CVE-2025-13816

A security vulnerability has been detected in moxi159753 Mogu Blog v2 up to 5.2. The impacted element is the function FileOperation.unzip of the file /networkDisk/unzipFile of the component ZIP File Handler. Such manipulation of the argument fileUrl leads to path traversal. The attack may be...

CVE-2025-13816

A security vulnerability has been detected in moxi159753 Mogu Blog v2 up to 5.2. The impacted element is the function FileOperation.unzip of the file /networkDisk/unzipFile of the component ZIP File Handler. Such manipulation of the argument fileUrl leads to path traversal. The attack may be...

EUVD-2025-199973

A security vulnerability has been detected in moxi159753 Mogu Blog v2 up to 5.2. The impacted element is the function FileOperation.unzip of the file /networkDisk/unzipFile of the component ZIP File Handler. Such manipulation of the argument fileUrl leads to path traversal. The attack may be...

CVE-2025-13816 moxi159753 Mogu Blog v2 ZIP File unzipFile FileOperation.unzip path traversal

A security vulnerability has been detected in moxi159753 Mogu Blog v2 up to 5.2. The impacted element is the function FileOperation.unzip of the file /networkDisk/unzipFile of the component ZIP File Handler. Such manipulation of the argument fileUrl leads to path traversal. The attack may be...

Mogu blog 路径遍历漏洞

Mogu blog is a micro-architecture based front-end and back-end shared blog system by individual developers in Streamlet, China. A path traversal vulnerability exists in Mogu blog v2 5.2 and earlier versions, which stems from the improper handling of the fileUrl parameter in the FileOperation.unzi...

PT-2025-48430

Name of the Vulnerable Software and Affected Versions moxi159753 Mogu Blog v2 versions up to 5.2 Description A security issue exists in moxi159753 Mogu Blog v2. The FileOperation.unzip function within the ZIP File Handler component, located in the /networkDisk/unzipFile file, is susceptible to pa...

CVE-2025-13787

A flaw has been found in ZenTao up to 21.7.6-8564. The affected element is the function file::delete of the file module/file/control.php of the component File Handler. Executing manipulation of the argument fileID can lead to improper privilege management. It is possible to launch the attack...

GHSA-92X3-MFJP-J3H3 yungifez Skuul School Management System vulnerable to XSS via SVG

A weakness has been identified in yungifez Skuul School Management System up to 2.6.5. This vulnerability affects unknown code of the file /dashboard/schools/1/edit of the component SVG File Handler. This manipulation causes cross site scripting. The attack is possible to be carried out remotely...

EUVD-2025-199925

A weakness has been identified in yungifez Skuul School Management System up to 2.6.5. This vulnerability affects unknown code of the file /dashboard/schools/1/edit of the component SVG File Handler. This manipulation causes cross site scripting. The attack is possible to be carried out remotely...

CVE-2025-13784

A weakness has been identified in yungifez Skuul School Management System up to 2.6.5. This vulnerability affects unknown code of the file /dashboard/schools/1/edit of the component SVG File Handler. This manipulation causes cross site scripting. The attack is possible to be carried out remotely...

CVE-2025-13784

A weakness has been identified in yungifez Skuul School Management System up to 2.6.5. This vulnerability affects unknown code of the file /dashboard/schools/1/edit of the component SVG File Handler. This manipulation causes cross site scripting. The attack is possible to be carried out remotely...

CVE-2025-13784 yungifez Skuul School Management System SVG File edit cross site scripting

A weakness has been identified in yungifez Skuul School Management System up to 2.6.5. This vulnerability affects unknown code of the file /dashboard/schools/1/edit of the component SVG File Handler. This manipulation causes cross site scripting. The attack is possible to be carried out remotely...

CVE-2025-13784

CVE-2025-13784 affects yungifez Skuul School Management System up to version 2.6.5. The vulnerability lies in the SVG File Handler component, specifically in the /dashboard/schools/1/edit path, where manipulation enables cross-site scripting. The issue is exploitable remotely and exploits have be...

CVE-2025-13784 yungifez Skuul School Management System SVG File edit cross site scripting

A weakness has been identified in yungifez Skuul School Management System up to 2.6.5. This vulnerability affects unknown code of the file /dashboard/schools/1/edit of the component SVG File Handler. This manipulation causes cross site scripting. The attack is possible to be carried out remotely...

PT-2025-48389

Name of the Vulnerable Software and Affected Versions ZenTao versions up to 21.7.6-8564 Description A flaw exists in ZenTao related to improper privilege management. The issue is located in the file::delete function within the module/file/control.php file of the File Handler component. Manipulati...

JLSEC-2025-268 A vulnerability classified as problematic was found in LibTIFF 4.3.0

A vulnerability classified as problematic was found in LibTIFF 4.3.0. Affected by this vulnerability is the TIFF File Handler of tiff2ps. Opening a malicious file leads to a denial of service. The attack can be launched remotely but requires user interaction. The exploit has been disclosed to the...

EUVD-2025-197911

The Gravity Forms plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the legacy chunked upload mechanism in all versions up to, and including, 2.9.21.1. This is due to the extension blacklist not including .phar files, which can be uploaded through...

CVE-2025-13262

A vulnerability was determined in lsfusion platform up to 6.1. Affected by this vulnerability is the function UploadFileRequestHandler of the file platform/web-client/src/main/java/lsfusion/http/controller/file/UploadFileRequestHandler.java. Executing manipulation of the argument sid can lead to...

CVE-2025-13261

A vulnerability was found in lsfusion platform up to 6.1. Affected is the function DownloadFileRequestHandler of the file web-client/src/main/java/lsfusion/http/controller/file/DownloadFileRequestHandler.java. Performing manipulation of the argument Version results in path traversal. Remote...

CVE-2025-13261

A vulnerability was found in lsfusion platform up to 6.1. Affected is the function DownloadFileRequestHandler of the file web-client/src/main/java/lsfusion/http/controller/file/DownloadFileRequestHandler.java. Performing manipulation of the argument Version results in path traversal. Remote...