PT-2026-45041

Summary modules/documents-files.php gates state-changing modes by checking that the actor has hasUploadRight on the URL parameter folder uuid. The move save handler then operates on a separate URL parameter file uuid and calls File::moveToFolder$destFolderUUID. File::moveToFolder checks the uploa...

CVE-2026-4347

The MW WP Form plugin for WordPress is vulnerable to arbitrary file moving due to insufficient file path validation via the 'generateuserfilepath' function and the 'movetempfiletouploaddir' function in all versions up to, and including, 5.1.0. This makes it possible for unauthenticated attackers ...

CVE-2018-10521

In CMS Made Simple CMSMS through 2.2.7, the "file move" operation in the admin dashboard contains an arbitrary file movement vulnerability that can cause DoS, exploitable by an admin user, because config.php can be moved into an incorrect directory...

BP Group Documents 1.2.1 XSS / CSRF / File Move

Details below. We intended to publish these earlier, but they slipped through the net. The most recent version is 1.5, and all these were reported fixed in 1.2.2. First one: https://security.dxw.com/advisories/stored-xss-vulnerability-in-bp-group-documents-1-2-1/ Details ================ Software...