GHSA-F63H-WC26-PMVC AstrBot: File upload vulnerability in the function post_file of the file astrbot/dashboard/routes/chat.py

A vulnerability was detected in AstrBotDevs AstrBot up to 4.23.5. Impacted is the function postfile of the file astrbot/dashboard/routes/chat.py of the component File Upload Handler. The manipulation of the argument filename results in path traversal. It is possible to launch the attack remotely...

AstrBot: File upload vulnerability in the function post_file of the file astrbot/dashboard/routes/chat.py

A vulnerability was detected in AstrBotDevs AstrBot up to 4.23.5. Impacted is the function postfile of the file astrbot/dashboard/routes/chat.py of the component File Upload Handler. The manipulation of the argument filename results in path traversal. It is possible to launch the attack remotely...

EUVD-2026-30700

A vulnerability was detected in AstrBotDevs AstrBot up to 4.23.5. Impacted is the function postfile of the file astrbot/dashboard/routes/chat.py of the component File Upload Handler. The manipulation of the argument filename results in path traversal. It is possible to launch the attack remotely...

AstrBot 路径遍历漏洞

AstrBot is an open-source multi-platform LLM chatbot and development framework developed by AstrBot. Versions of AstrBot 4.23.5 and earlier contained a path traversal vulnerability. This vulnerability stemmed from the improper handling of the postfile function in the File Upload Handler component...

Exploit for Classic Buffer Overflow in Cisco Adaptive_Security_Appliance_Software

CVE-2025-20333 Scanner A Python-based diagnostic scanner for...

CVE-2026-6650

Z-BlogPHP 1.7.5 contains a vulnerability in the App::UnPack function of /zb_users/plugin/AppCentre/app_upload.php (ZBA File Handler) that allows unrestricted file upload. Impact is described as unrestricted upload with network/remote initiation; exploitation is publicly available per the CVE entr...

CVE-2026-6497 prasathmani TinyFileManager File Upload filemanager.php server-side request forgery

A vulnerability was determined in prasathmani TinyFileManager up to 2.6. Affected by this vulnerability is an unknown functionality of the file /filemanager.php?p= ajax=true&type=upload of the component File Upload Handler. This manipulation of the argument uploadurl causes server-side request...

PT-2026-33461

Name of the Vulnerable Software and Affected Versions prasathmani TinyFileManager versions prior to 2.7 Description An issue in the File Upload Handler component allows for server-side request forgery, a flaw where an attacker can induce the server to make requests to an unintended location. This...

CVE-2025-12640 Folders – Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager <= 3.1.5 - Missing Authorization to Authenticated (Author+) Media Replacement

The Folders – Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager plugin for WordPress is vulnerable to Unauthorized Arbitrary Media Replacement in all versions up to, and including, 3.1.5. This is due to missing object-level authorization checks in the...

EUVD-2025-197756

A vulnerability was determined in lsfusion platform up to 6.1. Affected by this vulnerability is the function UploadFileRequestHandler of the file platform/web-client/src/main/java/lsfusion/http/controller/file/UploadFileRequestHandler.java. Executing manipulation of the argument sid can lead to...

EUVD-2017-16378

Malware in sbrugna...

Code-Projects Student Crud Operation 代码问题漏洞

Code-Projects Student Crud Operation is a Code-Projects open source student information system. A code issue vulnerability exists in Code-Projects Student Crud Operation version 3.3 and earlier, which stems from improper manipulation of the moveuploadedfile function in the file add.php, which can...

EUVD-2024-49128

Malicious code in bioql PyPI...

EUVD-2023-23967

Malicious code in bioql PyPI...

EUVD-2023-34113

Malicious code in bioql PyPI...

Arbitrary File Upload

Overview Affected versions of this package are vulnerable to Arbitrary File Upload via the fileUploadHandler process. An attacker can write arbitrary files to the filesystem by supplying crafted values to the fc.Name parameter, which is not properly sanitized, allowing directory traversal. This c...

Arbitrary File Upload

Overview Affected versions of this package are vulnerable to Arbitrary File Upload via the fileUploadHandler process. An attacker can write arbitrary files to the filesystem by supplying crafted values to the fc.Name parameter, which is not properly sanitized, allowing directory traversal. This c...

Arbitrary File Upload

Overview Affected versions of this package are vulnerable to Arbitrary File Upload via the fileUploadHandler process. An attacker can write arbitrary files to the filesystem by supplying crafted values to the fc.Name parameter, which is not properly sanitized, allowing directory traversal. This c...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the fileUploadHandler function in the rest.go file. An attacker can overwrite arbitrary files owned by the application user by uploading files with crafted path names, potentially modifying application behavior o...

CVE-2024-0348

A vulnerability was found in SourceCodester Engineers Online Portal 1.0. It has been classified as problematic. Affected is an unknown function of the component File Upload Handler. The manipulation leads to resource consumption. It is possible to launch the attack remotely. The exploit has been...