CVE-2021-47979

WordPress Plugin Backup and Restore 1.0.3 contains an arbitrary file deletion vulnerability that allows authenticated attackers to delete files by manipulating parameters in AJAX requests. Attackers can send POST requests to admin-ajax.php with crafted filename and foldername parameters to delete...

PT-2026-41465

Name of the Vulnerable Software and Affected Versions Backup and Restore version 1.0.3 Description Authenticated attackers can delete arbitrary files from the WordPress installation directory. This is achieved by sending POST requests to the 'admin-ajax.php' endpoint with manipulated file name an...

CVE-2026-3892

The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 1.4.107. This is due to insufficient file path validation in the become-dealer logo upload flow. The plugin allows any authenticated user to...

CVE-2026-0259

An arbitrary File Read and Delete Vulnerability in Palo Alto Networks WildFire® WF-500 and WF-500-B appliances enables users to read sensitive information and delete arbitrary files. This vulnerability affects WF-500 and WF-500-B appliances running in the default non-FIPS configuration mode. The...

CVE-2026-25605

CVE-2026-25605 affects Siemens SICAM SIAPP SDK (all versions

WiseCleaner Wise Force Deleter 安全漏洞

WiseCleaner Wise Force Deleter is a file deletion tool developed by the WiseCleaner company. Versions of WiseCleaner Wise Force Deleter prior to 7.3.2 contained security vulnerabilities. These vulnerabilities stemmed from defects in the WiseDelfile64.sys component, which could allow attackers to...

CVE-2020-37078

i-doit Open Source CMDB 1.14.1 contains a file deletion vulnerability in the import module that allows authenticated attackers to delete arbitrary files by manipulating the deleteimport parameter. Attackers can send a POST request to the import module with a crafted filename to remove files from...

CVE-2020-37080

webTareas 2.0.p8 contains a file deletion vulnerability in the printlayout.php administration component that allows authenticated attackers to delete arbitrary files. Attackers can exploit the vulnerability by manipulating the 'atttmp1' parameter to specify and delete files on the server through ...

i-doit Open Source CMDB 安全漏洞

i-doit Open Source CMDB is a configuration management database system developed by the German company i-doit. Version 1.14.1 of i-doit Open Source CMDB contains a security vulnerability. This vulnerability stems from a file deletion vulnerability in the deleteimport parameter of the import module...

EUVD-2026-2049

An arbitrary file deletion vulnerability has been identified in the command-line interface of mobility conductors running either AOS-10 or AOS-8 operating systems. Successful exploitation of this vulnerability could allow an authenticated remote malicious actor to delete arbitrary files within th...

CVE-2018-10518

In CMS Made Simple CMSMS through 2.2.7, the "file delete" operation in the admin dashboard contains an arbitrary file deletion vulnerability that can cause DoS, exploitable by an admin user, because the attacker can remove all lib/ files in all directories...

CVE-2018-18891

MiniCMS 1.10 allows file deletion via /mc-admin/post.php?state=delete= because the authentication check occurs too late...

CVE-2022-31973

Online Fire Reporting System v1.0 is vulnerable to Delete any file via /ofrs/classes/Master.php?f=deleteimg...

CVE-2022-31945

Rescue Dispatch Management System v1.0 is vulnerable to Delete any file via /rdms/classes/Master.php?f=deleteimg...

CVE-2023-29152

By changing the filename parameter in the request, an attacker could delete any file with the permissions of the Vuforia server account...

CVE-2019-25296

The CVE-2019-25296 entry concerns the WP Cost Estimation WordPress plugin up to version 9.642, where missing file type validation in the lfb_upload_form and lfb_removeFile AJAX actions allows unauthenticated arbitrary file uploads and deletions. This can enable uploading arbitrary files to the se...

CVE-2019-16985

In FusionPBX up to v4.5.7, the file app\xmlcdr\xmlcdrdelete.php uses an unsanitized "rec" variable coming from the URL, which is base64 decoded and allows deletion of any file of the system...

CVE-2025-65792

DataGear v5.5.0 is vulnerable to Arbitrary File Deletion...

CVE-2025-65879

Warehouse Management System 1.2 contains an authenticated arbitrary file deletion vulnerability. The /goods/deleteGoods endpoint accepts a user-controlled goodsimg parameter, which is directly concatenated with the server's UPLOADPATH and passed to File.delete without validation. A remote...

EUVD-2025-200119

Gin-vue-admin has an arbitrary file deletion vulnerability...