Path traversal

An incorrect access control issue in the component FileManager of Ovidentia CMS 6.0 allows authenticated attackers to to view and download content in the upload directory via path traversal...

CVE-2022-22914

CVE-2022-22914 affects Ovidentia CMS 6.0 FileManager. The issue is an incorrect access control that permits an authenticated attacker to view and download files in the upload directory via path traversal. Underlying cause: insufficient restriction on file paths in FileManager. Impact: exposure of...

Ovidentia 路径遍历漏洞

Ovidentia is an open source content management system and collaboration platform based on PHP and MySQL from the French team CANTICO Cantico, which can be used for publishing and managing projects, publication and article management, schedule sharing, and more. A path traversal vulnerability exis...

GHSA-F8X6-M9F5-FFP8 Unrestricted Upload of File with Dangerous Type in unisharp/laravel-filemanager

This affects the package unisharp/laravel-filemanager prior to version 2.6.2. The upload function does not sufficiently validate the file type when uploading. An attacker may be able to reproduce the following steps: - Install a package with a web Laravel application. - Navigate to the Upload...

CVE-2021-23814

This affects versions of the package unisharp/laravel-filemanager before 2.6.2. The upload function does not sufficiently validate the file type when uploading. An attacker may be able to reproduce the following steps: 1. Install a package with a web Laravel application. 2. Navigate to the Upload...

CVE-2021-23814

This affects versions of the package unisharp/laravel-filemanager before 2.6.2. The upload function does not sufficiently validate the file type when uploading. An attacker may be able to reproduce the following steps: 1. Install a package with a web Laravel application. 2. Navigate to the Upload...

CVE-2021-23814

CVE-2021-23814 affects unisharp/laravel-filemanager before 2.6.2. The upload() function does not adequately validate the uploaded file’s type, enabling an attacker to replace a benign image with a malicious file (e.g., webshell) and potentially achieve Remote Code Execution by submitting and modi...

PT-2021-15554 · Unknown · Unisharp/Laravel-Filemanager

Name of the Vulnerable Software and Affected Versions: unisharp/laravel-filemanager versions prior to 2.6.2 Description: The issue arises from insufficient validation of file types during the upload process, specifically in the upload function. This allows an attacker to potentially upload...

laravel-filemanager 代码问题漏洞

laravel-filemanager is an open source tool from UniSharp. A code issue vulnerability exists in laravel-filemanager that stems from the upload function not adequately validating the file type during upload. An attacker can replicate the following steps to exploit the vulnerability:Install a packag...

Jfinal cms improper access control vulnerability

Jfinal CMS is a powerful information consulting website developed in java that uses JFinal as the web framework, beetl for the template engine, mysql for the database, and bootstrap framework for the front-end. improper access control vulnerabilities exist in Jfinal CMS 4.7.1 and earlier versions...

Jfinal cms improper access control vulnerability

Jfinal CMS is a powerful information consulting website developed in java that uses JFinal as the web framework, beetl for the template engine, mysql for the database, and bootstrap framework for the front end. an improper access control vulnerability exists in Jfinal CMS 4.7.1 and earlier...

CVE-2020-19155

Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive information and/or execute arbitrary code via the 'FileManager.rename' function in the component 'modules/filemanager/FileManagerController.java'...

CVE-2020-19154

Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive information via the 'FileManager.editFile' function in the component 'modules/filemanager/FileManagerController.java'...

CVE-2020-19147

Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive infromation via the 'getFolder' function in the component '/modules/filemanager/FileManager.java'...

Command injection

Command Injection in Jfinal CMS v4.7.1 and earlier allows remote attackers to execute arbitrary code by uploading a malicious HTML template file via the component 'jfinalcms/admin/filemanager/list'...

Improper access control

Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive information via the 'FileManager.editFile' function in the component 'modules/filemanager/FileManagerController.java'...

CVE-2020-19154

Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive information via the 'FileManager.editFile' function in the component 'modules/filemanager/FileManagerController.java'...

Jfinal CMS 路径遍历漏洞

Jfinal CMS is a powerful information consulting website developed in java, using JFinal as the web framework, template engine with beetl, database with mysql, front-end bootstrap framework. jfinal CMS 4.7.1 and earlier versions have improper access control vulnerabilities. An attacker could use t...

CVE-2020-20642

Cross Site Request Forgery CSRF vulnerability exists in EyouCMS 1.3.6 that can add an htm page to execute the js code via login.php?m=admin&c=Filemanager&a=newfile&lang=cn...

CVE-2020-20642

CVE-2020-20642: CSRF vulnerability in EyouCMS 1.3.6 allows adding an HTML page to execute JavaScript via login.php?m=admin&c=Filemanager&a=newfile&lang=cn. Affected product is EyouCMS (ThinkPHP-based). Root cause: cross-site request forgery enabling unauthorized page creation; exact exploit path ...