PT-2023-31617 · Hono · Hono

Name of the Vulnerable Software and Affected Versions: Hono versions prior to 3.11.7 Description: The issue allows clients to override named path parameter values from previous requests when the application is using TrieRouter. This poses a risk that a privileged user may use unintended parameter...

Hono Code Injection Vulnerability

Hono is a web framework written in TypeScript from the Hono community. A code injection vulnerability exists in versions prior to Hono 3.11.7 that stems from the risk that if an application uses TrieRouter, a client may overwrite the value of the named path parameter in a previous request, leadin...

CVE-2023-48928

Franklin Fueling Systems System Sentinel AnyWare SSA version 1.6.24.492 is vulnerable to Open Redirect. The 'path' parameter of the prefs.asp resource allows an attacker to redirect a victim user to an arbitrary web site using a crafted URL...

CVE-2023-48928

Franklin Fueling Systems System Sentinel AnyWare SSA version 1.6.24.492 is vulnerable to Open Redirect. The 'path' parameter of the prefs.asp resource allows an attacker to redirect a victim user to an arbitrary web site using a crafted URL...

CVE-2023-5974

The WPB Show Core WordPress plugin through 2.2 is vulnerable to server-side request forgery SSRF via the path parameter...

CVE-2023-4922

The WPB Show Core WordPress plugin through 2.2 is vulnerable to a local file inclusion via the path parameter...

Server side request forgery (ssrf)

The WPB Show Core WordPress plugin through 2.2 is vulnerable to server-side request forgery SSRF via the path parameter...

PT-2023-31118 · WordPress · Wpb Show Core

Name of the Vulnerable Software and Affected Versions: WPB Show Core WordPress plugin versions through 2.2 Description: The issue concerns a local file inclusion vulnerability via the path parameter. This allows for potential unauthorized access to sensitive files on the system. Recommendations:...

WordPress plugin WPB Show Core security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

PT-2023-32453 · WordPress · Wpb Show Core

Name of the Vulnerable Software and Affected Versions: WPB Show Core WordPress plugin versions through 2.2 Description: The issue concerns server-side request forgery SSRF via the path parameter. This allows for potentially malicious requests to be made to the server. Recommendations: For WPB Sho...

WordPress plugin WPB Show Core security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

ModelDB Security Vulnerabilities

ModelDB is an open source system for machine learning model version control, metadata, and experiment management from VertaAI. ModelDB has a security vulnerability that stems from a remote file inclusion LFI vulnerability in the artifactpath URL parameter. An attacker can exploit this vulnerabili...

CVE-2023-45878

GibbonEdu Gibbon version 25.0.1 and before allows Arbitrary File Write because rubricsvisualisesaveAjax.phps does not require authentication. The endpoint accepts the img, path, and gibbonPersonID parameters. The img parameter is expected to be a base64 encoded image. If the path parameter is set...

WPB Show Core <= 2.2 - Unauthenticated Local File Inclusion

Description This plugin is vulnerable to a local file inclusion via the path parameter. PoC Send a GET request to wpb-show-core/download-file.php with the path parameter set to an arbitrary file path on the server, - "/etc/resolv.conf" - "/etc/hosts" - "../../../wp-config.php"...

CVE-2022-2441

The ImageMagick Engine plugin for WordPress is vulnerable to remote code execution via the 'clipath' parameter in versions up to, and including 1.7.5. This makes it possible for unauthenticated users to run arbitrary commands leading to remote command execution, granted they can trick a site...

CVE-2023-5120

The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the image file path parameter in versions up to, and including, 0.9.89 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with...

CVE-2020-21583

A vulnerability was found in hwclock in util-linux, which allowed non-root users to access the hardware clock. This flaw allows an attacker to execute arbitrary code via the path parameter when setting the date...

Yonyou UFIDA-NC Path Traversal Vulnerability

Yonyou UFIDA-NC is a large-scale ERP enterprise management system and e-commerce platform from China's UFIDA Network Technology Yonyou Company. A path traversal vulnerability exists in Yonyou UFIDA-NC 20230807 and earlier versions, which stems from the parameter filePath in the file...

SUSE CVE-2020-21583

An issue was discovered in hwclock.13-v2.27 allows attackers to gain escalated privlidges or execute arbitrary commands via the path parameter when setting the date...

DEBIAN-CVE-2020-21583

An issue was discovered in hwclock.13-v2.27 allows attackers to gain escalated privlidges or execute arbitrary commands via the path parameter when setting the date...