Simple Music Player 代码问题漏洞

Simple Music Player is a simple music player by the individual developer Carlo Montero. A code issue vulnerability exists in SourceCodester Simple Music Player version 1.0, which stems from a problem with the file savemusic.php, where manipulation of the parameter filename can lead to unrestricte...

PT-2023-17016 · Sourcecodester · Sourcecodester Simple Music Player

Name of the Vulnerable Software and Affected Versions: SourceCodester Simple Music Player version 1.0 Description: A critical issue has been found in the software, affecting an unknown function of the file save music.php. The manipulation of the filename argument leads to unrestricted upload. Thi...

CVE-2023-1433

A vulnerability was found in SourceCodester Gadget Works Online Ordering System 1.0. It has been classified as problematic. This affects an unknown part of the file admin/products/controller.php?action=add of the component Products Handler. The manipulation of the argument filename leads to...

PT-2023-16980 · Sourcecodester · Sourcecodester Gadget Works Online Ordering System

Name of the Vulnerable Software and Affected Versions: SourceCodester Gadget Works Online Ordering System version 1.0 Description: A problematic issue has been found in the Products Handler component, specifically affecting an unknown part of the file admin/products/controller.php?action=add. The...

CVE-2023-26256

An unauthenticated path traversal vulnerability affects the "STAGIL Navigation for Jira - Menu & Themes" plugin before 2.0.52 for Jira. By modifying the fileName parameter to the snjFooterNavigationConfig endpoint, it is possible to traverse and read the file system...

PT-2023-20565 · Unknown · Stagil Navigation For Jira - Menu & Themes

Name of the Vulnerable Software and Affected Versions: STAGIL Navigation for Jira - Menu & Themes plugin versions prior to 2.0.52 for Jira Description: An unauthenticated path traversal issue affects the plugin. By modifying the fileName parameter to the "snjCustomDesignConfig" endpoint, it is...

CVE-2021-33949

An issue in FeMiner WMS v1.1 allows attackers to execute arbitrary code via the filename parameter and the exec function...

CVE-2021-33949

An issue in FeMiner WMS v1.1 allows attackers to execute arbitrary code via the filename parameter and the exec function...

CVE-2021-33949

An issue in FeMiner WMS v1.1 allows attackers to execute arbitrary code via the filename parameter and the exec function...

FeMiner wms 安全漏洞

FeMiner wms is a repository management system for individual developers of Chinese front-end miners FeMiner. A security vulnerability exists in FeMiner wms v1.1 that allows an attacker to execute arbitrary code via the filename parameter and exec function...

CVE-2021-33949

An issue in FeMiner WMS v1.1 allows attackers to execute arbitrary code via the filename parameter and the exec function...

SUSE CVE-2009-3999

Stack-based buffer overflow in goform/formExportDataLogs in HP Power Manager before 4.2.10 allows remote attackers to execute arbitrary code via a long fileName parameter...

CVE-2023-24148

TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the FileName parameter in the setUploadUserData function...

CVE-2023-24148

TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the FileName parameter in the setUploadUserData function...

CVE-2023-24148

TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the FileName parameter in the setUploadUserData function...

TOTOLINK CA300-PoE 命令注入漏洞

The TOTOLINK CA300-PoE is a wireless access point from China Gion Electronics TOTOLINK. A security vulnerability exists in TOTOLINK CA300-PoE version V6.2c.884, which is caused by a command injection issue in the FileName parameter of the setUploadUserData method...

CVE-2023-24148

The CVE-2023-24148 entry applies to TOTOLINK CA300-PoE, firmware version V6.2c.884, which contains a command-injection vulnerability in the FileName parameter of the setUploadUserData function. The issue is documented across multiple sources (NVD/Red Hat/CNNVD and others) with a CVSS v3.1 base sc...

CVE-2022-45542

EyouCMS = 1.6.0 was discovered a reflected-XSS in the FileManager component in GET parameter "filename" when editing any file...

CVE-2022-48124

TOTOlink A7100RU V7.4cu.2313B20191024 was discovered to contain a command injection vulnerability via the FileName parameter in the setting/setOpenVpnCertGenerationCfg function...

Command injection

TOTOlink A7100RU V7.4cu.2313B20191024 was discovered to contain a command injection vulnerability via the FileName parameter in the setting/setOpenVpnCertGenerationCfg function...