Exploit for CVE-2024-24137

CVE-2024-24137: Student File Managment System SQ...

File Entity (fieldable files) - Moderately critical - Cross Site Scripting, Access bypass - SA-CONTRIB-2024-001

File entity provides interfaces for managing files. It also extends the core file entity, allowing files to be fieldable, grouped into types, viewed using display modes and formatted using field formatters. The module previously did not sufficiently validate files under the scenario of a file...

Security Bulletin: IBM Storage Fusion HCI uses hard-coded credentials for its own authentication with Active File Management (CVE-2023-50948)

Summary IBM Storage Fusion HCI uses default credentials for Active File Management AFM authentication. Vulnerability Details CVEID:CVE-2023-50948 DESCRIPTION: IBM Storage Fusion HCI contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound...

CVE-2023-47316

Headwind MDM Web panel 5.22.1 is vulnerable to Incorrect Access Control. The Web panel allows users to gain access to potentially sensitive API calls such as listing users and their data, file management API calls and audit-related API calls...

Improper access control

Headwind MDM Web panel 5.22.1 is vulnerable to Incorrect Access Control. The Web panel allows users to gain access to potentially sensitive API calls such as listing users and their data, file management API calls and audit-related API calls...

CVE-2023-47316

Headwind MDM Web panel 5.22.1 is affected by CVE-2023-47316 due to Incorrect Access Control. The vulnerability enables access to sensitive API calls (e.g., listing users and their data, file management APIs, audit-related APIs). Connected sources corroborate the affected product and issue type bu...

CVE-2023-47316

Headwind MDM Web panel 5.22.1 is vulnerable to Incorrect Access Control. The Web panel allows users to gain access to potentially sensitive API calls such as listing users and their data, file management API calls and audit-related API calls...

DedeBIZ Code Execution Vulnerability

DedeBIZ is a content management system from China Muyun Intelligent Technology DedeBIZ company. A code execution vulnerability exists in DedeBIZ version v6.2.11, which stems from the $activepath and $filename parameters in /admin/filemanagecontrol.php failing to correctly filter the special...

CVE-2023-43234

DedeBIZ v6.2.11 was discovered to contain multiple remote code execution RCE vulnerabilities at /admin/filemanagecontrol.php via the $activepath and $filename parameters...

CVE-2023-43234

DedeBIZ v6.2.11 was discovered to contain multiple remote code execution RCE vulnerabilities at /admin/filemanagecontrol.php via the $activepath and $filename parameters...

Remote code execution

DedeBIZ v6.2.11 was discovered to contain multiple remote code execution RCE vulnerabilities at /admin/filemanagecontrol.php via the $activepath and $filename parameters...

Soundminer SM server path traversal vulnerability

Soundminer is a file manager software from Soundminer Inc. A path traversal vulnerability exists in the Soundminer SM server, which stems from the presence of a path traversal vulnerability...

DedeBIZ 安全漏洞

DedeBIZ is a content management system from China Muyun Intelligent Technology DedeBIZ company. A code execution vulnerability exists in DedeBIZ version v6.2.11, which stems from the $activepath and $filename parameters in /admin/filemanagecontrol.php failing to correctly filter the special...

CVE-2023-43234

DedeBIZ v6.2.11 was discovered to contain multiple remote code execution RCE vulnerabilities at /admin/filemanagecontrol.php via the $activepath and $filename parameters...

FileBrowser cross-site scripting vulnerability (CNVD-2025-22707)

FileBrowser is an open source web file browser. Provides a file management interface in a specified directory , can be used to upload , delete , preview , rename and edit your files . FileBrowser has a cross-site scripting vulnerability that can be exploited by an attacker to escalate privileges ...

CVE-2023-35850

SUNNET WMPro portal's file management function has a vulnerability of insufficient filtering for user input. A remote attacker with administrator privilege or a privileged account can exploit this vulnerability to inject and execute arbitrary system commands to perform arbitrary system operations...

CVE-2023-35850

SUNNET WMPro portal's file management function has a vulnerability of insufficient filtering for user input. A remote attacker with administrator privilege or a privileged account can exploit this vulnerability to inject and execute arbitrary system commands to perform arbitrary system operations...

Design/Logic Flaw

SUNNET WMPro portal's file management function has a vulnerability of insufficient filtering for user input. A remote attacker with administrator privilege or a privileged account can exploit this vulnerability to inject and execute arbitrary system commands to perform arbitrary system operations...

CVE-2023-35850

The CVE-2023-35850 case affects SUNNET WMPro portal's file management function. The vulnerability is caused by insufficient filtering of user input, enabling an OS command injection. A remote attacker with administrator or privileged access can inject and execute arbitrary system commands to perf...

SUNNET WMPro Operating System Command Injection Vulnerability

SUNNET SUNNET WMPro is an online learning platform from Taiwan-based SUNNET. An OS command injection vulnerability exists in SUNNET WMPro V5, which is caused by insufficient filtering of user input in the file management function, resulting in an OS command injection vulnerability...