PT-2026-1004

Name of the Vulnerable Software and Affected Versions campcodes School File Management System version 1.0 Description A security issue exists in campcodes School File Management System 1.0. The issue involves unrestricted file upload due to manipulation of the File argument within an unknown...

CVE-2022-50792

SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below contain an unauthenticated file disclosure vulnerability that allows remote attackers to access sensitive system files. Attackers can exploit the vulnerability by manipulating the 'file' GET parameter to disclose arbitrary files on the affected...

CVE-2022-50792

SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below contain an unauthenticated file disclosure vulnerability that allows remote attackers to access sensitive system files. Attackers can exploit the vulnerability by manipulating the 'file' GET parameter to disclose arbitrary files on the affected...

CVE-2022-50792 SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x Unauthenticated File Disclosure Vulnerability

SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below contain an unauthenticated file disclosure vulnerability that allows remote attackers to access sensitive system files. Attackers can exploit the vulnerability by manipulating the 'file' GET parameter to disclose arbitrary files on the affected...

CVE-2022-50792

CVE-2022-50792 concerns SOUND4 IMPACT/FIRST/PULSE/Eco products (2.x and below) with an unauthenticated file disclosure vulnerability reachable over the network. The issue arises from allowing manipulation of the GET parameter file to disclose arbitrary device files (path traversal-like behavior d...

CVE-2025-15245

A vulnerability was found in D-Link DCS-850L 1.02.09. Affected is the function uploadfirmware of the component Firmware Update Service. The manipulation of the argument DownloadFile results in path traversal. The attack must originate from the local network. The exploit has been made public and...

newbee-mall-plus 安全漏洞

newbee-mall-plus is an open source e-commerce system by newbee-ltd. A security vulnerability exists in version 2.0.0 of newbee-mall-plus, which stems from the incorrect manipulation of the parameter File in the file src/main/java/ltd/newbee/mall/controller/common/UploadController.java, which coul...

Lin-CMS-TP5 代码注入漏洞

Lin-CMS-TP5 is a content management system by ChenJinchuang's personal developer. A code injection vulnerability exists in Lin-CMS-TP5 0.3.3 and earlier versions, which originates from the incorrect operation of the parameter File in the file application/lib/file/LocalUploader.php, which may lead...

CVE-2024-42718

A path traversal vulnerability in Croogo CMS 4.0.7 allows remote attackers to read arbitrary files via a specially crafted path in the 'edit-file' parameter...

XCMS 代码问题漏洞

XCMS is a CMS website builder system by JackQ Individual Developer. A code issue vulnerability exists in jackq XCMS, which stems from an incorrect manipulation of the parameter File in the file Admin/Home/Controller/ProductImageController.class.php, which could lead to unlimited uploads...

EUVD-2024-55362

Croogo CMS has a path traversal vulnerability...

Directory Traversal

Overview croogo/croogo is an Open Source CMS built for everyone. Affected versions of this package are vulnerable to Directory Traversal via the edit-file parameter. An attacker can access arbitrary files on the server by supplying a specially crafted path. Details A Directory Traversal attack al...

Croogo CMS has a path traversal vulnerability

A path traversal vulnerability in Croogo CMS 4.0.7 allows remote attackers to read arbitrary files via a specially crafted path in the 'edit-file' parameter...

CVE-2024-42718

A path traversal vulnerability in Croogo CMS 4.0.7 allows remote attackers to read arbitrary files via a specially crafted path in the 'edit-file' parameter...

CVE-2024-42718

A path traversal vulnerability in Croogo CMS 4.0.7 allows remote attackers to read arbitrary files via a specially crafted path in the 'edit-file' parameter...

CVE-2024-42718

A path traversal vulnerability in Croogo CMS 4.0.7 allows remote attackers to read arbitrary files via a specially crafted path in the 'edit-file' parameter...

Croogo 安全漏洞

Croogo is Croogo open source a set of CakePHP framework based on the development of content management system CMS. The system provides content type can be customized as Blog, Node, Page, content editing using WYSIWYG editor and other features. Croogo 4.0.7 version of a security vulnerability , th...

CVE-2024-42718

CVE-2024-42718 affects Croogo CMS 4.0.7 and is a path-traversal vulnerability that allows remote attackers to read arbitrary files via a crafted value in the edit-file parameter. The issue is documented across multiple feeds (Red Hat, CIRCL, OSV, NVD, etc.) with the same description. The CVE entr...

CVE-2025-15050

A security vulnerability has been detected in code-projects Student File Management System 1.0. This affects an unknown part of the file /savefile.php. Such manipulation of the argument File leads to unrestricted upload. The attack can be executed remotely. The exploit has been disclosed publicly...

Code-Projects Student File Management System 代码问题漏洞

Code-Projects Student File Management System is an open source student file management system from Code-Projects. A code issue vulnerability exists in Code-Projects Student File Management System version 1.0, which stems from incorrect manipulation of the File parameter File in file/savefile.php,...