CVE-2025-13949

The CVE-2025-13949 exposure affects ProudMuBai GoFilm 1.0.0/1.0.1, specifically the SingleUpload function in /server/controller/FileController.go. The vulnerability stems from improper validation/manipulation of the File parameter, enabling unrestricted file uploads. Attacks may be initiated remo...

PT-2025-48813

A vulnerability was identified in ProudMuBai GoFilm 1.0.0/1.0.1. Impacted is the function SingleUpload of the file /server/controller/FileController.go. The manipulation of the argument File leads to unrestricted upload. The attack may be initiated remotely. The exploit is publicly available and...

EUVD-2025-24137

Malicious code in bioql PyPI...

EUVD-2022-32543

Malicious code in bioql PyPI...

CVE-2025-8841

A vulnerability was identified in zlt2000 microservices-platform up to 6.0.0. Affected by this vulnerability is the function Upload of the file zlt-business/file-center/src/main/java/com/central/file/controller/FileController.java. The manipulation leads to unrestricted upload. The attack can be...

CVE-2025-8841 zlt2000 microservices-platform FileController.java upload unrestricted upload

A vulnerability was identified in zlt2000 microservices-platform up to 6.0.0. Affected by this vulnerability is the function Upload of the file zlt-business/file-center/src/main/java/com/central/file/controller/FileController.java. The manipulation leads to unrestricted upload. The attack can be...

CVE-2025-8841 zlt2000 microservices-platform FileController.java upload unrestricted upload

A vulnerability was identified in zlt2000 microservices-platform up to 6.0.0. Affected by this vulnerability is the function Upload of the file zlt-business/file-center/src/main/java/com/central/file/controller/FileController.java. The manipulation leads to unrestricted upload. The attack can be...

zlt-microservices-platform 安全漏洞

zlt-microservices-platform is a platform system for zlt individual developers. A security vulnerability exists in zlt-microservices-platform version 6.0.0 and earlier, which originates from the file zlt-business/file-center/src/main/java/com/central/file/controller/ The upload function in...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the GetFile function in the filecontroller.go. An attacker can access arbitrary files on the server by manipulating the fileName argument. Details A Directory Traversal attack also known as path traversal aims to...

ssm-erp 路径遍历漏洞

ssm-erp is a production management ERP system by fenghaha individual developer. A path traversal vulnerability exists in ssm-erp version 1.0, which stems from an incorrect operation of the file FileController.java that results in path traversal...

CVE-2025-2194

CVE-2025-2194 affects MRCMS 3.1.2: cross-site scripting in the FileController.list.do endpoint caused by manipulating the path parameter. Exploit disclosed; remote initiation possible. Mitigations from PT-2025-10751 include disabling the /admin/file/list.do function or restricting access, and avo...

CVE-2024-57451

ChestnutCMS =1.5.0 has a directory traversal vulnerability in contentcore.controller.FileControllergetFileList, which allows attackers to view any directory...

CVE-2024-57452

ChestnutCMS =1.5.0 has an arbitrary file deletion vulnerability in contentcore.controller.FileController, which allows attackers to delete any file and folder...

CVE-2025-0703

A vulnerability, which was classified as problematic, has been found in JoeyBling bootplus up to 247d5f6c209be1a5cf10cd0fa18e1d8cc63cf55d. This issue affects some unknown processing of the file src/main/java/io/github/controller/SysFileController.java. The manipulation of the argument name leads ...

CVE-2025-0702

A vulnerability classified as critical was found in JoeyBling bootplus up to 247d5f6c209be1a5cf10cd0fa18e1d8cc63cf55d. This vulnerability affects unknown code of the file src/main/java/io/github/controller/SysFileController.java. The manipulation of the argument portraitFile leads to unrestricted...

PT-2025-2025 · Unknown · Mysiteforme

Name of the Vulnerable Software and Affected Versions: wangl1989 mysiteforme version 1.0 Description: A critical issue affects the doContent function of the file src/main/java/com/mysiteform/admin/controller/system/FileController. The manipulation of the content argument leads to server-side...

CVE-2024-9293

A vulnerability classified as critical was found in skyselang yylAdmin up to 3.0. Affected by this vulnerability is the function list of the file /app/admin/controller/file/File.php of the component Backend. The manipulation of the argument isdisable leads to sql injection. The attack can be...

PT-2024-20242 · Unknown · Novel-Plus

Name of the Vulnerable Software and Affected Versions: Novel-Plus versions 4.3.0-RC1 and prior Description: An arbitrary file upload issue exists, allowing an attacker to perform arbitrary file downloads by passing a specially crafted filename parameter. This issue is related to the upload functi...

CVE-2023-7037

A vulnerability was found in automad up to 1.10.9. It has been declared as critical. This vulnerability affects the function import of the file FileController.php. The manipulation of the argument importUrl leads to server-side request forgery. The attack can be initiated remotely. The exploit ha...

PT-2023-32845 · Automad · Automad

Name of the Vulnerable Software and Affected Versions: automad versions up to 1.10.9 Description: A critical issue affects the import function in the FileController.php file, where the manipulation of the importUrl argument leads to server-side request forgery. This can be initiated remotely and...