CVE-2022-36593

kkFileView v4.0.0 was discovered to contain an arbitrary file deletion vulnerability via the fileName parameter at /controller/FileController.java...

Arbitrary file deletion

kkFileView v4.0.0 was discovered to contain an arbitrary file deletion vulnerability via the fileName parameter at /controller/FileController.java...

CVE-2022-36593

kkFileView v4.0.0 was discovered to contain an arbitrary file deletion vulnerability via the fileName parameter at /controller/FileController.java...

PT-2022-23493 · Unknown · Kkfileview

Name of the Vulnerable Software and Affected Versions: kkFileView version 4.0.0 Description: The issue allows for arbitrary file deletion via the fileName parameter at the /controller/FileController.java endpoint. Recommendations: For kkFileView version 4.0.0, consider restricting access to the...

kkFileView 路径遍历漏洞

Keking kkFileView is a Spring-Boot project for online previewing of files and documents from Keking Technology Keking. A path traversal vulnerability exists in kkFileView v4.0.0, which is caused by an arbitrary file deletion vulnerability found in the fileName parameter of...

CVE-2022-37076

TOTOLINK A7000R V9.1.0u.6115B20201022 was discovered to contain a command injection vulnerability via the FileName parameter in the function UploadFirmwareFile...

CVE-2022-36486

TOTOLINK N350RT V9.3.5u.6139B20201216 was discovered to contain a command injection vulnerability via the FileName parameter in the function UploadFirmwareFile...

CVE-2022-36460

TOTOLINK A3700R V9.1.2u.6134B20201202 was discovered to contain a command injection vulnerability via the FileName parameter in the function UploadFirmwareFile...

Command injection

TOTOLINK A3700R V9.1.2u.6134B20201202 was discovered to contain a command injection vulnerability via the FileName parameter in the function UploadFirmwareFile...

CVE-2022-37076

Totolink A7000R devices running V9.1.0u.6115_B20201022 are affected by a command-injection vulnerability in the UploadFirmwareFile function, exploitable via the FileName parameter. According to multiple sources (NVD, Red Hat advisory, CNNVD, PT-Research), the flaw is a local issue with high impac...

CVE-2022-37076

TOTOLINK A7000R V9.1.0u.6115B20201022 was discovered to contain a command injection vulnerability via the FileName parameter in the function UploadFirmwareFile...

TOTOLINK N350RT 操作系统命令注入漏洞

The TOTOLINK N350RT is a small home router from China's Gion Electronics TOTOLINK. An operating system command injection vulnerability exists in the TOTOLINK N350RT version V9.3.5u.6139B20201216, which stems from a command injection issue with the FileName parameter of the UploadFirmwareFile meth...

PT-2022-23383 · Totolink · Totolink A3700R

Name of the Vulnerable Software and Affected Versions: TOTOLINK A3700R version 9.1.2u.6134 B20201202 Description: A command injection issue was found in the UploadFirmwareFile function via the FileName parameter. Recommendations: For version 9.1.2u.6134 B20201202, avoid using the FileName paramet...

Zoo Management System 代码问题漏洞

Zoo Management System is a zoo management system by Carlo Montero, an individual developer. It provides an online and automated platform for zoo organizations to manage their daily records. A code issue vulnerability exists in Zoo Management System. An attacker could exploit the vulnerability by...

Unauthenticated Path Traversal

Description A unauthenticated user can read and download files of the application system by abusing the filename parameter, of the /api/image/cover-uploadendpoint, that is not properly sanitized. Proof of Concept 1 - Send the following request, where the filename has the relative path of the targ...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the filename parameter in the 'New Page' dialog on the Overview or Pages page. Details Cross-site scripting or XSS is a code vulnerability that occurs when an attacker “injects” a malicious script into an...

XSS via `filename` parameter to New Page dialog

Cross site scripting XSS in gollum 5.0 to 5.1.2 via the filename parameter to the 'New Page' dialog...

CVE-2020-35305

Cross site scripting XSS in gollum 5.0 to 5.1.2 via the filename parameter to the 'New Page' dialog...

GHSA-7X8G-H246-GVX3 Dolibarr authenticated Remote Code Execution

Dolibarr 12.0.3 is vulnerable to authenticated Remote Code Execution. An attacker who has the access the admin dashboard can manipulate the backup function by inserting a payload into the filename for the zipfilenametemplate parameter to admin/tools/dolibarrexport.php...

CVE-2022-24394

Summary of CVE-2022-24394 (Fidelis Network/Deception CommandPost) : A command-injection vulnerability exists in Fidelis Network Deception CommandPost via the update_checkfile value of the filename parameter. The issue permits an authenticated attacker to craft an HTTP request that executes system...