PT-2023-16758 · Flatpress · Flatpress

Name of the Vulnerable Software and Affected Versions: flatpress versions prior to 1.3 Description: The issue concerns external control of file name or path in the GitHub repository flatpressblog/flatpress. Recommendations: For versions prior to 1.3, update to version 1.3 or later to resolve the...

CVE-2023-1105

CVE-2023-1105 affects FlatPress prior to v1.3 in the flatpressblog/flatpress repository. The root cause is external control of file names or paths, enabling manipulation of file targets. Impact is described as the ability to influence filenames/paths; exploitation status is not provided in the do...

U.S. Dept Of Defense: Path traversal leads to reading of local files on ███████ and ████

A directory traversal vulnerability was discovered in the downloadForm endpoint of a web application, allowing an attacker to read files on the system by adding "../" to the filename parameter. This could potentially lead to the disclosure of sensitive information or system compromise. The...

TeamPass External Control of File Name or Path vulnerability

External Control of File Name or Path in GitHub repository nilsteampassnet/teampass prior to 3.0.0.22...

CVE-2023-0331

The Correos Oficial WordPress plugin through 1.2.0.2 does not have an authorization check user input validation when generating a file path, allowing unauthenticated attackers to download arbitrary files from the server...

Xxe

External Control of File Name or Path in GitHub repository nilsteampassnet/teampass prior to 3.0.0.22...

CVE-2023-1070

CVE-2023-1070 affects TeamPass (nilsteampassnet/teampass) prior to version 3.0.0.22. The issue is described as External Control of File Name or Path, enabling an attacker to delete arbitrary files through manipulation of file names/paths. The root cause is a vulnerability in how file names/paths ...

CVE-2023-1070 External Control of File Name or Path in nilsteampassnet/teampass

External Control of File Name or Path in GitHub repository nilsteampassnet/teampass prior to 3.0.0.22...

MuYuCMS 路径遍历漏洞

MuYuCMS is MuYuCMS open source a lightweight open source content management system . MuYuCMS 2.2 version of a security vulnerability , the vulnerability stems from the wrong operation of the parameter filepath leads to relative path traversal...

UBUNTU-CVE-2023-26038

ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 contain a Local File Inclusion Untrusted Search Path vulnerability via web/ajax/modal.php, where an arbitrary php file path c...

CVE-2023-26038 ZoneMinder contains Local File Inclusion vulnerability via `web/ajax/modal.php`

ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 contain a Local File Inclusion Untrusted Search Path vulnerability via web/ajax/modal.php, where an arbitrary php file path c...

PT-2023-20440 · Unknown +2 · Zoneminder +2

Name of the Vulnerable Software and Affected Versions: ZoneMinder versions prior to 1.36.33 ZoneMinder versions prior to 1.37.33 Description: The issue concerns a Local File Inclusion vulnerability via the "web/ajax/modal.php" endpoint, where an arbitrary php file path can be passed in the reques...

MuYuCMS 路径遍历漏洞

MuYuCMS is MuYuCMS open source a lightweight open source content management system . MuYuCMS 2.2 version of a path traversal vulnerability , the vulnerability stems from the wrong operation of the parameter filepath leads to path traversal...

PT-2023-16676 · Sourcecodester · Sourcecodester Alphaware Simple E-Commerce System

Name of the Vulnerable Software and Affected Versions: SourceCodester Alphaware Simple E-Commerce System version 1.0 Description: A critical vulnerability has been found in the Payment Handler component of the affected software, specifically in the file /alphaware/summary.php. The manipulation of...

PT-2023-16679 · Muyucms · Muyucms

Name of the Vulnerable Software and Affected Versions: MuYuCMS version 2.2 Description: A problematic issue has been found in the processing of the file index.php, where the manipulation of the file path argument leads to path traversal. The attack can be initiated remotely. Recommendations: For...

PT-2023-16702 · Sourcecodester · Sourcecodester Online Hotel Reservation System

Name of the Vulnerable Software and Affected Versions: SourceCodester Online Boat Reservation System version 1.0 Description: A vulnerability has been found in the file /boat/login.php of the component POST Parameter Handler. The manipulation of the argument un leads to cross site scripting. The...

InSTEDD Pollit 安全漏洞

Pollit is an open source application from InSTEDD. Helps you utilize the convenience of SMS to poll your audience at your convenience. InSTEDD Pollit version 2.3.1 has a security vulnerability that stems from a problem with the function TourController in the file app/controllers/tourcontroller.rb...

CVE-2022-39952

A external control of file name or path in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 may allow an unauthenticated attacker to execute unauthorized code or commands via...

CVE-2022-39952

A external control of file name or path in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 may allow an unauthenticated attacker to execute unauthorized code or commands via...

PT-2023-1417 · Fortinet · Fortinac

Name of the Vulnerable Software and Affected Versions: FortiNAC versions 8.3.7, 8.5.0 through 8.5.4, 8.6.0 through 8.6.5, 8.7.0 through 8.7.6, 8.8.0 through 8.8.11, 9.1.0 through 9.1.7, 9.2.0 through 9.2.5, 9.4.0 Description: The issue is related to incorrect external control of file name or path...