CVE-2023-1560

A vulnerability, which was classified as problematic, has been found in TinyTIFF 3.0.0.0. This issue affects some unknown processing of the file tinytiffreader.c of the component File Handler. The manipulation leads to buffer overflow. Attacking locally is a requirement. The exploit has been...

CVE-2023-6894

A vulnerability was found in Hikvision Intercom Broadcasting System 3.0.320201113RELEASEHIK. It has been classified as problematic. This affects an unknown part of the file access/html/system.html of the component Log File Handler. The manipulation leads to information disclosure. The exploit has...

CVE-2023-33979

gptacademic provides a graphical interface for ChatGPT/GLM. A vulnerability was found in gptacademic 3.37 and prior. This issue affects some unknown processing of the component Configuration File Handler. The manipulation of the argument file leads to information disclosure. Since no sensitive...

CVE-2022-4246

A vulnerability classified as problematic has been found in Kakao PotPlayer. This affects an unknown part of the component MID File Handler. The manipulation leads to denial of service. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. T...

CVE-2022-4493

A vulnerability classified as critical was found in scifio. Affected by this vulnerability is the function downloadAndUnpackResource of the file src/test/java/io/scif/util/DefaultSampleFilesService.java of the component ZIP File Handler. The manipulation leads to path traversal. The attack can be...

PT-2025-22793 · Shopxo · Shopxo

Name of the Vulnerable Software and Affected Versions: zongzhige ShopXO version 6.5.0 Description: A critical issue affects the function Upload of the file app/admin/controller/Payment.php of the component ZIP File Handler. The manipulation of the argument params leads to unrestricted upload. The...

CVE-2022-3458

A vulnerability has been found in SourceCodester Human Resource Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /employeeview.php of the component Image File Handler. The manipulation leads to unrestricted upload. The attack...

CVE-2020-36628

A vulnerability classified as critical has been found in Calsign APDE. This affects the function handleExtract of the file APDE/src/main/java/com/calsignlabs/apde/build/dag/CopyBuildTask.java of the component ZIP File Handler. The manipulation leads to path traversal. Upgrading to version...

CVE-2025-5029

A vulnerability has been found in Kingdee Cloud Galaxy Private Cloud BBC System up to 9.0 Patch April 2025 and classified as critical. Affected by this vulnerability is the function BaseServiceFactory.getFileUploadService.deleteFileAction of the file fileUpload/deleteFileAction.jhtml of the...

CVE-2025-5029

Kingdee Cloud Galaxy Private Cloud BBC System (versions up to 9.0 Patch April 2025) contains a path traversal vulnerability in File Handler: BaseServiceFactory.getFileUploadService.deleteFileAction (fileUpload/deleteFileAction.jhtml) caused by unvalidated filePath input. Remotely exploitable; exp...

CVE-2025-4898

A vulnerability was found in SourceCodester Student Result Management System 1.0. It has been declared as critical. This vulnerability affects the function unlink of the file updatesystem.php of the component Logo File Handler. The manipulation of the argument oldlogo leads to path traversal. The...

CVE-2025-4912

A vulnerability has been found in SourceCodester Student Result Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/core/updatestudent.php of the component Image File Handler. The manipulation of the argument oldphoto lea...

CVE-2025-4898

A vulnerability was found in SourceCodester Student Result Management System 1.0. It has been declared as critical. This vulnerability affects the function unlink of the file updatesystem.php of the component Logo File Handler. The manipulation of the argument oldlogo leads to path traversal. The...

PT-2025-21866 · Sourcecodester · Sourcecodester Student Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Student Result Management System version 1.0 Description: A critical issue has been identified, affecting the unlink function of the update system.php file in the Logo File Handler component. The manipulation of the old logo...

CVE-2025-4545

A vulnerability was found in CTCMS Content Management System 2.1.2. It has been classified as critical. Affected is the function del of the file ctcms\apps\controllers\admin\Tpl.php of the component File Handler. The manipulation of the argument File leads to path traversal. It is possible to...

CVE-2025-4545

A vulnerability was found in CTCMS Content Management System 2.1.2. It has been classified as critical. Affected is the function del of the file ctcms\apps\controllers\admin\Tpl.php of the component File Handler. The manipulation of the argument File leads to path traversal. It is possible to...

CVE-2025-4545 CTCMS Content Management System File Tpl.php del path traversal

A vulnerability was found in CTCMS Content Management System 2.1.2. It has been classified as critical. Affected is the function del of the file ctcms\apps\controllers\admin\Tpl.php of the component File Handler. The manipulation of the argument File leads to path traversal. It is possible to...

CVE-2025-4545 CTCMS Content Management System File Tpl.php del path traversal

A vulnerability was found in CTCMS Content Management System 2.1.2. It has been classified as critical. Affected is the function del of the file ctcms\apps\controllers\admin\Tpl.php of the component File Handler. The manipulation of the argument File leads to path traversal. It is possible to...

CVE-2025-4545

CTCMS Content Management System 2.1.2 contains a path traversal vulnerability in the File Handler’s del function (ctcms/apps/controllers/admin/Tpl.php) triggered by manipulating the File argument. Exploitation is remote and publicly disclosed; multiple sources describe the impact on path traversa...

CVE-2025-4535

A vulnerability, which was classified as problematic, was found in Gosuncn Technology Group Audio-Visual Integrated Management Platform 4.0. Affected is an unknown function of the file /config/config.properties of the component Configuration File Handler. The manipulation leads to information...