CVE-2025-7645

The CVE-2025-7645 issue affects the WordPress plugin Extensions For CF7 (Extensions For CF7: Contact Form 7 Database, Conditional Fields and Redirection). The root cause is insufficient file path validation in the delete-file field, allowing unauthenticated attackers to delete arbitrary files on ...

CVE-2012-10020 FoxyPress <= 0.4.2.1 - Arbitrary File Upload

The FoxyPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the uploadify.php file in versions up to, and including, 0.4.2.1. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites server which may...

CVE-2025-50151 Apache Jena: Configuration files uploaded by administrative users are not check properly

File access paths in configuration files uploaded by users with administrator access are not validated. This issue affects Apache Jena version up to 5.4.0. Users are recommended to upgrade to version 5.5.0, which does not allow arbitrary configuration upload...

CVE-2025-7712

The Madara - Core plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the wpmangadeletezip function in all versions up to, and including, 2.2.3. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, whic...

CVE-2025-7438

The MasterStudy LMS Pro plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'installandactivateplugin' function in all versions up to, and including, 4.7.9. This makes it possible for authenticated attackers, with Subscriber-level access an...

CVE-2025-7438 MasterStudy LMS – Online Courses, eLearning PRO Plus <= 4.7.9 - Authenticated (Subscriber+) Arbitrary File Upload

The MasterStudy LMS Pro plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'installandactivateplugin' function in all versions up to, and including, 4.7.9. This makes it possible for authenticated attackers, with Subscriber-level access an...

PT-2025-30087 · Bosssoft · Bosssoft Crm Version 6.0

Name of the Vulnerable Software and Affected Versions: BossSoft CRM version 6.0 Description: A critical issue exists in BossSoft CRM 6.0 related to SQL injection. The vulnerability is located in an unknown functionality within the file /crm/module/HNDCBas customPrmSearchDtl.jsp. Manipulation of t...

CVE-2025-53891 TIME LINE has Improper File Validation in Upload Section

The timelineofficial/Time-Line- repository contains the source code for the TIME LINE website. A vulnerability was found in the TIME LINE website where uploaded files instruction/message media are not strictly validated for type and size. A user may upload renamed or oversized files that can...

PT-2025-29535

Name of the Vulnerable Software and Affected Versions Alone – Charity Multipurpose Non-profit WordPress Theme versions up to and including 7.8.3 Description The Alone – Charity Multipurpose Non-profit WordPress Theme is vulnerable to arbitrary file deletion due to insufficient file path validatio...

CVE-2025-6057

CVE-2025-6057 affects the WordPress plugin WPBookit, with all versions up to and including 1.0.4. The root cause is missing file type validation in handle_image_upload(), enabling authenticated attackers with Subscriber-level access and above to upload arbitrary files to the server, potentially e...

Path Traversal

github.com/ctfer-io/chall-manager is vulnerable to Path Traversal. The vulnerability is due to improper validation of file paths during zip extraction due to missing checks on extracted file paths, allowing attackers to write files outside the intended directory when decoding scenario zip archive...

CVE-2025-40738

A vulnerability has been identified in SINEC NMS All versions V4.0. The affected application does not properly validate file paths when extracting uploaded ZIP files. This could allow an attacker to write arbitrary files to restricted locations and potentially execute code with elevated privilege...

WordPress Vikinger Path Traversal Vulnerability

WordPress Vikinger is a WordPress blog theme developed by a foreign developer. WordPress Vikinger has a path traversal vulnerability that stems from insufficient file path validation in the function vikingerdeleteactivitymediaajax, which can be exploited by an attacker to tamper with the system...

Library System Code Issue Vulnerability

Library System is a library system. Library System has a code issue vulnerability that stems from the lack of valid validation of uploaded files by the parameter image in the file /profile.php. An attacker can exploit this vulnerability to upload malicious files...

CVE-2025-2932

The JKDEVKIT plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'fontuploadhandler' function in all versions up to, and including, 1.9.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delet...

WordPress plugin VikRentCar Car Rental Management System 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A code issue vulnerability exists in the WordPress...

CVE-2025-5746

The Drag and Drop Multiple File Upload Pro - WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the dnduploadcf7uploadchunks function in version 5.0 - 5.0.5 when bundled with the PrintSpace theme and all versions up to, and including,...

Code-Projects Simple Forum 代码问题漏洞

Simple forum is a simple forum. Simple forum has a code issue vulnerability that stems from the lack of valid validation of uploaded files in the parameter File in the file /forum1.php. An attacker can exploit this vulnerability to upload malicious files...

CVE-2025-20282

A vulnerability in an internal API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated, remote attacker to upload arbitrary files to an affected device and then execute those files on the underlying operating system as root. This vulnerability is due a lack of file validation checks tha...

CVE-2025-49135

CVAT is an open source interactive video and image annotation tool for computer vision. Versions 2.2.0 through 2.39.0 have no validation during the import process of a project or task backup to check that the filename specified in the query parameter refers to a TUS-uploaded file belonging to the...