kodcloud KodExplorer 安全漏洞

KodCloud KodExplorer is a web file manager provided by the Chinese company KodCloud. Versions of KodCloud KodExplorer 4.52 and earlier contained security vulnerabilities. These vulnerabilities stemmed from improper handling of the parameter fileUrl in files/app/controller/share.class.php, which...

JeecgBoot 代码问题漏洞

JeecgBoot is a Java low-code platform developed by Jeecg Corporation, designed for enterprise web applications. Version 3.9.0 of JeecgBoot contains a code vulnerability that stems from incorrect handling of the parameter fileUrl in the file /sys/common/uploadImgByHttp. This vulnerability could le...

CVE-2023-4216

The Orders Tracking for WooCommerce WordPress plugin before 1.2.6 doesn't validate the fileurl parameter when importing a CSV file, allowing high privilege users with the managewoocommerce capability to access any file on the web server via a Traversal attack. The content retrieved is however...

Directory Traversal

Overview @vitejs/plugin-rsc is a React Server Components RSC support for Vite. Affected versions of this package are vulnerable to Directory Traversal via the /viterscfindSourceMapURL endpoint when processing HTTP requests containing a file:// URL in the filename query parameter. An attacker can...

Bottinelli Informatical Vedo Suite Server-Side Request Forgery Vulnerability

Bottinelli Informatical Vedo Suite is an enterprise software suite for the textile and design industry from Bottinelli Informatica, Italy. Bottinelli Informatical Vedo Suite suffers from a server-side request forgery vulnerability, which originates from the /apivedo/video/preview endpoint that do...

CVE-2025-51058

Bottinelli Informatical Vedo Suite 2024.17 is vulnerable to Server-side Request Forgery SSRF in the /apivedo/video/preview endpoint, which allows remote authenticated attackers to trigger HTTP requests towards arbitrary remote paths via the "file" URL parameter...

CVE-2025-51058

Bottinelli Informatical Vedo Suite 2024.17 is vulnerable to Server-side Request Forgery SSRF in the /apivedo/video/preview endpoint, which allows remote authenticated attackers to trigger HTTP requests towards arbitrary remote paths via the "file" URL parameter...

CVE-2025-51058

Bottinelli Informatical Vedo Suite 2024.17 is vulnerable to Server-side Request Forgery SSRF in the /apivedo/video/preview endpoint, which allows remote authenticated attackers to trigger HTTP requests towards arbitrary remote paths via the "file" URL parameter...

CVE-2025-3529

The WordPress Simple Shopping Cart plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.1.2 via the 'fileurl' parameter. This makes it possible for unauthenticated attackers to view potentially sensitive information and download a digital...

CVE-2024-48346

xtreme1 = v0.9.1 contains a Server-Side Request Forgery SSRF vulnerability in the /api/data/upload path. The vulnerability is triggered through the fileUrl parameter, which allows an attacker to make arbitrary requests to internal or external systems...