H3C SecCenter SMP-E1114P02 路径遍历漏洞

H3C SecCenter SMP-E1114P02 is a security management platform from China's Xinhua San H3C. A path traversal vulnerability exists in H3C SecCenter SMP-E1114P02 20250513 and earlier versions, which stems from path traversal due to incorrect operation of the parameter filename in the file...

H3C SecCenter SMP-E1114P02 路径遍历漏洞

H3C SecCenter SMP-E1114P02 is a security management platform from China's Xinhua San H3C. A path traversal vulnerability exists in H3C SecCenter SMP-E1114P02 20250513 and earlier versions, which stems from path traversal due to incorrect operation of the parameter filename in the file...

PT-2025-22870 · H3C · H3C Seccenter Smp-E1114P02

Name of the Vulnerable Software and Affected Versions: H3C SecCenter SMP-E1114P02 up to 20250513 Description: A vulnerability was found in the function downloadSoftware of the file /cfgFile/downloadSoftware. The manipulation of the argument filename leads to path traversal. The attack can be...

CVE-2025-47438

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in wpjobportal WP Job Portal allows PHP Local File Inclusion. This issue affects WP Job Portal: from n/a through 2.3.1...

CVE-2025-47453

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Xylus Themes WP Smart Import wp-smart-import allows PHP Local File Inclusion.This issue affects WP Smart Import: from n/a through = 1.1.3...

CVE-2025-46454

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in svil4ok Meta Keywords & Description wp-meta-keywords-meta-description allows PHP Local File Inclusion.This issue affects Meta Keywords & Description: from n/a through = 0.8...

CVE-2025-39494

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Mikado-Themes Wilmër allows PHP Local File Inclusion. This issue affects Wilmër: from n/a through n/a...

CVE-2025-32286

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ApusTheme Butcher butcher allows PHP Local File Inclusion.This issue affects Butcher: from n/a through = 2.40...

CVE-2025-31064

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in gavias Vizeon - Business Consulting vizeon allows PHP Local File Inclusion.This issue affects Vizeon - Business Consulting: from n/a through 1.2.1...

CVE-2025-5106 Fujian Kelixun Filename fax_view.php os command injection

A vulnerability was found in Fujian Kelixun 1.0. It has been classified as critical. This affects an unknown part of the file /app/fax/faxview.php of the component Filename Handler. The manipulation of the argument faxfile leads to os command injection. It is possible to initiate the attack...

CVE-2025-5106 Fujian Kelixun Filename fax_view.php os command injection

A vulnerability was found in Fujian Kelixun 1.0. It has been classified as critical. This affects an unknown part of the file /app/fax/faxview.php of the component Filename Handler. The manipulation of the argument faxfile leads to os command injection. It is possible to initiate the attack...

CVE-2025-5106

The CVE-2025-5106 entry concerns Fujian Kelixun 1.0, specifically the Filename Handler component. Affected file: /app/fax/fax_view.php; the fax_file argument can be manipulated to trigger an OS command injection. Attack is described as remote, with public exploit disclosure and vendor non-respons...

CVE-2024-52787

An issue in the uploaddocuments method of libre-chat v0.0.6 allows attackers to execute a path traversal via supplying a crafted filename in an uploaded file...

CVE-2024-47531

Scout is a web-based visualizer for VCF-files. Due to the lack of sanitization in the filename, it is possible bypass intended file extension and make users download malicious files with any extension. With malicious content injected inside the file data and users unknowingly downloading it and...

CVE-2024-7356

The Zephyr Project Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘filename’ parameter in all versions up to, and including, 3.3.100 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2024-30849

Arbitrary file upload vulnerability in Sourcecodester Complete E-Commerce Site v1.0, allows remote attackers to execute arbitrary code via filename parameter in admin/productsphoto.php...

CVE-2024-25832

F-logic DataCube3 v1.0 is vulnerable to unrestricted file upload, which could allow an authenticated malicious actor to upload a file of dangerous type by manipulating the filename extension...

CVE-2024-23826

spbusesite is the website of the Department of System Programming of St. Petersburg State University. Before 2024.01.29, when uploading an avatar image, an authenticated user may intentionally use a large Unicode filename which would lead to a server-side denial of service under Windows. This is...

CVE-2024-24025

An arbitrary File upload vulnerability exists in Novel-Plus v4.3.0-RC1 and prior at com.java2nb.common.controller.FileController: upload. An attacker can pass in specially crafted filename parameter to perform arbitrary File download...

CVE-2024-37673

Cross Site Scripting vulnerability in Tessi Docubase Document Management product 5.x allows a remote attacker to execute arbitrary code via the filename parameter...