CVE-2023-52045

Studio-42 eLfinder 2.1.62 contains a filename restriction bypass leading to a persistent Cross-site Scripting XSS vulnerability...

CVE-2023-52045

Studio-42 eLfinder 2.1.62 contains a filename restriction bypass leading to a persistent Cross-site Scripting XSS vulnerability...

elFinder 安全漏洞

elFinder is an open source web file manager from Studio 42 Open Source. A security vulnerability exists in elFinder version 2.1.62, which stems from the inclusion of a filename restriction bypass vulnerability that can lead to a persistent cross-site scripting vulnerability...

CVE-2023-52045

CVE-2023-52045 affects Studio-42 elFinder 2.1.62, where a filename restriction bypass leads to a persistent XSS vulnerability. Impact: stored XSS via crafted filenames; context is in elFinder file handling. Remediation: upgrade to elFinder 2.1.63 or higher (as reported by Snyk/Veracode/Red Hat re...

UBUNTU-CVE-2024-46953

An issue was discovered in base/gsdevice.c in Artifex Ghostscript before 10.04.0. An integer overflow when parsing the filename format string for the output filename results in path truncation, and possible path traversal and code execution...

CVE-2024-50457

: Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Qode Interactive Qode Essential Addons.This issue affects Qode Essential Addons: from n/a through 1.6.3...

CVE-2024-50436

CVE-2024-50436 is a Local File Inclusion vulnerability in the WordPress Theme Clean Retina (Theme Horse)

PT-2024-34275 · Unknown · Buynowdepot Advanced Online Ordering/Delivery Platform

Name of the Vulnerable Software and Affected Versions: BuyNowDepot Advanced Online Ordering and Delivery Platform versions n/a through 2.0.0 Description: The issue affects the BuyNowDepot Advanced Online Ordering and Delivery Platform, allowing for PHP Local File Inclusion due to an improper...

K000148248: less vulnerability CVE-2024-32487

Security Advisory Description less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename.c. Exploitation typically requires use with attacker-controlled file names, such as the files extracted from an untrusted archive...

CVE-2024-45259

An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. By intercepting an HTTP request and changing the filename property in the download interface, any file on the device can be deleted...

CVE-2024-45259

An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. By intercepting an HTTP request and changing the filename property in the download interface, any file on the device can be deleted...

SUSE CVE-2024-46953

An issue was discovered in base/gsdevice.c in Artifex Ghostscript before 10.04.0. An integer overflow when parsing the filename format string for the output filename results in path truncation, and possible path traversal and code execution...

PT-2024-33653

Name of the Vulnerable Software and Affected Versions: Theme Horse Mags versions 1.1.6 and earlier Description: The issue is related to an Improper Control of Filename for Include/Require Statement in PHP Program, also known as 'PHP Remote File Inclusion'. This is a type of vulnerability where an...

WordPress plugin Mags 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress plugin Qi Blocks 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CVE-2024-49934 fs/inode: Prevent dump_mapping() accessing invalid dentry.d_name.name

In the Linux kernel, the following vulnerability has been resolved: fs/inode: Prevent dumpmapping accessing invalid dentry.dname.name It's observed that a crash occurs during hot-remove a memory device, in which user is accessing the hugetlb. See calltrace as following: ------------ cut here...

PT-2024-33457 · Php +1 · Php +1

Name of the Vulnerable Software and Affected Versions: ZIPANG Point Maker versions through 0.1.4 Description: The issue affects ZIPANG Point Maker due to improper control of filename for include/require statement in PHP program, allowing PHP Local File Inclusion. This is related to 'PHP Remote Fi...

CVE-2024-48029

CVE-2024-48029 affects the WordPress SB Random Posts Widget. The vulnerability is an improper control of the filename for include/require statements in PHP (PHP Remote File Inclusion) that enables Local File Inclusion via the SB Random Posts Widget

CVE-2024-49251

CVE-2024-49251 corresponds to a Local File Inclusion in the WordPress plugin Maan Addons For Elementor (

SUSE CVE-2024-47874

Starlette is an Asynchronous Server Gateway Interface ASGI framework/toolkit. Prior to version 0.40.0, Starlette treats multipart/form-data parts without a filename as text form fields and buffers those in byte strings with no size limit. This allows an attacker to upload arbitrary large form...