187 matches found
CVE-2026-33733 EspoCRM has Admin TemplateManager path traversal that allows arbitrary file read write and delete
EspoCRM is an open source customer relationship management application. Prior to version 9.3.4, the admin template management endpoints accept attacker-controlled name and scope values and pass them into template path construction without normalization or traversal filtering. As a result, an...
CVE-2026-4124
The Ziggeo plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.1.1. The wpajaxziggeoajax handler only verifies a nonce checkajaxreferer but performs no capability checks via currentusercan. Furthermore, the nonce 'ziggeoajaxnonce' is exposed to all...
CVE-2025-15589
A vulnerability was determined in MuYuCMS 2.7. Affected is the function deletedirfile of the file application/admin/controller/Template.php of the component Template Management Page. This manipulation of the argument temn/tp causes path traversal. It is possible to initiate the attack remotely. T...
CVE-2025-15589
A vulnerability was determined in MuYuCMS 2.7. Affected is the function deletedirfile of the file application/admin/controller/Template.php of the component Template Management Page. This manipulation of the argument temn/tp causes path traversal. It is possible to initiate the attack remotely. T...
CVE-2025-15589
A vulnerability was determined in MuYuCMS 2.7. Affected is the function deletedirfile of the file application/admin/controller/Template.php of the component Template Management Page. This manipulation of the argument temn/tp causes path traversal. It is possible to initiate the attack remotely. T...
CVE-2025-15589
A vulnerability was determined in MuYuCMS 2.7. Affected is the function deletedirfile of the file application/admin/controller/Template.php of the component Template Management Page. This manipulation of the argument temn/tp causes path traversal. It is possible to initiate the attack remotely. T...
EUVD-2025-207549
A vulnerability was determined in MuYuCMS 2.7. Affected is the function deletedirfile of the file application/admin/controller/Template.php of the component Template Management Page. This manipulation of the argument temn/tp causes path traversal. It is possible to initiate the attack remotely. T...
CVE-2025-15589 MuYuCMS Template Management Template.php delete_dir_file path traversal
A vulnerability was determined in MuYuCMS 2.7. Affected is the function deletedirfile of the file application/admin/controller/Template.php of the component Template Management Page. This manipulation of the argument temn/tp causes path traversal. It is possible to initiate the attack remotely. T...
CVE-2025-15589 MuYuCMS Template Management Template.php delete_dir_file path traversal
A vulnerability was determined in MuYuCMS 2.7. Affected is the function deletedirfile of the file application/admin/controller/Template.php of the component Template Management Page. This manipulation of the argument temn/tp causes path traversal. It is possible to initiate the attack remotely. T...
CVE-2025-15589
MuYuCMS 2.7 is affected by a path traversal in Template Management Page’s delete_dir_file function (application/admin/controller/Template.php). The issue arises from manipulating the temn/tp argument, enabling remote exploitation. Multiple sources (NVD, Red Hat, CVE records) confirm that an explo...
PT-2026-21666
A vulnerability was determined in MuYuCMS 2.7. Affected is the function delete dir file of the file application/admin/controller/Template.php of the component Template Management Page. This manipulation of the argument temn/tp causes path traversal. It is possible to initiate the attack remotely...
Catalyst 操作系统命令注入漏洞
Catalyst is a web application framework developed by karutoil’s developers. Catalyst has a vulnerability related to operating system command injection. This vulnerability stems from the installation scripts defined in the server templates, which execute directly on the host operating system with...
CVE-2026-1111
A vulnerability has been found in Sanluan PublicCMS up to 5.202506.d. This impacts the function Save of the file com/publiccms/controller/admin/sys/TaskTemplateAdminController.java of the component Task Template Management Handler. Such manipulation of the argument path leads to path traversal. T...
CVE-2026-1111 Sanluan PublicCMS Task Template Management TaskTemplateAdminController.java save path traversal
A vulnerability has been found in Sanluan PublicCMS up to 5.202506.d. This impacts the function Save of the file com/publiccms/controller/admin/sys/TaskTemplateAdminController.java of the component Task Template Management Handler. Such manipulation of the argument path leads to path traversal. T...
CVE-2026-1111
Summary: CVE-2026-1111 affects Sanluan PublicCMS, version pre-5.202506.d, via path traversal in the Save function of TaskTemplateAdminController.java (com/publiccms/controller/admin/sys/TaskTemplateAdminController.java, Task Template Management Handler). The vulnerability arises from manipulation...
PublicCMS path traversal vulnerability
PublicCMS is an open-source content management system CMS developed by PublicCMS Company in China, written in the Java language. Versions of PublicCMS 5.202506.d and earlier have a path traversal vulnerability. This vulnerability stems from incorrect handling of the path parameter in the function...
CVE-2022-42234
There is a file inclusion vulnerability in the template management module in UCMS 1.6...
CVE-2025-1556
A vulnerability, which was classified as problematic, has been found in westboy CicadasCMS 1.0. This issue affects some unknown processing of the file /system of the component Template Management. The manipulation leads to deserialization. The attack may be initiated remotely. The exploit has bee...
CVE-2025-13766
The MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin for WordPress is vulnerable to unauthorized modification and deletion of data due to a missing capability checks on multiple REST API endpoints in all versions up to, and including, 3.7.6. This makes it possible for...
CVE-2025-15148
A flaw has been found in CmsEasy up to 7.7.7. Affected is the function savetempaction in the library /lib/admin/templateadmin.php of the component Backend Template Management Page. Executing a manipulation of the argument content/tempdata can lead to code injection. The attack may be launched...