280 matches found
CVE-2025-45145
Directory traversal in Follett Software's Destiny Library Manager 2202rc1 and fixed in v.22.5 AU1 allows remote attackers to read arbitrary system and application files via the image parameter...
CVE-2025-45145
Directory traversal in Follett Software's Destiny Library Manager 2202rc1 and fixed in v.22.5 AU1 allows remote attackers to read arbitrary system and application files via the image parameter...
Follett Destiny Library Manager 安全漏洞
Follett Destiny Library Manager is a school library resource and collection management system developed by the Follett company in the United States. The version 2202rc1 of Follett Destiny Library Manager contains security vulnerabilities. These vulnerabilities are due to directory traversal...
EUVD-2025-209923
Directory traversal in Follett Software's Destiny Library Manager 2202rc1 and fixed in v.22.5 AU1 allows remote attackers to read arbitrary system and application files via the image parameter...
CVE-2025-45145
Directory traversal in Follett Software's Destiny Library Manager 2202rc1 and fixed in v.22.5 AU1 allows remote attackers to read arbitrary system and application files via the image parameter...
CVE-2025-45145
CVE-2025-45145 describes a directory traversal in Follett Software’s Destiny Library Manager, affecting version 22_0_2_rc1 and fixed in v22.5 AU1. The underlying issue is a file path handling weakness that allows an unauthenticated attacker to read arbitrary files on the system and application vi...
CVE-2025-45145
Directory traversal in Follett Software's Destiny Library Manager 2202rc1 and fixed in v.22.5 AU1 allows remote attackers to read arbitrary system and application files via the image parameter...
PT-2026-42770
Directory traversal in Follett Software's Destiny Library Manager 22 0 2 rc1 and fixed in v.22.5 AU1 allows remote attackers to read arbitrary system and application files via the image parameter...
Missing Authorization
Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Missing Authorization via image404Raw.php. An attacker can access arbitrary image files, including those protected by access controls, by supplying crafted path...
AVideo: Unauthenticated Arbitrary Image Read via Path Traversal in `view/img/image404Raw.php`
Summary The endpoint requires no authentication. An unauthenticated remote attacker can read arbitrary image files anywhere on disk that the PHP user can open — including private user-profile photos that the application's normal serving wrappers gate behind ACLs, admin-uploaded thumbnails,...
PT-2026-41994
Name of the Vulnerable Software and Affected Versions AVideo versions 29.0 and earlier Description An unauthenticated remote attacker can read arbitrary image files from the disk that the PHP user has permission to open. This includes private user-profile photos protected by Access Control Lists...
CVE-2022-50944
Aero CMS 0.0.1 contains a PHP code injection vulnerability that allows authenticated attackers to execute arbitrary PHP code by uploading malicious files through the image parameter. Attackers can upload PHP files with embedded code to the admin posts.php endpoint with source=addpost parameter, a...
CVE-2022-50944
Aero CMS 0.0.1 contains a PHP code injection vulnerability that allows authenticated attackers to execute arbitrary PHP code by uploading malicious files through the image parameter. Attackers can upload PHP files with embedded code to the admin posts.php endpoint with source=addpost parameter, a...
CVE-2022-50944
Aero CMS 0.0.1 contains a PHP code injection vulnerability that allows authenticated attackers to execute arbitrary PHP code by uploading malicious files through the image parameter. Attackers can upload PHP files with embedded code to the admin posts.php endpoint with source=addpost parameter, a...
Aero CMS 代码注入漏洞
Aero CMS is a content management system developed by the American company Aero CMS. Version 0.0.1 of Aero CMS has a code injection vulnerability. This vulnerability stems from PHP code injection in the image parameter, which may allow authenticated attackers to execute arbitrary PHP code by...
PT-2026-39473
Aero CMS 0.0.1 contains a PHP code injection vulnerability that allows authenticated attackers to execute arbitrary PHP code by uploading malicious files through the image parameter. Attackers can upload PHP files with embedded code to the admin posts.php endpoint with source=add post parameter,...
PT-2026-35447
A vulnerability was identified in code-projects Online Lot Reservation System 1.0. Affected is an unknown function of the file /edithousepic.php. Such manipulation of the argument image leads to unrestricted upload. The attack can be launched remotely. The exploit is publicly available and might ...
CVE-2026-4131
The CVE-2026-4131 entry concerns the WP Responsive Popup + Optin WordPress plugin (versions up to 1.4). Root cause: the admin settings form (wpo_admin_page.php) does not generate or verify a nonce (wp_nonce_field/wp_verify_nonce/check_admin_referer), enabling CSRF that can update plugin settings,...
EUVD-2026-23426
A security flaw has been discovered in QueryMine sms up to 7ab5a9ea196209611134525ffc18de25c57d9593. This issue affects some unknown processing of the file admin/addteacher.php of the component Background Management Page. The manipulation of the argument image results in unrestricted upload. The...
CVE-2026-6489
A security flaw has been discovered in QueryMine sms up to 7ab5a9ea196209611134525ffc18de25c57d9593. This issue affects some unknown processing of the file admin/addteacher.php of the component Background Management Page. The manipulation of the argument image results in unrestricted upload. The...