CVE-2025-13645

The Modula Image Gallery plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'ajaxunzipfile' function in versions 2.13.1 to 2.13.2. This makes it possible for authenticated attackers, with Author-level access and above, to delete arbitrary...

CVE-2025-13646

The Modula Image Gallery plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'ajaxunzipfile' function in versions 2.13.1 to 2.13.2. This makes it possible for authenticated attackers, with Author-level access and above, to upload arbitrary files...

CVE-2025-13645

The Modula Image Gallery plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'ajaxunzipfile' function in versions 2.13.1 to 2.13.2. This makes it possible for authenticated attackers, with Author-level access and above, to delete arbitrary...

CVE-2025-13645 Modula 2.13.1 - 2.13.2 - Authenticated (Author+) Arbitrary File Deletion

The Modula Image Gallery plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'ajaxunzipfile' function in versions 2.13.1 to 2.13.2. This makes it possible for authenticated attackers, with Author-level access and above, to delete arbitrary...

EUVD-2025-200725

The Modula Image Gallery plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'ajaxunzipfile' function in versions 2.13.1 to 2.13.2. This makes it possible for authenticated attackers, with Author-level access and above, to delete arbitrary...

CVE-2025-13645 Modula 2.13.1 - 2.13.2 - Authenticated (Author+) Arbitrary File Deletion

The Modula Image Gallery plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'ajaxunzipfile' function in versions 2.13.1 to 2.13.2. This makes it possible for authenticated attackers, with Author-level access and above, to delete arbitrary...

CVE-2025-13645

The CVE-2025-13645 entry concerns the Modula Image Gallery WordPress plugin. Affected versions 2.13.1–2.13.2 are vulnerable to arbitrary file deletion due to insufficient file path validation in the ajax_unzip_file function. Authenticated attackers with Author-level access or higher can delete ar...

WordPress plugin Modula Image Gallery 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A code issue...

CVE-2025-13816 moxi159753 Mogu Blog v2 ZIP File unzipFile FileOperation.unzip path traversal

A security vulnerability has been detected in moxi159753 Mogu Blog v2 up to 5.2. The impacted element is the function FileOperation.unzip of the file /networkDisk/unzipFile of the component ZIP File Handler. Such manipulation of the argument fileUrl leads to path traversal. The attack may be...

PT-2025-48430

Name of the Vulnerable Software and Affected Versions moxi159753 Mogu Blog v2 versions up to 5.2 Description A security issue exists in moxi159753 Mogu Blog v2. The FileOperation.unzip function within the ZIP File Handler component, located in the /networkDisk/unzipFile file, is susceptible to pa...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the unzipFile function in the client.go file, which uses filepath.JoindestDir, f.Name without validating or sanitizing f.Name. An attacker can overwrite arbitrary files on the system outside of the intended...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the unzipFile function in the client.go file, which uses filepath.JoindestDir, f.Name without validating or sanitizing f.Name. An attacker can overwrite arbitrary files on the system outside of the intended...

CVE-2025-4533

A vulnerability classified as problematic was found in JeecgBoot up to 3.8.0. This vulnerability affects the function unzipFile of the file /jeecg-boot/airag/knowledge/doc/import/zip of the component Document Library Upload. The manipulation of the argument File leads to resource consumption. The...

Denial of Service (DoS)

Overview org.jeecgframework.boot:jeecg-boot-parent is a low-code development platform. Affected versions of this package are vulnerable to Denial of Service DoS through the unzipFile function. An attacker can cause excessive resource consumption by manipulating the File argument. Details Denial o...

Allegra 路径遍历漏洞

Allegra is a project management software for mid-sized organizations from Allegra. Allegra suffers from a path traversal vulnerability that stems from the unzipFile feature containing a directory traversal remote code execution vulnerability...

CVE-2021-36122

An issue was discovered in Echo ShareCare 8.15.5. The UnzipFile feature in Access/EligFeedParseSup/UnzipFileUpd.cfm is susceptible to a command argument injection vulnerability when processing remote input in the zippass parameter from an authenticated user, leading to the ability to inject...

WordPress Yoast SEO Plugin Competitive Conditions Vulnerability

WordPress is the WordPress Software Foundation of a set of blogging platform developed using the PHP language, the platform supports PHP and MySQL servers to set up a personal blog site. Yoast SEO wordpress-seo plugin is used in one of the search engine optimization plugin. A competitive conditio...

CVE-2018-19370

A Race condition vulnerability in unzipfile in admin/import/class-import-settings.php in the Yoast SEO wordpress-seo plugin before 9.2.0 for WordPress allows an SEO Manager to perform command execution on the Operating System via a ZIP import...

GNU Libextractor Buffer Overflow Vulnerability

GNU Libextractor is a set of libraries developed by the GNU Project for extracting metadata from files. A stack-based buffer overflow vulnerability exists in the 'ecreadfilefunc' function unzip.c file in GNU Libextractor versions prior to 1.7. An attacker can exploit this vulnerability to execute...

CVE-2018-14346

GNU Libextractor before 1.7 has a stack-based buffer overflow in ecreadfilefunc unzip.c...