MuYuCMS 路径遍历漏洞

MuYuCMS is MuYuCMS open source a lightweight open source content management system . MuYuCMS 2.2 version of a path traversal vulnerability , the vulnerability stems from the wrong operation of the parameter filepath leads to path traversal...

SUSE CVE-2006-2871

PHP remote file inclusion vulnerability in include/common.php in CyBoards PHP Lite 1.25 allows remote attackers to execute arbitrary PHP code via a URL in the scriptpath parameter. NOTE: CVE disputes this issue, since $scriptpath is set to a constant value...

SUSE CVE-2016-5253

The Updater in Mozilla Firefox before 48.0 on Windows allows local users to write to arbitrary files via vectors involving the callback application-path parameter and a hard link...

CVE-2022-3568

The ImageMagick Engine plugin for WordPress is vulnerable to deserialization of untrusted input via the 'clipath' parameter in versions up to, and including 1.7.5. This makes it possible for unauthenticated users to call files using a PHAR wrapper, granted they can trick a site administrator into...

The vulnerability of the PostgreSQL database management system, related to an uncontrolled search path element, allows a perpetrator to enhance their privileges and execute arbitrary commands.

The vulnerability of the PostgreSQL database management system is related to an uncontrolled element in the search path processing when handling the searchpath parameter. Exploiting this vulnerability allows a malicious actor to enhance their privileges and execute arbitrary commands...

PT-2022-27435 · Wso2 · Wso2 Carbon-Registry

Name of the Vulnerable Software and Affected Versions: WSO2 carbon-registry versions up to 4.8.6 Description: A vulnerability has been found in WSO2 carbon-registry, affecting an unknown part of the component Request Parameter Handler. The manipulation of the argument...

CVE-2022-39802

SAP Manufacturing Execution - versions 15.1, 15.2, 15.3, allows an attacker to exploit insufficient validation of a file path request parameter. The intended file path can be manipulated to allow arbitrary traversal of directories on the remote server. The file content within each directory can b...

CVE-2022-39802

SAP Manufacturing Execution - versions 15.1, 15.2, 15.3, allows an attacker to exploit insufficient validation of a file path request parameter. The intended file path can be manipulated to allow arbitrary traversal of directories on the remote server. The file content within each directory can b...

CVE-2022-38325

Tenda AC15 WiFi Router V15.03.05.19multi and AC18 WiFi Router V15.03.05.19multi were discovered to contain a buffer overflow via the filePath parameter at /goform/expandDlnaFile...

CVE-2022-38614

An issue in the IGB Files and OutfileService features of SmartVista Cardgen v3.28.0 allows attackers to list and download arbitrary files via modifying the PATH parameter...

Design/Logic Flaw

An issue in the IGB Files and OutfileService features of SmartVista Cardgen v3.28.0 allows attackers to list and download arbitrary files via modifying the PATH parameter...

PT-2022-24481 · Unknown · Smartvista Cardgen

Name of the Vulnerable Software and Affected Versions: SmartVista Cardgen version 3.28.0 Description: The issue affects the IGB Files and OutfileService features, allowing attackers to list and download arbitrary files by modifying the PATH parameter. Recommendations: For SmartVista Cardgen versi...

CVE-2022-2442

The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to deserialization of untrusted input via the 'path' parameter in versions up to, and including 0.9.74. This makes it possible for authenticated attackers with administrative privileges to call files using a PHAR wrapper...

PT-2022-16685 · WordPress · Wpvivid

Name of the Vulnerable Software and Affected Versions: Migration, Backup, Staging – WPvivid plugin for WordPress versions up to, and including 0.9.74 Description: The issue allows deserialization of untrusted input via the path parameter. This enables authenticated attackers with administrative...

Server-Side Request Forgery (SSRF)

undici is vulnerable to Server-Side Request Forgery SSRF. The library assumes that the hostname won't change, when in actuality it can change because the specified path parameter is combined with the base URL, allowing remote attackers to cause SSRF attacks via sending a crafted request through t...

ICONICS GENESIS64 colorpalletes Directory Traversal Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of ICONICS GENESIS64. Authentication is not required to exploit this vulnerability. The specific flaw exists within the colorpalletes endpoint. When parsing the path parameter, the process does...

WordPress Duplicator 1.4.6 Plugin - Unauthenticated Backup Download Vulnerability

Exploit Title: WordPress Plugin Duplicator 1.4.6 - Unauthenticated Backup Download Exploit Author: SecuriTrust Vendor Homepage: https://snapcreek.com/ Software Link: https://wordpress.org/plugins/duplicator/ Version: 1.4.7 Tested on: Linux, Windows CVE : CVE-2022-2551 Reference:...

CVE-2022-34972

So Filter Shop v3.x was discovered to contain multiple blind SQL injection vulnerabilities via the attvalueid , manuvalueid , optvalueid , and subcatevalueid parameters at /index.php?route=extension/module/sofiltershopby/filterdata...

CVE-2021-37524

Cross Site Scripting XSS vulnerability in FusionPBX 4.5.26 allows remote unauthenticated users to inject arbitrary web script or HTML via an unsanitized "path" parameter in resources/login.php...

Cross site scripting

Cross Site Scripting XSS vulnerability in FusionPBX 4.5.26 allows remote unauthenticated users to inject arbitrary web script or HTML via an unsanitized "path" parameter in resources/login.php...