941 matches found
PT-2023-19466 · Unknown · Zhong Bang Crmeb
Name of the Vulnerable Software and Affected Versions: Zhong Bang CRMEB version 4.6.0 Description: A critical issue affects the videoUpload function in the file SystemAttachmentServices.php, allowing unrestricted upload through manipulation of the filename argument. This can be initiated remotely...
CVE-2023-29800
TOTOLINK X18 V9.1.0cu.2024B20220329 was discovered to contain a command injection vulnerability via the FileName parameter in the UploadFirmwareFile function...
Command injection
TOTOLINK X18 V9.1.0cu.2024B20220329 was discovered to contain a command injection vulnerability via the FileName parameter in the UploadFirmwareFile function...
PT-2023-3156 · Totolink · Totolink X18
Name of the Vulnerable Software and Affected Versions: TOTOLINK X18 version V9.1.0cu.2024 B20220329 Description: The issue is related to insufficient argument validation in the UploadFirmwareFile function of the TOTOLINK X18 router's firmware, allowing a remote attacker to execute arbitrary...
CVE-2023-29800
TOTOLINK X18 V9.1.0cu.2024B20220329 was discovered to contain a command injection vulnerability via the FileName parameter in the UploadFirmwareFile function...
CVE-2023-27179
GDidees CMS v3.9.1 and lower was discovered to contain an arbitrary file download vulenrability via the filename parameter at /admin/imgdownload.php...
CVE-2023-27179
GDidees CMS v3.9.1 and lower was discovered to contain an arbitrary file download vulenrability via the filename parameter at /admin/imgdownload.php...
Arbitrary file deletion
GDidees CMS v3.9.1 and lower was discovered to contain an arbitrary file download vulenrability via the filename parameter at /admin/imgdownload.php...
CVE-2023-27179
GDidees CMS v3.9.1 and lower was discovered to contain an arbitrary file download vulenrability via the filename parameter at /admin/imgdownload.php...
GDidees CMS 代码问题漏洞
GDidees CMS is a website builder from GDidees. A security vulnerability exists in GDidees CMS version v3.9.1 and earlier versions, which originated from a discovery of an arbitrary file download vulnerability via the filename parameter of /admin/imgdownload.php...
CVE-2023-27179
GDidees CMS v3.9.1 and lower was discovered to contain an arbitrary file download vulenrability via the filename parameter at /admin/imgdownload.php...
PT-2023-20991 · Unknown · Gdidees Cms
Name of the Vulnerable Software and Affected Versions: GDidees CMS versions 3.9.1 and lower Description: The issue is related to an arbitrary file download via the filename parameter at the "/ admin/imgdownload.php" API endpoint. This allows unauthorized access to files on the system...
CVE-2022-28497
TOTOLink outdoor CPE CP900 V6.3c.566B20171026 is discovered to contain a command injection vulnerability in the mtdwritebootloader function via the filename parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...
CVE-2022-28497
TOTOLink outdoor CPE CP900 V6.3c.566B20171026 is discovered to contain a command injection vulnerability in the mtdwritebootloader function via the filename parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...
CVE-2022-28494
TOTOLink outdoor CPE CP900 V6.3c.566B20171026 is discovered to contain a command injection vulnerability in the setUpgradeFW function via the filename parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...
TOTOLINK CP900 命令注入漏洞
The TOTOLINK CP900 is a wireless router from China-based TOTOLINK. A security vulnerability exists in the TOTOLINK CP900 due to a command injection issue in the filename parameter of the mtdwritebootloader function...
TOTOLINK CP900 操作系统命令注入漏洞
The TOTOLINK CP900 is a wireless router from China-based TOTOLINK. The TOTOLINK CP900 suffers from an operating system command injection vulnerability that stems from a command injection issue in the filename parameter of the setUpgradeFW function...
PT-2023-12946 · Totolink · Totolink Outdoor Cpe Cp900
Name of the Vulnerable Software and Affected Versions: TOTOLink outdoor CPE CP900 version 6.3c.566 B20171026 Description: A command injection issue exists in the setUpgradeFW function via the filename parameter, allowing attackers to execute arbitrary commands through a crafted request...
CVE-2022-28494
TOTOLink outdoor CPE CP900 V6.3c.566B20171026 is discovered to contain a command injection vulnerability in the setUpgradeFW function via the filename parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...
CVE-2023-1479
A vulnerability classified as critical has been found in SourceCodester Simple Music Player 1.0. Affected is an unknown function of the file savemusic.php. The manipulation of the argument filename leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been...