wtcms 安全漏洞

wtcms is a ThinkPHP-based content management system CMS by Taosir Personal Developer. A security vulnerability exists in version 1.0 of wtcms, which stems from vulnerability to a false access control attack in the file CommonControllerHomebaseController.class.php...

CVE-2024-47883 Butterfly has path/URL confusion in resource handling leading to multiple weaknesses

The OpenRefine fork of the MIT Simile Butterfly server is a modular web application framework. The Butterfly framework uses the java.net.URL class to refer to what are expected to be local resource files, like images or templates. This works: "opening a connection" to these URLs opens the local...

PT-2025-17573

Name of the Vulnerable Software and Affected Versions Jmix versions 1.0.0 through 1.6.1 Jmix versions 2.0.0 through 2.3.4 Description The issue affects Jmix, a set of libraries and tools for Spring Boot data-centric application development. It allows manipulation of the input parameter, which...

CVE-2024-10290

A vulnerability, which was classified as problematic, was found in ZZCMS 2023. This affects an unknown part of the file 3/qq-connect2.0/API/com/inc.php. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The exploit has been disclosed to the public a...

ZZCMS 信息泄露漏洞

ZZCMS is a content management system CMS by the ZZCMS team in China. An information disclosure vulnerability exists in ZZCMS version 2023, which originates from operations on file 3/qq-connect2.0/API/com/inc.php that can lead to information disclosure...

PT-2024-16173 · Unknown · Phpgurukul Medical Card Generation System

Name of the Vulnerable Software and Affected Versions: PHPGurukul Medical Card Generation System version 1.0 Description: A critical issue has been found in the View Enquiry Page component, specifically affecting the file /admin/view-enquiry.php. The manipulation of the viewid argument leads to S...

Path Traversal

Lollms is vulnerable to a path traversal vulnerability. The vulnerability is due to improper validation of file paths in the lollmsfilesystem.py file, where functions like addragdatabase, togglemountragdatabase, and vectorizefolder lack necessary security measures, allowing attackers to access an...

CVE-2024-49215

...

Directory Traversal

Gradio is vulnerable to Directory Traversal. The vulnerability is due to improper file path handling in the /customcomponent endpoint, allowing attackers to access source code from custom components by manipulating the file path...

Arbitrary Code Execution

github.com/liamg/gitjacker is vulnerable to Arbitrary Code Execution. The vulnerability is due to improper handling of file paths, allowing directory traversal with a crafted .git directory...

The vulnerability of the OpenSSH cryptographic protection mechanism for Windows operating systems allows a hacker to execute arbitrary code.

The vulnerability of the OpenSSH cryptographic security mechanism for Windows operating systems is related to improper external management of file names or file paths. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

CVE-2024-7514

The WordPress Comments Import & Export plugin for WordPress is vulnerable to to arbitrary file read due to insufficient file path validation during the comments import process, in versions up to, and including, 2.3.7. This makes it possible for authenticated attackers, with Author-level access an...

CVE-2024-47166

Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves a one-level read path traversal in the /customcomponent endpoint. Attackers can exploit this flaw to access and leak source code from custom Gradio components by manipulating the file path in the...

PYSEC-2024-213

Gradio is an open-source Python package designed for quick prototyping. This vulnerability relates to the bypass of directory traversal checks within the isinorequal function. This function, intended to check if a file resides within a given directory, can be bypassed with certain payloads that...

CVE-2024-47166 One-level read path traversal in `/custom_component` in Gradio

Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves a one-level read path traversal in the /customcomponent endpoint. Attackers can exploit this flaw to access and leak source code from custom Gradio components by manipulating the file path in the...

GHSA-37QC-QGX6-9XJV Gradio has a one-level read path traversal in `/custom_component`

Impact What kind of vulnerability is it? Who is impacted? This vulnerability involves a one-level read path traversal in the /customcomponent endpoint. Attackers can exploit this flaw to access and leak source code from custom Gradio components by manipulating the file path in the request. Althou...

Codezips Pharmacy Management System SQL注入漏洞

Codezips Pharmacy Management System is a pharmacy management system from Codezips. A SQL injection vulnerability exists in Codezips Pharmacy Management System version 1.0, which stems from a parameter id in the file produc/update.php that can lead to SQL injection...

Gradio 路径遍历漏洞

Gradio, an open source Python library open-sourced by Hugging Face, is a method for demonstrating machine learning models through a friendly web interface. Gradio suffers from a path traversal vulnerability that stems from the isinorequal function designed to check whether a file is located in a...

PT-2024-32447 · Gradio · Gradio

Name of the Vulnerable Software and Affected Versions: Gradio versions prior to 5.0 Description: This issue relates to the bypass of directory traversal checks within the is in or equal function. The function, intended to check if a file resides within a given directory, can be bypassed with...

CVE-2024-47563

A vulnerability has been identified in SINEC Security Monitor All versions V4.9.0. The affected application does not properly validate a file path that is supplied to an endpoint intended to create CSR files. This could allow an unauthenticated remote attacker to create files in writable...