3 matches found
CVE-2026-35183
Brave CMS is an open-source CMS. Prior to 2.0.6, an Insecure Direct Object Reference IDOR vulnerability exists in the article image deletion feature. It is located in app/Http/Controllers/Dashboard/ArticleController.php within the deleteImage method. The endpoint accepts a filename from the URL b...
GHSA-74RG-6F92-G6WX UnoPim has CSV Injection on Quick Export feature
Summary Description: CSV Injection or Formula Injection is a security vulnerability that occurs when malicious content is inserted into a CSV Comma-Separated Values file, which is then opened in a spreadsheet application like Microsoft Excel. This attack exploits the way spreadsheet software...
CVE-2024-8855
The WordPress Auction Plugin WordPress plugin through 3.7 does not sanitize and escape a parameter before using it in a SQL statement, allowing editors and above to perform SQL injection attacks...