70 matches found
Admidio has IDOR in `documents-files.php` `mode=move_save` that lets any folder-uploader exfiltrate files from private folders
Summary modules/documents-files.php gates state-changing modes by checking that the actor has hasUploadRight on the URL parameter folderuuid. The movesave handler then operates on a separate URL parameter fileuuid and calls File::moveToFolder$destFolderUUID. File::moveToFolder checks the upload...
CVE-2026-25161
Alist is a file list program that supports multiple storages, powered by Gin and Solidjs. Prior to version 3.57.0, the application contains path traversal vulnerability in multiple file operation handlers. An authenticated attacker can bypass directory-level authorisation by injecting traversal...
CVE-2022-27049
Raidrive before v2021.12.35 allows attackers to arbitrarily move log files by pre-creating a mountpoint and log files before Raidrive is installed...
CVE-2025-12494
The Image Gallery – Photo Grid & Video Gallery plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the ajaximportfile function in all versions up to, and including, 2.12.28. This makes it possible for authenticated attackers, with author-level...
CVE-2025-12494 Image Gallery – Photo Grid & Video Gallery <= 2.12.28 - Improper Authorization to Authenticated (Author+) Arbitrary Image File Move
The Image Gallery – Photo Grid & Video Gallery plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the ajaximportfile function in all versions up to, and including, 2.12.28. This makes it possible for authenticated attackers, with author-level...
CVE-2025-10488
The Directorist: AI-Powered Business Directory Plugin with Classified Ads Listings plugin for WordPress is vulnerable to arbitrary file move due to insufficient file path validation in the addlistingaction AJAX action in all versions up to, and including, 8.4.8. This makes it possible for...
Exploit for CVE-2021-4191
Nuclei POC Duplicate Detection Tool This tool is written in G...
EUVD-2018-10760
Malware in sbrugna...
EUVD-2018-2593
Malware in sbrugna...
EUVD-2020-30532
Malware in sbrugna...
EUVD-2004-1668
Malware in sbrugna...
EUVD-2023-54330
Malicious code in bioql PyPI...
EUVD-2022-30036
Malicious code in bioql PyPI...
EUVD-2022-28710
Malicious code in bioql PyPI...
EUVD-2024-48515
Malicious code in bioql PyPI...
EUVD-2022-31589
Malicious code in bioql PyPI...
Arbitrary File Exfiltration
octoprint is vulnerable to Arbitrary file exfiltration. The vulnerability is due to insufficient restrictions on file movement by users with FILEUPLOAD permission, allowing files readable by OctoPrint to be moved into the upload folder and downloaded...
CVE-2024-51491
notion-go is a collection of libraries for supporting sign and verify OCI artifacts. Based on Notary Project specifications. The issue was identified during Quarkslab's security audit on the Certificate Revocation List CRL based revocation check feature. After retrieving the CRL, notation-go...
CVE-2023-34865
Directory traversal vulnerability in ujcms 6.0.2 allows attackers to move files via the rename feature...
CVE-2020-9752
Naver Cloud Explorer before 2.2.2.11 allows the attacker can move a local file in any path on the filesystem as a system privilege through its named pipe...