GHSA-37QC-QGX6-9XJV Gradio has a one-level read path traversal in `/custom_component`

Impact What kind of vulnerability is it? Who is impacted? This vulnerability involves a one-level read path traversal in the /customcomponent endpoint. Attackers can exploit this flaw to access and leak source code from custom Gradio components by manipulating the file path in the request. Althou...

Codezips Pharmacy Management System SQL注入漏洞

Codezips Pharmacy Management System is a pharmacy management system from Codezips. A SQL injection vulnerability exists in Codezips Pharmacy Management System version 1.0, which stems from a parameter id in the file produc/update.php that can lead to SQL injection...

PT-2024-32447 · Gradio · Gradio

Name of the Vulnerable Software and Affected Versions: Gradio versions prior to 5.0 Description: This issue relates to the bypass of directory traversal checks within the is in or equal function. The function, intended to check if a file resides within a given directory, can be bypassed with...

Gradio 路径遍历漏洞

Gradio, an open source Python library open-sourced by Hugging Face, is a method for demonstrating machine learning models through a friendly web interface. Gradio suffers from a path traversal vulnerability that stems from the isinorequal function designed to check whether a file is located in a...

CVE-2024-47563

A vulnerability has been identified in SINEC Security Monitor All versions V4.9.0. The affected application does not properly validate a file path that is supplied to an endpoint intended to create CSR files. This could allow an unauthenticated remote attacker to create files in writable...

PT-2024-6797 · Microsoft · Openssh For Windows +1

Name of the Vulnerable Software and Affected Versions: Microsoft OpenSSH for Windows affected versions not specified Description: The issue is related to incorrect external management of a file name or path in the cryptographic protection tool of OpenSSH for Windows. This allows a remote attacker...

Exploit for Files or Directories Accessible to External Parties in Apache Struts

CVE-2023-50164 PoC This repository is a proof of concept PoC...

CVE-2024-9279

A vulnerability, which was classified as problematic, was found in funnyzpc Mee-Admin up to 1.6. This affects an unknown part of the file /mee/index of the component User Center. The manipulation of the argument User Nickname leads to cross site scripting. It is possible to initiate the attack...

CVE-2024-8671

The WooEvents - Calendar and Event Booking plugin for WordPress is vulnerable to arbitrary file overwrite due to insufficient file path validation in the inc/barcode.php file in all versions up to, and including, 4.1.2. This makes it possible for unauthenticated attackers to overwrite arbitrary...

CVE-2024-8671

The CVE-2024-8671 entry concerns WordPress plugin WooEvents – Calendar and Event Booking. Affected versions (up to 4.1.2) are vulnerable to arbitrary file overwrite due to insufficient file path validation in inc/barcode.php, enabling unauthenticated attackers to overwrite server files and potent...

PT-2024-39453

Name of the Vulnerable Software and Affected Versions Olgu Computer Systems e-Belediye versions prior to 2.0.642 Description The issue allows external control of file name or path due to incorrect permission assignment for critical resources, enabling manipulation of web input to file system call...

PT-2024-39412 · Unknown · Code-Projects Student Record System

Name of the Vulnerable Software and Affected Versions: code-projects Student Record System version 1.0 Description: A critical issue has been found in the code-projects Student Record System, affecting unknown code in the file /course.php. The manipulation of the coursename argument leads to SQL...

Relative Path Traversal

@backstage/plugin-techdocs-backend is vulnerable to Relative Path Traversal. The vulnerability is caused due to improper validation of file paths, allowing unauthorized access to files in the AWS S3 or GCS storage provider...

Chicheng JFLow 访问控制错误漏洞

Chicheng JFLow is a workflow engine form from China Chicheng Chicheng. An access control error vulnerability exists in Chicheng JFLow version 2.0.0, which stems from a parameter oid in file /WF/Ath/EntityMutliFileLoad.do that can lead to improper access control...

CVE-2024-7626

The WP Delicious – Recipe Plugin for Food Bloggers formerly Delicious Recipes plugin for WordPress is vulnerable to arbitrary file movement and reading due to insufficient file path validation in the saveeditprofiledetails function in all versions up to, and including, 1.6.9. This makes it possib...

CVE-2024-7626

CVE-2024-7626 affects WP Delicious – Recipe Plugin for WordPress (formerly Delicious Recipes), versions ≤ 1.6.9. The vulnerability stems from insufficient file path validation in the save_edit_profile_details() function, allowing authenticated users with subscriber-level access and above to move ...

WordPress plugin WP Delicious 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

Exploit for Improper Privilege Management in Enlightenment

CVE-2022-37706 The CVE-2022-37706 vulnerability is relate...

PT-2024-39119 · Sourcecodester · Sourcecodester Online Dj Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Online Bank Management System version 1.0 Description: A vulnerability was found in the component Feedback Handler, affecting an unknown part of the file /mfeedback.php. The manipulation leads to cross-site scripting. It is...

SourceCodester Clinics Patient Management System 安全漏洞

SourceCodester Clinics Patient Management System is a clinic patient management system from SourceCodester, Inc. A security vulnerability exists in SourceCodester Clinics Patient Management System version 2.0, which stems from the parameter message in the file /users.php that can lead to cross-si...