CVE-2025-3021

Path Traversal vulnerability in e-solutions e-management. This vulnerability could allow an attacker to access confidential files outside the expected scope via the ‘file’ parameter in the /downloadReport.php endpoint...

GPT Academic Open Redirect Vulnerability

GPT Academic is an interface that provides pragmatic interactions for LLM grand language models such as GPT/GLM. GPT Academic suffers from an open redirection vulnerability that originates from a user redirecting to a URL specified by the user-controlled file parameter without proper validation o...

ruoyi-vue-pro 路径遍历漏洞

ruoyi-vue-pro is the Taro Road source code zhijiantianya open source an optimized refactored efficient backend management system framework for the development of enterprise backend , SaaS platform , WeChat small program backend and so on. ruoyi-vue-pro 2.4.1 version of a security vulnerability ,...

ruoyi-vue-pro 路径遍历漏洞

ruoyi-vue-pro is the Taro Road source code zhijiantianya open source an optimized refactored efficient backend management system framework for the development of enterprise backend , SaaS platform , WeChat small program backend and so on. ruoyi-vue-pro 2.4.1 version of a security vulnerability ,...

ruoyi-vue-pro 路径遍历漏洞

ruoyi-vue-pro is Taro source code zhijiantianya open source an optimized and refactored efficient backend management system framework for the development of enterprise backend , SaaS platform , WeChat small program backend and so on. ruoyi-vue-pro 2.4.1 version of the path traversal vulnerability...

LzCMS 代码问题漏洞

LzCMS is a simple blogging system by the individual developer of phplaozhang. A code issue vulnerability exists in LzCMS 1.1.4 and earlier versions, which stems from improper operation of the File parameter in the /admin/upload/upimage.html file, which may result in arbitrary file uploads...

zz 安全漏洞

zz is an e-commerce platform for zj1983 individual developers. A security vulnerability exists in zz 2024-8 and earlier versions, which stems from improper handling of the file parameter in the /resolve file, resulting in unlimited uploads...

LightPicture 代码问题漏洞

LightPicture is an enterprise/team/individual image resource management system, image bed system for osuuuu individual developers. A code issue vulnerability exists in LightPicture version 1.2.2, which stems from improper handling of the file parameter in the /app/controller/Api.php file, resulti...

CVE-2025-25968

DDSN Interactive cm3 Acora CMS version 10.1.1 contains an improper access control vulnerability. An editor-privileged user can access sensitive information, such as system administrator credentials, by force browsing the endpoint and exploiting the 'file' parameter. By referencing specific files...

CVE-2024-55457

MasterSAM Star Gate 11 is vulnerable to directory traversal via /adama/adama/downloadService. An attacker can exploit this vulnerability by manipulating the file parameter to access arbitrary files on the server, potentially exposing sensitive information...

CVE-2024-55457

MasterSAM Star Gate 11 is vulnerable to directory traversal via /adama/adama/downloadService. An attacker can exploit this vulnerability by manipulating the file parameter to access arbitrary files on the server, potentially exposing sensitive information...

SIAM Industria de Automação e Monitoramento SIAM 代码注入漏洞

SIAM Industria de Automação e Monitoramento SIAM is a software from SIAM Industria de Automação e Monitoramento for managing and configuring automation devices, user permissions, and related functions. A code injection vulnerability exists in SIAM Industria de Automação e Monitoramento SIAM versi...

CVE-2020-11738

The Snap Creek Duplicator plugin before 1.3.28 for WordPress and Duplicator Pro before 3.8.7.1 allows Directory Traversal via ../ in the file parameter to duplicatordownload or duplicatorinit...

CVE-2024-12976

A vulnerability, which was classified as critical, has been found in CodeZips Hospital Management System 1.0. Affected by this issue is some unknown functionality of the file /staff.php. The manipulation of the argument tel leads to sql injection. The attack may be launched remotely. The exploit...

WordPress plugin WP Image Uploader 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin.... A cross-site scripting...

PT-2025-2251 · WordPress · Wp Image Uploader

Name of the Vulnerable Software and Affected Versions: WP Image Uploader plugin for WordPress versions up to, and including, 1.0.1 Description: The issue is related to Reflected Cross-Site Scripting via the file parameter due to insufficient input sanitization and output escaping. This allows...

CVE-2024-57549

CMSimple 5.16 allows the user to read cms source code through manipulation of the file name in the file parameter of a GET request...

CVE-2024-57549

CMSimple 5.16 allows the user to read cms source code through manipulation of the file name in the file parameter of a GET request...

CMSimple 安全漏洞

CMSimple is a free content management system from CMSimple open source. A security vulnerability exists in CMSimple version 5.16 that originates from allowing a user to read cms source code by manipulating the filename in the file parameter of a GET request...

PT-2025-3470 · Cmsimple · Cmsimple

Name of the Vulnerable Software and Affected Versions: CMSimple version 5.16 Description: The issue allows a user to read the CMS source code by manipulating the file name in the file parameter of a GET request. This is due to incorrect restriction of the path name to a directory with limited...