10 matches found
GHSA-J4H9-PM27-4RFW OctoPrint has possible file exfiltration via query parameters on upload endpoints
Impact OctoPrint versions up until and including 1.11.7 as well as 2.0.0rc1 and 2.0.0rc2 contain a vulnerability that allows an attacker with the FILEUPLOAD permission to exfiltrate files from the host that OctoPrint has read access to, by moving them into the upload folder where they then can be...
PT-2026-51635
Name of the Vulnerable Software and Affected Versions OctoPrint versions prior to 1.11.8 OctoPrint versions 2.0.0rc1 through 2.0.0rc2 Description An issue exists where an attacker with FILE UPLOAD permissions can exfiltrate files from the host that OctoPrint has read access to by moving them into...
CVE-2025-64747 Directus Vulnerable to Stored Cross-site Scripting
Directus is a real-time API and App dashboard for managing SQL database content. A stored cross-site scripting XSS vulnerability exists in versions prior to 11.13.0 that allows users with upload files and edit item permissions to inject malicious JavaScript through the Block Editor interface...
PT-2025-46912
Name of the Vulnerable Software and Affected Versions Directus versions prior to 11.13.0 Description Directus is a real-time API and App dashboard for managing SQL database content. A stored cross-site scripting XSS issue exists that allows users with upload files and edit item permissions to...
CVE-2025-6465
Mattermost Server is affected by CVE-2025-6465 due to failure to sanitize file names in file streaming APIs, enabling path-traversal to overwrite attachment thumbnails by users with file upload permission. Affected versions include Mattermost Server 10.8.x up to 10.8.3, 10.5.x up to 10.5.8, 10.10...
CVE-2022-45968
Alist v3.4.0 is vulnerable to File Upload. A user with only file upload permission can upload any file to any folder even a password protected one...
CVE-2021-3164
ChurchRota 2.6.4 is vulnerable to authenticated remote code execution. The user does not need to have file upload permission in order to upload and execute an arbitrary file via a POST request to resources.php...
CVE-2021-3164
ChurchRota 2.6.4 is vulnerable to authenticated remote code execution. The user does not need to have file upload permission in order to upload and execute an arbitrary file via a POST request to resources.php...
Church Rota 2.6.4 Shell Upload
import requests from pwn import listen CVE-2021-3164 Church Rota version 2.6.4 is vulnerable to authenticated remote code execution. The user does not need to have file upload permission in order to upload and execute an arbitrary file. The application is written primarily with PHP so we use PHP ...
WordPress InBoundio Marketing Plugin 1.0 /admin/partials/csv_uploader.php 文件上传漏洞
/admin/partials/csvuploader.php?php $ds = DIRECTORYSEPARATOR; //1 $storeFolder = 'uploadedcsv'; //2 if !empty$FILES $FILES'file''name' = pregreplace'/^A-Za-z0-9 .-/', '', $FILES'file''name'; $FILES'file''name' = pregreplace'/\s+/', '', $FILES'file''name'; $tempFile = $FILES'file''tmpname'; //3...