Gotenberg has an ExifTool Dangerous Tag Blocklist Bypass via Group-Prefixed Tag Names that Allows Arbitrary File Rename and Move

Summary Gotenberg blocks certain ExifTool tag names like FileName and Directory to stop attackers from renaming or moving files on the server. But ExifTool allows a longer form of the same tag — System:FileName — which does the exact same thing. Gotenberg only checks if the tag is exactly FileNam...

CVE-2026-6257

CVE-2026-6257 affects Vvveb CMS v1.0.8. A missing return in the file rename handler in the media management module enables an authenticated user to perform a two-step file-rename: first upload a text file, rename to “.htaccess” to inject PHP MIME-type directives, then rename another file to “.php...

EUVD-2018-8205

Malware in sbrugna...

EUVD-2018-2588

Malware in sbrugna...

EUVD-2017-9565

Malware in sbrugna...

CVE-2025-2195

CVE-2025-2195 affects MRCMS 3.1.2, where the vulnerable component is the rename function in /admin/file/rename.do (org.marker.mushroom.controller.FileController). The manipulation of the name/path argument enables cross-site scripting (XSS); the issue can be exploited remotely and exploitation ha...

CVE-2022-3125

The Frontend File Manager Plugin WordPress plugin before 21.3 allows any authenticated users, such as subscriber, to rename a file to an arbitrary extension, like PHP, which could allow them to basically be able to upload arbitrary files on the server and achieve RCE...

WordPress plugin Frontend File Manager 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A security vulnerability exists in the WordPress plugin...

The vulnerability of the ext4_xattr_set_entry() function in the Linux operating system allows a hacker to cause a service failure.

The vulnerability of the ext4xattrsetentry function in the Linux operating system is related to the use of memory after it is freed. Exploiting this vulnerability could allow an attacker to cause a service failure during the renaming of a file in a specially created ext4 file system image...

File Renaming Vulnerability in CMS Made Simple v2.2.5

CMS Made Simple is a simple, easy-to-use content management system developed using PHP, MySQL and Smarty template engines. A file renaming vulnerability exists in CMS Made Simple v2.2.5 due to the system failing to effectively filter input parameters. An attacker can exploit this vulnerability to...

CVE-2015-4032

CVE-2015-4032 affects Visual Mining NetCharts Server, specifically projectContents.jsp in Developer tools. The documented vulnerability allows remote attackers to rename arbitrary files, enabling arbitrary code execution via unspecified vectors. This is supported by multiple sources (e.g., ZDI-15...