708 matches found
Design/Logic Flaw
In OpenCart 1.4.7 to 1.5.5.1, implemented anti-traversal code in filemanager.php is ineffective and can be bypassed...
GHSA-G2X4-256V-5PVX Codiad Cross-site Scripting Vulnerability
A Cross Site Scripting XSS vulnerability was found in Codiad v1.7.8 and later. The vulnerability occurs because of improper sanitization of the folder's name $path variable in components/filemanager/class.filemanager.php. NOTE: the vendor states "Codiad is no longer under active maintenance by co...
CSZCMS 代码问题漏洞
CSZCMS is an open source web application that allows managing all content and settings on a website. A security vulnerability exists in CSZCMS version 1.3.0 that originates from the leakage of sensitive data via local files in /admin/filemanager/connector/...
Elefant CMS Code Execution Vulnerability
An issue was discovered in Elefant CMS before 2.0.7. There is a PHP Code Execution Vulnerability in apps/filemanager/upload/drop.php by using /filemanager/api/rm/.htaccess to remove the .htaccess file, and then using a filename that ends in .php followed by space characters for bypassing the...
GHSA-77J2-7WHR-6VPX Elefant CMS Code Execution Vulnerability
An issue was discovered in Elefant CMS before 2.0.7. There is a PHP Code Execution Vulnerability in apps/filemanager/upload/drop.php by using /filemanager/api/rm/.htaccess to remove the .htaccess file, and then using a filename that ends in .php followed by space characters for bypassing the...
CSZCMS 1.3.0 SSRF / LFI / Remote Code Execution Vulnerabilities
Title: CSZCMS V1.3.0 - SSRF To LFI To Rce Author: Hejap Zairy Vendor: https://sourceforge.net/projects/cszcms/files/install/ Software: https://liquidtelecom.dl.sourceforge.net/project/cszcms/install/CSZCMS-V1.3.0.zip Reference: https://github.com/Matrix07ksa Tested on: Windows, MySQL, Apache 1 -...
CVE-2022-22914
An incorrect access control issue in the component FileManager of Ovidentia CMS 6.0 allows authenticated attackers to to view and download content in the upload directory via path traversal...
Path traversal
An incorrect access control issue in the component FileManager of Ovidentia CMS 6.0 allows authenticated attackers to to view and download content in the upload directory via path traversal...
CVE-2022-22914
CVE-2022-22914 affects Ovidentia CMS 6.0 FileManager. The issue is an incorrect access control that permits an authenticated attacker to view and download files in the upload directory via path traversal. Underlying cause: insufficient restriction on file paths in FileManager. Impact: exposure of...
Ovidentia 路径遍历漏洞
Ovidentia is an open source content management system and collaboration platform based on PHP and MySQL from the French team CANTICO Cantico, which can be used for publishing and managing projects, publication and article management, schedule sharing, and more. A path traversal vulnerability exis...
GHSA-F8X6-M9F5-FFP8 Unrestricted Upload of File with Dangerous Type in unisharp/laravel-filemanager
This affects the package unisharp/laravel-filemanager prior to version 2.6.2. The upload function does not sufficiently validate the file type when uploading. An attacker may be able to reproduce the following steps: - Install a package with a web Laravel application. - Navigate to the Upload...
CVE-2021-23814
This affects versions of the package unisharp/laravel-filemanager before 2.6.2. The upload function does not sufficiently validate the file type when uploading. An attacker may be able to reproduce the following steps: 1. Install a package with a web Laravel application. 2. Navigate to the Upload...
CVE-2021-23814
This affects versions of the package unisharp/laravel-filemanager before 2.6.2. The upload function does not sufficiently validate the file type when uploading. An attacker may be able to reproduce the following steps: 1. Install a package with a web Laravel application. 2. Navigate to the Upload...
CVE-2021-23814
CVE-2021-23814 affects unisharp/laravel-filemanager before 2.6.2. The upload() function does not adequately validate the uploaded file’s type, enabling an attacker to replace a benign image with a malicious file (e.g., webshell) and potentially achieve Remote Code Execution by submitting and modi...
PT-2021-15554 · Unknown · Unisharp/Laravel-Filemanager
Name of the Vulnerable Software and Affected Versions: unisharp/laravel-filemanager versions prior to 2.6.2 Description: The issue arises from insufficient validation of file types during the upload process, specifically in the upload function. This allows an attacker to potentially upload...
laravel-filemanager 代码问题漏洞
laravel-filemanager is an open source tool from UniSharp. A code issue vulnerability exists in laravel-filemanager that stems from the upload function not adequately validating the file type during upload. An attacker can replicate the following steps to exploit the vulnerability:Install a packag...
Jfinal cms improper access control vulnerability
Jfinal CMS is a powerful information consulting website developed in java that uses JFinal as the web framework, beetl for the template engine, mysql for the database, and bootstrap framework for the front-end. improper access control vulnerabilities exist in Jfinal CMS 4.7.1 and earlier versions...
Jfinal cms improper access control vulnerability
Jfinal CMS is a powerful information consulting website developed in java that uses JFinal as the web framework, beetl for the template engine, mysql for the database, and bootstrap framework for the front end. an improper access control vulnerability exists in Jfinal CMS 4.7.1 and earlier...
CVE-2020-19155
Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive information and/or execute arbitrary code via the 'FileManager.rename' function in the component 'modules/filemanager/FileManagerController.java'...
CVE-2020-19154
Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive information via the 'FileManager.editFile' function in the component 'modules/filemanager/FileManagerController.java'...