XBoot 代码问题漏洞

XBoot is a one-stop front-end and back-end separation rapid development platform for Exrick individual developers. A code issue vulnerability exists in XBoot 3.3.4 and prior versions, which stems from an incorrect manipulation of the parameter File resulting in unlimited uploads...

CVE-2025-50184

DbGate is cross-platform database manager. In versions 6.4.3-premium-beta.5 and below, DbGate is vulnerable to a directory traversal flaw. The file parameter is not properly restricted to the intended uploads directory. As a result, the endpoint that lists files within the upload directory can be...

CVE-2025-50184 DbGate allows for File Traversal via file parameter

DbGate is cross-platform database manager. In versions 6.4.3-premium-beta.5 and below, DbGate is vulnerable to a directory traversal flaw. The file parameter is not properly restricted to the intended uploads directory. As a result, the endpoint that lists files within the upload directory can be...

CVE-2025-50184 DbGate allows for File Traversal via file parameter

DbGate is cross-platform database manager. In versions 6.4.3-premium-beta.5 and below, DbGate is vulnerable to a directory traversal flaw. The file parameter is not properly restricted to the intended uploads directory. As a result, the endpoint that lists files within the upload directory can be...

CVE-2025-50184

DbGate (cross‑platform database manager) contains a directory traversal vulnerability in the uploads/file handling. In versions 6.4.3-premium-beta.5 and earlier, the file parameter is not restricted to the uploads directory, allowing an attacker to craft a path to read arbitrary files outside tha...

DbGate 安全漏洞

DbGate is a database manager in the DbGate open source. A security vulnerability exists in DbGate 6.4.3-premium-beta.5 and earlier versions, which stems from insufficient validation of file parameters and can lead to directory traversal...

Code-Projects Document Management System 代码问题漏洞

Code-Projects Document Management System is an open source document management system from Code-Projects. A code issue vulnerability exists in Code-Projects Document Management System version 1.0, which stems from an incorrect manipulation of the parameter uploadedfile in file/insert.php resultin...

Metasoft MetaCRM 代码问题漏洞

Metasoft MetaCRM is a customer relationship management system software from China Metasoft Metasoft. A code issue vulnerability exists in Metasoft MetaCRM 6.4.2 and prior versions, which arises from an arbitrary file upload due to incorrect operation of the parameter File in file...

Metasoft MetaCRM 代码问题漏洞

Metasoft MetaCRM is a customer relationship management system software from China Metasoft Metasoft. A code issue vulnerability exists in Metasoft MetaCRM 6.4.2 and prior versions, which stems from an unrestricted upload due to improper handling of the parameter File in the file sendfile.jsp...

Metasoft MetaCRM 代码问题漏洞

Metasoft MetaCRM is a customer relationship management system software from China Metasoft Metasoft. A code issue vulnerability exists in Metasoft MetaCRM 6.4.2 and prior versions, which stems from an incorrect operation of the File parameter in the file mobileupload.jsp that results in an...

Metasoft MetaCRM 代码问题漏洞

Metasoft MetaCRM is a customer relationship management system software from China Metasoft Metasoft. A code issue vulnerability exists in Metasoft MetaCRM 6.4.2 and prior versions, which stems from an arbitrary file upload due to incorrect manipulation of parameter File in file...

CVE-2025-7180

A vulnerability, which was classified as critical, has been found in code-projects Staff Audit System 1.0. This issue affects some unknown processing of the file /login.php. The manipulation of the argument User leads to sql injection. The attack may be initiated remotely. The exploit has been...

Flatboard Pro 跨站脚本漏洞

Flatboard Pro is an open source forum system by Flatboard. A cross-site scripting vulnerability exists in Flatboard Pro versions prior to 3.2.2, which stems from insufficient validation of the replace parameter input in config.php, and could lead to a stored cross-site scripting attack...

CVE-2025-6848

A vulnerability, which was classified as critical, has been found in code-projects Simple Forum 1.0. This issue affects some unknown processing of the file /forum1.php. The manipulation of the argument File leads to unrestricted upload. The attack may be initiated remotely. The exploit has been...

Code-Projects Simple Forum 注入漏洞

Simple forum is a simple forum. Simple forum suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter File in the file /forum1.php. An attacker can exploit this vulnerability to execute illegal SQL commands to ste...

LangChain-Chatchat 路径遍历漏洞

LangChain-Chatchat is a Chatchat-Space open source chatbot software developed based on the LangChain framework. A path traversal vulnerability exists in LangChain-Chatchat 0.3.1 and earlier versions, which stems from path traversal due to incorrect manipulation of the parameter flag in the file...

DB-GPT 路径遍历漏洞

DB-GPT is an AWEL and agent-based AI native data application development framework open-sourced by eosphoros. A path traversal vulnerability exists in DB-GPT 0.7.2 and earlier versions, which stems from path traversal due to incorrect operation of the parameter File in the file...

X-SpringBoot 路径遍历漏洞

X-SpringBoot is a lightweight Java rapid development platform for czx individual developers. X-SpringBoot 5.0 and previous versions of path traversal vulnerability exists, the vulnerability stems from the wrong operation of the parameter File in the file /sys/oss/upload/apk, resulting in path...

CVE-2025-34022

A path traversal vulnerability exists in multiple models of Selea Targa IP OCR-ANPR cameras, including iZero, Targa 512, Targa 504, Targa Semplice, Targa 704 TKM, Targa 805, Targa 710 INOX, Targa 750, and Targa 704 ILB. The /common/getfile.php script in the “Download Archive in Storage” page fail...

RuoYi AI 代码问题漏洞

RuoYi AI is a full-stack AI development platform for ageerle individual developers, designed to help developers rapidly build and deploy personalized AI applications. A code issue vulnerability exists in RuoYi AI version 2.0.0, which stems from an incorrect operation of the parameter File leading...