CVE-2024-44867

phpok v3.0 was discovered to contain an arbitrary file read vulnerability via the component /autoload/file.php...

CVE-2024-44867

phpok v3.0 was discovered to contain an arbitrary file read vulnerability via the component /autoload/file.php...

CVE-2024-44867

phpok v3.0 was discovered to contain an arbitrary file read vulnerability via the component /autoload/file.php...

CVE-2024-34982

An arbitrary file upload vulnerability in the component /include/file.php of lylmespage v1.9.5 allows attackers to execute arbitrary code via uploading a crafted file...

CVE-2024-1034

A vulnerability, which was classified as critical, was found in openBI up to 1.0.8. This affects the function uploadFile of the file /application/index/controller/File.php. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclose...

CVE-2024-1034 openBI File.php uploadFile unrestricted upload

A vulnerability, which was classified as critical, was found in openBI up to 1.0.8. This affects the function uploadFile of the file /application/index/controller/File.php. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclose...

CVE-2024-1034 openBI File.php uploadFile unrestricted upload

A vulnerability, which was classified as critical, was found in openBI up to 1.0.8. This affects the function uploadFile of the file /application/index/controller/File.php. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclose...

openBI Security Vulnerabilities

openBI is a big data visualization solution from openBI Inc. A security vulnerability exists in openBI version 1.0.8, which stems from an unrestricted file upload in the uploadFile method of the /application/index/controller/File.php file...

CVE-2024-0945 60IndexPage Parameter file.php server-side request forgery

A vulnerability classified as critical has been found in 60IndexPage up to 1.8.5. This affects an unknown part of the file /include/file.php of the component Parameter Handler. The manipulation of the argument url leads to server-side request forgery. It is possible to initiate the attack remotel...

CVE-2024-0352 Likeshop HTTP POST Request File.php userFormImage unrestricted upload

A vulnerability classified as critical was found in Likeshop up to 2.5.7.20210311. This vulnerability affects the function FileServer::userFormImage of the file server/application/api/controller/File.php of the component HTTP POST Request Handler. The manipulation of the argument file leads to...

CVE-2024-0341 Inis GET Request File.php path traversal

A vulnerability was found in Inis up to 2.0.1. It has been rated as problematic. This issue affects some unknown processing of the file /app/api/controller/default/File.php of the component GET Request Handler. The manipulation of the argument path leads to path traversal: '../filedir'. The explo...

CVE-2024-0341 Inis GET Request File.php path traversal

A vulnerability was found in Inis up to 2.0.1. It has been rated as problematic. This issue affects some unknown processing of the file /app/api/controller/default/File.php of the component GET Request Handler. The manipulation of the argument path leads to path traversal: '../filedir'. The explo...

CVE-2023-5790 SourceCodester File Manager App add-file.php unrestricted upload

A vulnerability classified as critical was found in SourceCodester File Manager App 1.0. Affected by this vulnerability is an unknown functionality of the file endpoint/add-file.php. The manipulation of the argument uploadedFileName leads to unrestricted upload. The attack can be launched remotel...

CVE-2023-5790 SourceCodester File Manager App add-file.php unrestricted upload

A vulnerability classified as critical was found in SourceCodester File Manager App 1.0. Affected by this vulnerability is an unknown functionality of the file endpoint/add-file.php. The manipulation of the argument uploadedFileName leads to unrestricted upload. The attack can be launched remotel...

Authentication flaw

An Improper Authentication vulnerability in upload-file.php, used by the J-Web component of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to upload arbitrary files to temporary folders on the device. This issue affects Juniper Networks Junos OS: All versions prior to...

CVE-2022-44401

Online Tours & Travels Management System v1.0 contains an arbitrary file upload vulnerability via /tour/admin/file.php...

CVE-2022-44401

Online Tours & Travels Management System v1.0 is affected by an arbitrary file upload vulnerability in /tour/admin/file.php. The CVE-2022-44401 entry consistently identifies the vulnerability as arbitrary file upload, implying attacker-controlled file upload could lead to high-severity impact (Co...

Path Traversal

concrete5/concrete5 is vulnerable to path traversal. The vulnerability exists because the getFileToImport function of file.php does not properly disable the chunk when uploading the files, allowing an attacker to access files outside the expected directory and delete the arbitrary files...

CVE-2021-45015

taocms 3.0.2 is vulnerable to arbitrary file deletion via taocms\include\Model\file.php from line 60 to line 72...

Arbitrary file deletion

taocms 3.0.2 is vulnerable to arbitrary file deletion via taocms\include\Model\file.php from line 60 to line 72...