239 matches found
CVE-2015-10105
A vulnerability, which was classified as critical, was found in IP Blacklist Cloud Plugin up to 3.42 on WordPress. This affects the function validjsidentifier of the file ipblacklistcloud.php of the component CSV File Import. The manipulation of the argument filename leads to path traversal. It i...
CVE-2025-4511
A vulnerability was found in vector4wang spring-boot-quick up to 20250422. It has been rated as critical. This issue affects the function ResponseEntity of the file /spring-boot-quick-master/quick-img2txt/src/main/java/com/quick/controller/Img2TxtController.java of the component quick-img2txt. Th...
CVE-2025-4530 feng_ha_ha/megagao ssm-erp/production_ssm File FileController.java handleFileDownload path traversal
A vulnerability was found in fenghaha/megagao ssm-erp and productionssm 1.0. It has been declared as problematic. Affected by this vulnerability is the function handleFileDownload of the file FileController.java of the component File Handler. The manipulation leads to path traversal. The attack c...
CVE-2025-4329
A vulnerability was found in 74CMS up to 3.33.0. It has been rated as problematic. Affected by this issue is the function index of the file /index.php/index/download/index. The manipulation of the argument url leads to path traversal. The attack may be launched remotely. The exploit has been...
PT-2025-19925 · 74Cms · 74Cms
Name of the Vulnerable Software and Affected Versions: 74CMS versions up to 3.33.0 Description: A vulnerability was found in the function index of the file /index.php/index/download/index. The manipulation of the argument url leads to path traversal. The attack may be launched remotely. The explo...
CVE-2025-3562
A vulnerability was found in Yonyou YonBIP MA2.7. It has been declared as problematic. Affected by this vulnerability is the function FileInputStream of the file /mobsm/common/userfile. The manipulation of the argument path leads to path traversal. The attack can be launched remotely. The exploit...
CVE-2025-3381
A vulnerability, which was classified as critical, was found in zhangyanbo2007 youkefu 4.2.0. This affects an unknown part of the file WebIMController.java of the component File Upload. The manipulation of the argument ID leads to path traversal. It is possible to initiate the attack remotely. Th...
CVE-2025-2744
CVE-2025-2744 affects zhijiantianya ruoyi-vue-pro 2.4.1, specifically the Material Upload Interface’s /admin-api/mp/material/upload-news-image endpoint. The vulnerability arises from manipulation of the File argument, enabling path traversal and remote exploitation. Multiple connected sources sta...
CVE-2025-2716
CVE-2025-2716 affects China Mobile P22g-CIac 1.0.00.488. According to multiple sources, the vulnerability originates from an issue in the Samba Path Handler component, enabling path traversal. The attack is described as remote and publicly disclosed, with the vendor reportedly unresponsive. The C...
CVE-2025-2193
CVE-2025-2193 concerns MRCMS 3.1.2. A path traversal vulnerability exists in the delete function of /admin/file/delete.do within the org.marker.mushroom.controller.FileController, enabling remote exploitation via manipulation of the path/name argument. Public exploit details are present in multip...
PT-2025-6879 · Cmseasy · Cmseasy
Name of the Vulnerable Software and Affected Versions: CmsEasy version 7.7.7.9 Description: A vulnerability has been found in the function deleteimg action in the library lib/admin/image admin.php. The manipulation of the argument imgname leads to path traversal. The attack can be launched...
CVE-2024-11210
A vulnerability was found in EyouCMS 1.51. It has been rated as critical. This issue affects the function editFile of the file application/admin/logic/FilemanagerLogic.php. The manipulation of the argument activepath leads to path traversal. The attack may be initiated remotely. The exploit has...
CVE-2024-9032
A vulnerability, which was classified as critical, was found in SourceCodester Simple Forum-Discussion System 1.0. Affected is an unknown function of the file /index.php. The manipulation of the argument page leads to path traversal. It is possible to launch the attack remotely. The exploit has...
CVE-2024-8165 Chengdu Everbrite Network Technology BeikeShop export exportZip path traversal
A vulnerability was identified in Chengdu Everbrite Network Technology BeikeShop up to 1.5.5. This vulnerability affects the function exportZip of the file /admin/filemanager/export. Such manipulation of the argument path leads to path traversal. The attack can be launched remotely. The exploit i...
CVE-2024-6949
GCVEs for CVE-2024-6949 describe a path-traversal vulnerability in Gargaj wuhu up to revision 3faad49bfcc3895e9ff76a591d05c8941273d120, affecting an unknown function exposed via /pages.php?edit=News. The issue is exploitable remotely and has had an exploit disclosed publicly. The documentation no...
CVE-2024-2863
This vulnerability allows remote attackers to traverse paths via file upload on the affected LG LED Assistant...
CVE-2024-2863
This vulnerability allows remote attackers to traverse paths via file upload on the affected LG LED Assistant...
CVE-2024-1433
A vulnerability, which was classified as problematic, was found in KDE Plasma Workspace up to 5.93.0. This affects the function EventPluginsManager::enabledPlugins of the file components/calendar/eventpluginsmanager.cpp of the component Theme File Handler. The manipulation of the argument pluginI...
CVE-2024-0416
The CVE-2024-0416 entry concerns DeShang DSMall (up to v5.0.3). The vulnerability lies in file application/home/controller/MemberAuth.php, where manipulating the file_name argument triggers a path traversal (../filedir). This is a remote issue and the exploit has public disclosure. Impact is tied...
CVE-2023-7041
CVE-2023-7041 details a path traversal vulnerability in codelyfe Stupid Simple CMS