CVE-2025-10595

A vulnerability has been found in SourceCodester Online Student File Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/deleteuser.php. The manipulation of the argument userid leads to sql injection. The attack can be initiated remotely. The exploit has...

CVE-2009-20006

osCommerce versions up to and including 2.2 RC2a contain a vulnerability in its administrative file manager utility admin/filemanager.php. The interface allows file uploads and edits without sufficient input validation or access control. An unauthenticated attacker can craft a POST request to...

CVE-2009-20006 osCommerce <= 2.2 Admin File Manager Arbitrary PHP Code Execution

osCommerce versions up to and including 2.2 RC2a contain a vulnerability in its administrative file manager utility admin/filemanager.php. The interface allows file uploads and edits without sufficient input validation or access control. An unauthenticated attacker can craft a POST request to...

CVE-2009-20006

osCommerce versions up to and including 2.2 RC2a contain a vulnerability in its administrative file manager utility admin/filemanager.php. The interface allows file uploads and edits without sufficient input validation or access control. An unauthenticated attacker can craft a POST request to...

CVE-2009-20006

The CVE-2009-20006 issue affects osCommerce

CVE-2009-20006 osCommerce <= 2.2 Admin File Manager Arbitrary PHP Code Execution

osCommerce versions up to and including 2.2 RC2a contain a vulnerability in its administrative file manager utility admin/filemanager.php. The interface allows file uploads and edits without sufficient input validation or access control. An unauthenticated attacker can craft a POST request to...

PT-2025-38002

Name of the Vulnerable Software and Affected Versions: osCommerce versions up to and including 2.2 RC2a Description: osCommerce versions up to and including 2.2 RC2a contain a flaw in the administrative file manager utility admin/file manager.php. The interface lacks sufficient input validation a...

osCommerce 安全漏洞

osCommerce is an open source online shopping e-commerce solution based on the GNUGPL license from osCommerce, Inc. A security vulnerability exists in osCommerce 2.2 RC2a and earlier versions, which stems from a lack of input validation and access control in the Manage File Manager tool, and could...

CVE-2025-10232

A weakness has been identified in 299ko up to 2.0.0. Affected by this issue is the function getSentDir/delete of the file plugin/filemanager/controllers/FileManagerAPIController.php. Executing manipulation can lead to path traversal. It is possible to launch the attack remotely. The exploit has...

CVE-2025-10232

A weakness has been identified in 299ko up to 2.0.0. Affected by this issue is the function getSentDir/delete of the file plugin/filemanager/controllers/FileManagerAPIController.php. Executing manipulation can lead to path traversal. It is possible to launch the attack remotely. The exploit has...

CVE-2025-10232

CVE-2025-10232 affects 299ko up to version 2.0.0. The vulnerability is in the file manager’s getSentDir/delete function (FileManagerAPIController.php), enabling remote, unauthenticated path traversal. Public exploit exists; vendor was contacted but did not respond. Mitigation/workarounds are not ...

CVE-2025-10232 299ko FileManagerAPIController.php delete path traversal

A weakness has been identified in 299ko up to 2.0.0. Affected by this issue is the function getSentDir/delete of the file plugin/filemanager/controllers/FileManagerAPIController.php. Executing manipulation can lead to path traversal. It is possible to launch the attack remotely. The exploit has...

CVE-2025-10232 299ko FileManagerAPIController.php delete path traversal

A weakness has been identified in 299ko up to 2.0.0. Affected by this issue is the function getSentDir/delete of the file plugin/filemanager/controllers/FileManagerAPIController.php. Executing manipulation can lead to path traversal. It is possible to launch the attack remotely. The exploit has...

PT-2025-37103

Name of the Vulnerable Software and Affected Versions: 299ko versions up to 2.0.0 Description: A weakness exists in 299ko due to path traversal in the getSentDir/delete function of the plugin/filemanager/controllers/FileManagerAPIController.php file. This issue is remotely exploitable, and the...

Linux Distros Unpatched Vulnerability : CVE-2022-3124

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Frontend File Manager Plugin WordPress plugin before 21.3 allows any unauthenticated user to rename uploaded files from users. Furthermore, due to the lack ...

299Ko 路径遍历漏洞

299Ko is a simple, fast and lightweight content management system from 299Ko open source. 299Ko 2.0.0 and previous versions of path traversal vulnerability , the vulnerability stems from the file plugin/filemanager/controllers/FileManagerAPIController.php function getSentDir/delete the wrong...

Linux Distros Unpatched Vulnerability : CVE-2022-3125

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Frontend File Manager Plugin WordPress plugin before 21.3 allows any authenticated users, such as subscriber, to rename a file to an arbitrary extension, li...

Linux Distros Unpatched Vulnerability : CVE-2023-27842

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insecure Permissions vulnerability found in Extplorer File manager eXtplorer v.2.1.15 allows a remote attacker to execute arbitrary code via the index.php...

CVE-2025-41037

A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'dataFileManagersearch' parameter in /apprain/admin/filemanager...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the dataFileManagersearch parameter in the /apprain/admin/filemanager process. An attacker can execute arbitrary JavaScript code in the context of a user's browser by submitting crafted input that is...