CVE-2020-8429

The Admin web application in Kinetica 7.0.9.2.20191118151947 does not properly sanitise the input for the function getLogs. This lack of sanitisation could be exploited to allow an authenticated attacker to run remote code on the underlying operating system. The logFile parameter in the getLogs...

CVE-2020-9467

Piwigo 2.10.1 has stored XSS via the file parameter in a /ws.php request because of the pwg.images.setInfo function...

CVE-2018-1000218

OpenEMR version v5014 contains a Cross Site Scripting XSS vulnerability in The 'file' parameter in line 43 of interface/fax/faxview.php that can result in The vulnerability could allow remote authenticated attackers to inject arbitrary web script or HTML.. This attack appear to be exploitable via...

Seaglider Basestation Software 安全漏洞

Seaglider Basestation Software is a Seaglider basestation from iop-apl-uw open source. A security vulnerability exists in Seaglider Basestation Software 3 3.0.4 and earlier versions, which stems from improper handling of the qcfile parameter in the file basestation3/qc.py, which could lead to a...

ssm-erp 代码问题漏洞

ssm-erp is a production management ERP system by fenghaha individual developer. A code issue vulnerability exists in ssm-erp version 1.0, which stems from the incorrect operation of the parameter File in the file PictureServiceImpl.java resulting in unlimited uploads...

ContiNew Admin 代码注入漏洞

ContiNew Admin is ContiNew open source a continuous iterative optimization of front-end and back-end separation of middle and back-end management system framework. A code injection vulnerability exists in ContiNew Admin 3.6.0 and earlier versions, which stems from cross-site scripting due to...

CTCMS 路径遍历漏洞

CTCMS Chibi CMS is a video content management system from China Chibi CMS CTCMS company. A path traversal vulnerability exists in CTCMS version 2.1.2, which stems from path traversal due to incorrect operation of the parameter File in the file ctcmsappscontrollersadminTpl.php...

JeecgBoot 安全漏洞

JeecgBoot is a Java low-code platform for enterprise web applications from China National Torch Jeecg. A security vulnerability exists in JeecgBoot 3.8.0 and earlier versions that originates from resource consumption due to incorrect manipulation of the parameter File in the file...

Projectworlds Car Rental Project 注入漏洞

Projectworlds Car Rental Project is a car rental project by Projectworlds India. An injection vulnerability exists in Projectworlds Car Rental Project version 1.0, which stems from the mishandling of the fname parameter in the /signup.php file, which could lead to an SQL injection attack...

youkefu 代码问题漏洞

youkefu is a customer service support application by the individual developer zhangyanbo2007. A code issue vulnerability exists in youkefu version 4.2.0 and earlier, which stems from improper handling of the parameter dataFile in the file mwebhandleradminsystemTemplateController.java, which could...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the showUploadForm method, any malicious unauthenticated user can create a link that can be clicked on in the victim context to perform arbitrary actions. An attacker can execute arbitrary JavaScript code by...

BeyongCms 代码问题漏洞

BeyongCms is a lightweight content management system by youyiio individual developer. A code issue vulnerability exists in BeyongCms version 1.6.0, which stems from the incorrect operation of the parameter File in the file /admin/theme/Upload.html leading to unlimited uploads...

CVE-2025-2105

The Jupiter X Core plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.8.11 via deserialization of untrusted input from the 'file' parameter of the 'ravendownloadfile' function. This makes it possible for attackers to inject a PHP Object through a PH...

CVE-2025-2105

The Jupiter X Core plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.8.11 via deserialization of untrusted input from the 'file' parameter of the 'ravendownloadfile' function. This makes it possible for attackers to inject a PHP Object through a PH...

uzy-ssm-mall 代码问题漏洞

uzy-ssm-mall yuzu cloud e-commerce is an SSM framework by ghostxbh personal developer for building e-commerce, bookstore mall, customer management and so on. A code issue vulnerability exists in uzy-ssm-mall version 1.0.0, which stems from improper manipulation of the parameter File in the file...

My-Blog-layui 代码问题漏洞

My-Blog-layui is a blog system developed by ZHENFENG13. A code issue exists in My-Blog-layui version 1.0, the vulnerability stems from the wrong operation of the parameter File in the file /admin/upload/authorImg/, which leads to the upload of arbitrary files...

AIAS 安全漏洞

AIAS is an AI one-stop solution from Calvin Personal Developer. A security vulnerability exists in AIAS version 20250308, which stems from the fact that incorrect manipulation of the parameter File can lead to unrestricted uploads...

iboot 安全漏洞

iboot is a general-purpose IoT gateway, industrial IoT gateway system by iteaj individual developer. A security vulnerability exists in iboot version 1.1.3, which stems from the mishandling of the parameter File in the file upload component /common/upload/batch, which could lead to a cross-site...

iboot 安全漏洞

iboot is a general-purpose IoT gateway, industrial IoT gateway system by iteaj individual developer. A security vulnerability exists in iboot version 1.1.3, which stems from an incorrect manipulation of the parameter File can lead to cross-site scripting...

nimrod 代码问题漏洞

nimrod is a Spring Boot-based enterprise-grade monolithic application rapid development framework for the Java Web platform by the individual developer godcheese. A code issue vulnerability exists in nimrod version 0.8, which stems from an incorrect operation of the parameter File that can lead t...