182 matches found
PT-2025-51306
Name of the Vulnerable Software and Affected Versions Zomplog version 3.9 Description An authenticated attacker can inject and execute arbitrary PHP code through file manipulation endpoints. This is achieved by uploading malicious JavaScript files, renaming them to PHP, and then executing system...
CVE-2025-65474
An arbitrary file rename vulnerability in the /admin/manager.php component of EasyImages 2.0 v2.8.6 and below allows attackers to execute arbitrary code via renaming a PHP file to a SVG format...
CVE-2025-65473
An arbitrary file rename vulnerability in the /admin/filer.php component of EasyImages 2.0 v2.8.6 and below allows attackers with Administrator privileges to execute arbitrary code via injecting a crafted payload into an uploaded file name...
EUVD-2025-202703
An arbitrary file rename vulnerability in the /admin/filer.php component of EasyImages 2.0 v2.8.6 and below allows attackers with Administrator privileges to execute arbitrary code via injecting a crafted payload into an uploaded file name...
CVE-2025-65474
An arbitrary file rename vulnerability in the /admin/manager.php component of EasyImages 2.0 v2.8.6 and below allows attackers to execute arbitrary code via renaming a PHP file to a SVG format...
PT-2025-50636
Name of the Vulnerable Software and Affected Versions EasyImages versions 2.0 through 2.8.6 Description A flaw exists in the /admin/manager.php component that allows for arbitrary file renaming. An attacker can exploit this to execute arbitrary code by renaming a PHP file to an SVG format...
EUVD-2025-202767
An arbitrary file rename vulnerability in the /admin/manager.php component of EasyImages 2.0 v2.8.6 and below allows attackers to execute arbitrary code via renaming a PHP file to a SVG format...
CVE-2025-65473
An arbitrary file rename vulnerability in the /admin/filer.php component of EasyImages 2.0 v2.8.6 and below allows attackers with Administrator privileges to execute arbitrary code via injecting a crafted payload into an uploaded file name...
CVE-2025-65474
An arbitrary file rename vulnerability in the /admin/manager.php component of EasyImages 2.0 v2.8.6 and below allows attackers to execute arbitrary code via renaming a PHP file to a SVG format...
PT-2025-50635
Name of the Vulnerable Software and Affected Versions EasyImages versions 2.0 through 2.8.6 Description A flaw exists within the /admin/filer.php component that allows attackers with Administrator privileges to execute arbitrary code. This is possible by injecting a crafted payload into an upload...
CVE-2025-65474
An arbitrary file rename vulnerability in the /admin/manager.php component of EasyImages 2.0 v2.8.6 and below allows attackers to execute arbitrary code via renaming a PHP file to a SVG format...
CVE-2025-65473
CVE-2025-65473 affects EasyImages 2.0 through 2.8.6, specifically the /admin/filer.php component. A flaw allows attackers with Administrator privileges to execute arbitrary code by injecting a crafted payload into an uploaded file name, resulting in arbitrary file rename. The Red Hat, CIRCL, NVD,...
CVE-2025-65474
CVE-2025-65474 affects EasyImages 2.0 up to and including 2.8.6. The vulnerability resides in the /admin/manager.php component, where insecure file renaming can be exploited to execute arbitrary code by renaming a PHP file to an SVG format. Impact is described as arbitrary code execution with hig...
CVE-2025-13382
The Frontend File Manager Plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 23.4. This is due to the plugin not validating file ownership before processing file rename requests in the '/wpfm/v1/file-rename' REST API endpoint. This makes i...
CVE-2025-13382 Frontend File Manager Plugin <= 23.4 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary File Renaming
The Frontend File Manager Plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 23.4. This is due to the plugin not validating file ownership before processing file rename requests in the '/wpfm/v1/file-rename' REST API endpoint. This makes i...
CVE-2025-13382 Frontend File Manager Plugin <= 23.4 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary File Renaming
The Frontend File Manager Plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 23.4. This is due to the plugin not validating file ownership before processing file rename requests in the '/wpfm/v1/file-rename' REST API endpoint. This makes i...
CVE-2025-13382
The CVE concerns the WordPress Frontend File Manager Plugin (versions up to 23.4). It is vulnerable to Insecure Direct Object Reference because the plugin does not validate file ownership before processing file rename requests via the REST endpoint /wpfm/v1/file-rename. This allows an authenticat...
PT-2025-48007
The Frontend File Manager Plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 23.4. This is due to the plugin not validating file ownership before processing file rename requests in the '/wpfm/v1/file-rename' REST API endpoint. This makes i...
EUVD-2021-23426
Malware in sbrugna...
EUVD-2017-9565
Malware in sbrugna...