CVE-2025-57633

A command injection vulnerability in FTP-Flask-python through 5173b68 allows unauthenticated remote attackers to execute arbitrary OS commands. The /ftp.html endpoint's "Upload File" action constructs a shell command from the ftpfile parameter and executes it using os.system without sanitization ...

FTP-Flask-python 安全漏洞

FTP-Flask-python is a Python library by the individual developer Ajay Pandurang Paratmandali. A security vulnerability exists in FTP-Flask-python 5173b68 and earlier versions, which stems from an uncleaned and escaped ftpfile parameter that could lead to remote command execution...

CVE-2025-57633

A command injection vulnerability in FTP-Flask-python through 5173b68 allows unauthenticated remote attackers to execute arbitrary OS commands. The /ftp.html endpoint's "Upload File" action constructs a shell command from the ftpfile parameter and executes it using os.system without sanitization ...

CVE-2025-57633

A command injection vulnerability in FTP-Flask-python through 5173b68 allows unauthenticated remote attackers to execute arbitrary OS commands. The /ftp.html endpoint's "Upload File" action constructs a shell command from the ftpfile parameter and executes it using os.system without sanitization ...

CVE-2025-10081

CVE-2025-10081 affects SourceCodester Pet Management System v1.0. The flaw is in /admin/profile.php, where manipulating the website_image argument enables unrestricted file upload, with remote exploitation possible. The vulnerability is corroborated by multiple sources; an exploit has been publis...

Sim Studio 安全漏洞

Sim Studio is an AI agent workflow builder from Sim Studio Open Source. A security vulnerability exists in Sim Studio that stems from an arbitrary file upload due to incorrect manipulation of the parameter File in the file apps/sim/app/api/files/upload/route.ts...

CVE-2025-9739 Campcodes Online Water Billing System process.php sql injection

A vulnerability has been found in Campcodes Online Water Billing System 1.0. Affected by this issue is some unknown functionality of the file /process.php. The manipulation of the argument Username leads to sql injection. The attack is possible to be carried out remotely. The exploit has been...

CVE-2025-9475

A flaw has been found in SourceCodester Human Resource Information System 1.0. Affected by this vulnerability is an unknown functionality of the file /AdminDashboard/process/editemployeeprocess.php. This manipulation of the argument employeefile201 causes unrestricted upload. The attack may be...

CVE-2025-9475

A flaw has been found in SourceCodester Human Resource Information System 1.0. Affected by this vulnerability is an unknown functionality of the file /AdminDashboard/process/editemployeeprocess.php. This manipulation of the argument employeefile201 causes unrestricted upload. The attack may be...

CVE-2025-9476

CVE-2025-9476 affects the SourceCodester Human Resource Information System 1.0, specifically an issue in the file /Superadmin_Dashboard/process/editemployee_process.php. The vulnerability arises from manipulation of the argument employee_file201, enabling an unrestricted file upload. This can be ...

CVE-2025-50971

CVE-2025-50971 affects AbanteCart v1.4.2, exposing a directory traversal flaw that allows unauthenticated access to sensitive system files via the template parameter in index.php. Impact is a confidentiality breach; there is no indication of integrity/availability compromise in the provided sourc...

Yifang CMS 安全漏洞

Yifang CMS is a PHP enterprise website development and construction management system from China Yifang Company. A security vulnerability exists in Yifang CMS 2.0.5 and earlier versions, which originates from the improper handling of the File parameter in the mergeMultipartUpload function in the...

CVE-2025-7761

Lepszy BIP is vulnerable to Reflected Cross-Site Scripting XSS. Improper input validation in index.php form in one of the parameters allows arbitrary JavaScript to be executed on victim's browser when specially crafted URL is opened. The vendor was contacted early about this disclosure but did no...

CVE-2025-7761

Lepszy BIP is vulnerable to Reflected Cross-Site Scripting XSS. Improper input validation in index.php form in one of the parameters allows arbitrary JavaScript to be executed on victim's browser when specially crafted URL is opened. The vendor was contacted early about this disclosure but did no...

litemall 代码问题漏洞

litemall is a small mall system for linlinjava individual developers. A code issue vulnerability exists in litemall 1.8.0 and earlier versions, which stems from an incorrect operation of the File parameter File in the file...

CVE-2025-55169 WeGIA Path Traversal at endpoint 'html/socio/sistema/download_remessa.php' via parameter 'file'

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. Prior to version 3.4.8, a path traversal vulnerability was discovered in the WeGIA application, html/socio/sistema/downloadremessa.php endpoint. This vulnerability could allow an attacker to...

CVE-2025-8764

A vulnerability classified as critical has been found in linlinjava litemall up to 1.8.0. Affected is the function Upload of the file /wx/storage/upload. The manipulation of the argument File leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclose...

litemall 代码问题漏洞

litemall is a small shopping mall system for linlinjava individual developers. A code issue vulnerability exists in litemall 1.8.0 and earlier versions, which stems from improper handling of the parameter File in the file /wx/storage/upload, which could lead to unlimited uploads...

Bottinelli Informatical Vedo Suite 安全漏洞

Bottinelli Informatical Vedo Suite is an enterprise software suite for the textile and design industry from Bottinelli Informatica, Italy. Bottinelli Informatical Vedo Suite suffers from a server-side request forgery vulnerability, which originates from the /apivedo/video/preview endpoint that do...

Directory Traversal

Overview vvvebjs is a Drag and drop website builder javascript library Affected versions of this package are vulnerable to Directory Traversal via the File argument in the /save.php endpoint. An attacker can access or modify files outside the intended directory by supplying crafted input to the...