ChestnutCMS 代码问题漏洞

ChestnutCMS is a front-end and back-end separated enterprise-level content management system by liweiyi individual developers. A code issue vulnerability exists in liweiyi ChestnutCMS 1.5.8 and earlier versions, which stems from the incorrect operation of the parameter File in the file...

CVE-2025-12496

The Zephyr Project Manager plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.3.203 via the file parameter. This makes it possible for authenticated attackers, with Custom-level access and above, to read the contents of arbitrary files on the server,...

CVE-2025-12496

The Zephyr Project Manager plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.3.203 via the file parameter. This makes it possible for authenticated attackers, with Custom-level access and above, to read the contents of arbitrary files on the server,...

CVE-2025-12835 WooMulti <= 1.7 - Subscriber+ Arbitrary File Deletion

The WooMulti WordPress plugin through 17 does not validate a file parameter when deleting files, which could allow any authenticated users, such as subscriber to delete arbitrary files on the server...

CVE-2023-53772

MiniDVBLinux 5.4 contains an arbitrary file disclosure vulnerability that allows attackers to read sensitive system files through the 'file' GET parameter. Attackers can exploit the about page by supplying file paths to disclose arbitrary file contents on the affected device...

EUVD-2023-60180

MiniDVBLinux 5.4 contains an arbitrary file disclosure vulnerability that allows attackers to read sensitive system files through the 'file' GET parameter. Attackers can exploit the about page by supplying file paths to disclose arbitrary file contents on the affected device...

CVE-2023-53772

MiniDVBLinux 5.4 contains an arbitrary file disclosure vulnerability that allows attackers to read sensitive system files through the 'file' GET parameter. Attackers can exploit the about page by supplying file paths to disclose arbitrary file contents on the affected device...

CVE-2023-53772

CVE-2023-53772 concerns MiniDVBLinux 5.4 with an arbitrary file disclosure via the about page. The vulnerability arises from improper handling of the GET parameter file used to disclose arbitrary file contents, enabling path traversal to read system files. Public descriptions from multiple source...

CVE-2023-53772 MiniDVBLinux 5.4 Arbitrary File Read Vulnerability via About Page

MiniDVBLinux 5.4 contains an arbitrary file disclosure vulnerability that allows attackers to read sensitive system files through the 'file' GET parameter. Attackers can exploit the about page by supplying file paths to disclose arbitrary file contents on the affected device...

CVE-2023-53772 MiniDVBLinux 5.4 Arbitrary File Read Vulnerability via About Page

MiniDVBLinux 5.4 contains an arbitrary file disclosure vulnerability that allows attackers to read sensitive system files through the 'file' GET parameter. Attackers can exploit the about page by supplying file paths to disclose arbitrary file contents on the affected device...

PT-2025-50269

Name of the Vulnerable Software and Affected Versions MiniDVBLinux version 5.4 Description MiniDVBLinux version 5.4 contains a flaw that allows attackers to read sensitive system files. This is possible through the 'file' GET parameter on the about page, enabling disclosure of arbitrary file...

CVE-2025-14195

A security flaw has been discovered in code-projects Employee Profile Management System 1.0. Impacted is an unknown function of the file /profiling/addfilequery.php. The manipulation of the argument perfile results in unrestricted upload. The attack may be launched remotely. The exploit has been...

CVE-2025-14182

A vulnerability has been found in Sobey Media Convergence System 2.0/2.1. This vulnerability affects unknown code of the file /sobey-mchEditor/watermark/upload. The manipulation of the argument File leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed to t...

Code-Projects Employee Profile Management System 代码问题漏洞

Employee Profile Management System is an employee profile management system. Employee Profile Management System has a code issue vulnerability that stems from the lack of valid validation of uploaded files by the parameter perfile in the file /profiling/addfilequery.php. No details of the...

PT-2025-49393

Name of the Vulnerable Software and Affected Versions Sobey Media Convergence System versions 2.0 through 2.1 Description A path traversal issue exists in Sobey Media Convergence System versions 2.0 and 2.1. The issue is related to the manipulation of the File argument within the...

Sobey Media Convergence System 路径遍历漏洞

The Sobey Media Convergence System is a media convergence system from the Chinese company Sobey. A path traversal vulnerability exists in Sobey Media Convergence System versions 2.0 and 2.1, which can be caused by incorrect manipulation of the File parameter in the file...

CVE-2020-36878

ReQuest Serious Play Media Player 3.0 contains an unauthenticated file disclosure vulnerability when input passed through the 'file' parameter in and script is not properly verified before being used to read web log files. Attackers can exploit this to disclose contents of files from local...

CVE-2020-36878

ReQuest Serious Play Media Player 3.0 contains an unauthenticated file disclosure vulnerability when input passed through the 'file' parameter in and script is not properly verified before being used to read web log files. Attackers can exploit this to disclose contents of files from local...

EUVD-2020-30826

ReQuest Serious Play Media Player 3.0 contains an unauthenticated file disclosure vulnerability when input passed through the 'file' parameter in and script is not properly verified before being used to read web log files. Attackers can exploit this to disclose contents of files from local...

CVE-2020-36878

CVE-2020-36878 affects ReQuest Serious Play Media Player 3.0 and older builds (3.0.0, 2.1.0.831, 1.5.2.822, 1.5.2.821, 1.5.1.820). The issue is an unauthenticated directory traversal/file disclosure caused by improper verification of the file parameter used by tail.html and file.html scripts to r...