifang CMS Admin Panel downloadFile path traversal

A vulnerability, which was classified as problematic, was found in Yifang CMS up to 2.0.2. Affected is the function downloadFile of the file /api/File/downloadFile of the component Admin Panel. The manipulation of the argument File leads to path traversal. It is possible to launch the attack...

CVE-2025-5381

CVE-2025-5381 – Yifang CMS (up to 2.0.2) exposes a path traversal in the Admin Panel, via the downloadFile function at /api/File/downloadFile. The vulnerability arises from improper handling of the File argument, enabling remote exploitation. Public exploits have been disclosed. No official patch...

CVE-2025-5381 Yifang CMS Admin Panel downloadFile path traversal

A vulnerability, which was classified as problematic, was found in Yifang CMS up to 2.0.2. Affected is the function downloadFile of the file /api/File/downloadFile of the component Admin Panel. The manipulation of the argument File leads to path traversal. It is possible to launch the attack...

Yifang CMS 路径遍历漏洞

Yifang CMS is a PHP enterprise website development and construction management system from China Yifang Company. A security vulnerability exists in Yifang CMS 2.0.2 and earlier versions, which stems from path traversal due to incorrect operation of the File parameter File in...

PT-2025-23406 · Unknown · Yifang Cms

Name of the Vulnerable Software and Affected Versions: Yifang CMS versions up to 2.0.2 Description: A vulnerability was found in the function downloadFile of the file "/api/File/downloadFile" of the component Admin Panel. The manipulation of the argument File leads to path traversal. It is possib...

External Control of File Name or Path

Overview Microsoft.Build.Tasks.Core is a This package contains the Microsoft.Build.Tasks assembly which implements the commonly used tasks of MSBuild. Affected versions of this package are vulnerable to External Control of File Name or Path due to the external control of file name or path. An...

CVE-2025-28028

TOTOLINK A830R V4.1.2cu.5182B20201102, A950RG V4.1.2cu.5161B20200903, A3000RU V5.9c.5185B20201128, and A3100R V4.1.2cu.5247B20211129 were found to contain a buffer overflow vulnerability in downloadFile.cgi through the v5 parameter...

CVE-2025-28022

TOTOLINK A810R V4.1.2cu.5182B20201026 was found to contain a buffer overflow vulnerability in downloadFile.cgi through the v25 parameter...

CVE-2025-28020

TOTOLINK A800R V4.1.2cu.5137B20200730 was found to contain a buffer overflow vulnerability in downloadFile.cgi through the v25 parameter...

CVE-2025-28027

CVE-2025-28027 affects TOTOLINK devices A830R (4.1.2cu.5182_B20201102), A950RG (4.1.2cu.5161_B20200903), A3000RU (5.9c.5185_B20201128), and A3100R (4.1.2cu.5247_B20211129) with a buffer overflow in downloadFile.cgi. CVSS 3.1 base score 7.3 (HIGH); attack vector: NETWORK, attack complexity: LOW, p...

Arbitrary File Upload

Overview alexstack/laravel-cms is a Simple Bootstrap Laravel CMS Affected versions of this package are vulnerable to Arbitrary File Upload due to unchecked access to the downloadFile function in index in LaravelCmsFileAdminController.php. Remediation There is no fixed version for...

CVE-2024-7741

A vulnerability was found in wanglongcn ltcms 1.0.20 and classified as critical. This issue affects the function downloadFile of the file /api/file/downloadfile of the component API Endpoint. The manipulation of the argument file leads to path traversal. The attack may be initiated remotely. The...

CVE-2024-7741

A vulnerability was found in wanglongcn ltcms 1.0.20 and classified as critical. This issue affects the function downloadFile of the file /api/file/downloadfile of the component API Endpoint. The manipulation of the argument file leads to path traversal. The attack may be initiated remotely. The...

CVE-2024-7741 wanglongcn ltcms API Endpoint downloadfile downloadFile path traversal

A vulnerability was found in wanglongcn ltcms 1.0.20 and classified as critical. This issue affects the function downloadFile of the file /api/file/downloadfile of the component API Endpoint. The manipulation of the argument file leads to path traversal. The attack may be initiated remotely. The...

PT-2024-38549 · Wanglongcn · Ltcms

Name of the Vulnerable Software and Affected Versions: wanglongcn ltcms version 1.0.20 Description: A critical issue affects the downloadFile function of the /api/file/downloadfile API Endpoint, where manipulation of the file argument leads to path traversal. This issue can be initiated remotely...