CVE-2022-45052

A Local File Inclusion vulnerability has been found in Axiell Iguana CMS. Due to insufficient neutralisation of user input on the url parameter on the Proxy.type.php endpoint, external users are capable of accessing files on the server...

Axiell Iguana CMS 安全漏洞

Axiell Iguana CMS is a control-based platform from Axiell Inc. for personalizing and communicating with customers. Axiell Iguana CMS has a security vulnerability that originates from an input error in the url parameter on imageProxy.type.php. An attacker exploiting the vulnerability is able to...

CVE-2022-4298

The Wholesale Market WordPress plugin before 2.2.1 does not have authorisation check, as well as does not validate user input used to generate system path, allowing unauthenticated attackers to download arbitrary file from the server...

Apache Atlas path traversal vulnerability

Apache Atlas is a scalable and extensible set of core functional governance services from the Apache Foundation.Apache Atlas versions 0.8.4 through 2.2.0 have a path traversal vulnerability that stems from improper input validation in the import module, which could be exploited by an authenticate...

Apache Atlas 路径遍历漏洞

Apache Atlas is a scalable and extensible set of core functional governance services from the Apache Foundation.Apache Atlas versions 0.8.4 through 2.2.0 have a path traversal vulnerability that stems from improper input validation in the import module, which could be exploited by an authenticate...

SAP Business Objects 代码问题漏洞

SAP Business Objects is a business intelligence suite from SAP, Germany. A security vulnerability exists in SAP Business Objects Platform versions 420 and 430, which stems from a vulnerability that allows an attacker with normal BI user privileges to upload/replace any file on the Business Object...

VulnCheck KEV: CVE-2018-12613

An issue was discovered in phpMyAdmin 4.8.x before 4.8.2, in which an attacker can include view and potentially execute files on the server. The vulnerability comes from a portion of code where pages are redirected and loaded within phpMyAdmin, and an improper test for whitelisted pages. An...

CVE-2022-42745

CandidATS version 3.0.0 allows an external attacker to read arbitrary files from the server. This is possible because the application is vulnerable to XXE...

CVE-2021-37823

OpenCart 3.0.3.7 allows users to obtain database information or read server files through SQL injection in the background...

OpenCart SQL注入漏洞

OpenCart is an open source e-commerce system from the OpenCart team in Hong Kong, China. The system provides product reviews, product ratings, product additions and other modules. OpenCart 3.0.3.7 version of the existence of SQL injection vulnerability , an attacker can exploit the vulnerability...

PT-2022-10672 · Opencart · Opencart

Name of the Vulnerable Software and Affected Versions: OpenCart version 3.0.3.7 Description: The issue allows users to obtain database information or read server files through SQL injection in the background. This can potentially lead to unauthorized access to sensitive data. Recommendations: For...

CVE-2022-3124

The Frontend File Manager Plugin WordPress plugin before 21.3 allows any unauthenticated user to rename uploaded files from users. Furthermore, due to the lack of validation in the destination filename, this could allow allow them to change the content of arbitrary files on the web server...

Exploit for Argument Injection in Atlassian Bitbucket

CVE-2022-36804-PoC Multithreaded exploit script for CVE-2022-3...

WordPress plugin Migration, Backup, Staging 路径遍历漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A path traversal vulnerability exists in th...

wikmd 路径遍历漏洞

wikmd is a file-based wiki for individual linbreux developers. A security vulnerability exists in versions of wikmd prior to 1.7.1, which stems from vulnerability to path traversal when accessing /list/ and can leak the list of files on the server...

Dell Wyse Management Suite 路径遍历漏洞

Wyse Management Suite is a scalable solution for managing and optimizing Wyse endpoints from Dell, USA. The product includes features such as centralized management of Wyse endpoints, asset tracking and automated device discovery. A security vulnerability exists in Wyse Management Suite version...

GHSA-V4HR-4JPX-56GC Streamlit directory traversal vulnerability

Impact Users hosting Streamlit apps that use custom components are vulnerable to a directory traversal attack that could leak data from their web server file-system such as: server logs, world readable files, and potentially other sensitive information. An attacker can craft a malicious URL with...

GHSA-QP5M-C3M9-8Q2P JSPUI vulnerable to path traversal in submission (resumable) upload

Impact The JSPUI resumable upload implementations in SubmissionController and FileUploadRequest are vulnerable to multiple path traversal attacks, allowing an attacker to create files/directories anywhere on the server writable by the Tomcat/DSpace user, by modifying some request parameters durin...

PT-2022-22806 · Zoho · Manageengine Opmanager +1

Name of the Vulnerable Software and Affected Versions: ManageEngine Password Manager Pro versions 12100 and prior ManageEngine OPManager versions 126100 and prior Description: The issue allows for unauthorized file and directory creation on a server machine. Recommendations: For ManageEngine...

Hudson 代码问题漏洞

Hudson is a news website. A security vulnerability exists in versions of Hudson prior to 3.3.2, which stems from flawed XML API processing that allows access to potentially sensitive information on the Hudson main server file system...