CVE-2022-30117

Concrete 8.5.7 and below as well as Concrete 9.0 through 9.0.2 allow traversal in /index.php/ccm/system/file/upload which could result in an Arbitrary File Delete exploit. This was remediated by sanitizing /index.php/ccm/system/file/upload to ensure Concrete doesn’t allow traversal and by changin...

CVE-2022-4748

A vulnerability was found in FlatPress. It has been classified as critical. This affects the function doItemActions of the file fp-plugins/mediamanager/panels/panel.mediamanager.file.php of the component File Delete Handler. The manipulation of the argument deletefile leads to path traversal. The...

CVE-2022-30059

Shopwind =v3.4.2 was discovered to contain a Arbitrary File Delete vulnerability via the neirong parameter at \backend\controllers\DbController.php...

CVE-2022-45697

Arbitrary File Delete vulnerability in Razer Central before v7.8.0.381 when handling files in the Accounts directory...

CVE-2021-45338

Multiple privilege escalation vulnerabilities in Avast Antivirus prior to 20.4 allow a local user to gain elevated privileges by calling unnecessarily powerful internal methods of the main antivirus service which could lead to the 1 arbitrary file delete, 2 write and 3 reset security...

CVE-2020-28187

Multiple directory traversal vulnerabilities in TerraMaster TOS = 4.2.06 allow remote authenticated attackers to read, edit or delete any file within the filesystem via the 1 filename parameter to /tos/index.php?editor/fileGet, Event parameter to /include/ajax/logtable.php, or opt parameter to...

CVE-2019-15627

Versions 10.0, 11.0 and 12.0 of the Trend Micro Deep Security Agent are vulnerable to an arbitrary file delete attack, which may lead to availability impact. Local OS access is required. Please note that only Windows agents are affected...

CVE-2019-1010150

zzcms 8.3 and earlier is affected by: File Delete to Code Execution. The impact is: getshell. The component is: /user/zssave.php...

CVE-2025-5029 Kingdee Cloud Galaxy Private Cloud BBC System File deleteFileAction.jhtml path traversal

A vulnerability has been found in Kingdee Cloud Galaxy Private Cloud BBC System up to 9.0 Patch April 2025 and classified as critical. Affected by this vulnerability is the function BaseServiceFactory.getFileUploadService.deleteFileAction of the file fileUpload/deleteFileAction.jhtml of the...

CVE-2025-30005

Xorcom CompletePBX is vulnerable to a path traversal via the Diagnostics reporting module, which will allow reading of arbitrary files and additionally delete any retrieved file in place of the expected report. This issue affects CompletePBX: all versions up to and prior to 5.2.35...

CVE-2024-54291 WordPress PluginPass plugin <= 0.9.10 - Arbitrary File Download/Delete vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in NotFound PluginPass allows Manipulating Web Input to File System Calls. This issue affects PluginPass: from n/a through 0.9.10...

CVE-2024-54291 WordPress PluginPass plugin <= 0.9.10 - Arbitrary File Download/Delete vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in labs64 PluginPass pluginpass-pro-plugintheme-licensing allows Manipulating Web Input to File System Calls.This issue affects PluginPass: from n/a through = 0.9.10...

Directory Traversal

Overview dbgpt is a DB-GPT is an experimental open-source project that uses localized GPT large models to interact with your data and environment. With this solution, you can beassured that there is no risk of data leakage, and your data is 100% private and secure. Affected versions of this packa...

WordPress PluginPass plugin <= 0.9.10 - Arbitrary File Download/Delete vulnerability

Arbitrary File Download/Delete vulnerability discovered by stealthcopter Patchstack Alliance in WordPress Plugin PluginPass versions = 0.9.10...

CVE-2025-2193

CVE-2025-2193 concerns MRCMS 3.1.2. A path traversal vulnerability exists in the delete function of /admin/file/delete.do within the org.marker.mushroom.controller.FileController, enabling remote exploitation via manipulation of the path/name argument. Public exploit details are present in multip...

CVE-2020-13522

An exploitable arbitrary file delete vulnerability exists in SoftPerfect RAM Disk 4.1 spvve.sys driver. A specially crafted I/O request packet IRP can allow an unprivileged user to delete any file on the filesystem. An attacker can send a malicious IRP to trigger this vulnerability...

CVE-2024-7258

The WooCommerce Google Feed Manager plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'wppfmremoveFeedFile' function in all versions up to, and including, 2.8.0. This makes it possible for authenticated attackers, with Contributor-level acces...

CVE-2024-12643

The tbm-client from Chunghwa Telecom has an Arbitrary File Delete vulnerability. The application sets up a simple local web server and provides APIs for communication with the target website. Due to the lack of CSRF protection in the APIs, unauthenticated remote attackers could use these APIs...

CVE-2024-12646

The topm-client from Chunghwa Telecom has an Arbitrary File Delete vulnerability. The application sets up a simple local web server and provides APIs for communication with the target website. Due to the lack of CSRF protection in the APIs, unauthenticated remote attackers could use these APIs...

CVE-2024-12646 Chunghwa Telecom topm-client - Arbitrary File Delete

The topm-client from Chunghwa Telecom has an Arbitrary File Delete vulnerability. The application sets up a simple local web server and provides APIs for communication with the target website. Due to the lack of CSRF protection in the APIs, unauthenticated remote attackers could use these APIs...