1398 matches found
CVE-2025-65346
alexusmai laravel-file-manager 3.3.1 and below is vulnerable to Directory Traversal. The unzip/extraction functionality improperly allows archive contents to be written to arbitrary locations on the filesystem due to insufficient validation of extraction paths...
CVE-2025-13645
The Modula Image Gallery plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'ajaxunzipfile' function in versions 2.13.1 to 2.13.2. This makes it possible for authenticated attackers, with Author-level access and above, to delete arbitrary...
Laravel File Manager 安全漏洞
Laravel File Manager is a Laravel file manager by Aleksandr Manekin Personal Developer. A security vulnerability exists in Laravel File Manager 3.3.1 and earlier versions, which stems from the unzip function not adequately validating the extraction path, potentially leading to a directory travers...
CVE-2025-65346
alexusmai laravel-file-manager 3.3.1 and below is vulnerable to Directory Traversal. The unzip/extraction functionality improperly allows archive contents to be written to arbitrary locations on the filesystem due to insufficient validation of extraction paths...
CVE-2025-65346
alexusmai laravel-file-manager 3.3.1 and below is vulnerable to Directory Traversal. The unzip/extraction functionality improperly allows archive contents to be written to arbitrary locations on the filesystem due to insufficient validation of extraction paths...
EUVD-2025-201169
alexusmai laravel-file-manager 3.3.1 and below is vulnerable to Directory Traversal. The unzip/extraction functionality improperly allows archive contents to be written to arbitrary locations on the filesystem due to insufficient validation of extraction paths...
alexusmai laravel-file-manager is vulnerable to Directory Traversal via the unzip/extraction functionality
alexusmai laravel-file-manager 3.3.1 and below is vulnerable to Directory Traversal. The unzip/extraction functionality improperly allows archive contents to be written to arbitrary locations on the filesystem due to insufficient validation of extraction paths...
CVE-2025-65346
alexusmai laravel-file-manager 3.3.1 and below is vulnerable to Directory Traversal. The unzip/extraction functionality improperly allows archive contents to be written to arbitrary locations on the filesystem due to insufficient validation of extraction paths...
CVE-2025-65346
The CVE affects alexusmai laravel-file-manager up to version 3.3.1, where the unzip/extraction feature lacks proper path validation, enabling directory traversal and potentially writing archive contents to arbitrary filesystem locations. No public fix version is indicated in the provided document...
CVE-2025-13646
The Modula Image Gallery plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'ajaxunzipfile' function in versions 2.13.1 to 2.13.2. This makes it possible for authenticated attackers, with Author-level access and above, to upload arbitrary files...
CVE-2025-13645
The Modula Image Gallery plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'ajaxunzipfile' function in versions 2.13.1 to 2.13.2. This makes it possible for authenticated attackers, with Author-level access and above, to delete arbitrary...
EUVD-2025-200725
The Modula Image Gallery plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'ajaxunzipfile' function in versions 2.13.1 to 2.13.2. This makes it possible for authenticated attackers, with Author-level access and above, to delete arbitrary...
CVE-2025-13645
The CVE-2025-13645 entry concerns the Modula Image Gallery WordPress plugin. Affected versions 2.13.1–2.13.2 are vulnerable to arbitrary file deletion due to insufficient file path validation in the ajax_unzip_file function. Authenticated attackers with Author-level access or higher can delete ar...
CVE-2025-13645 Modula 2.13.1 - 2.13.2 - Authenticated (Author+) Arbitrary File Deletion
The Modula Image Gallery plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'ajaxunzipfile' function in versions 2.13.1 to 2.13.2. This makes it possible for authenticated attackers, with Author-level access and above, to delete arbitrary...
CVE-2025-13645 Modula 2.13.1 - 2.13.2 - Authenticated (Author+) Arbitrary File Deletion
The Modula Image Gallery plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'ajaxunzipfile' function in versions 2.13.1 to 2.13.2. This makes it possible for authenticated attackers, with Author-level access and above, to delete arbitrary...
WordPress plugin Modula Image Gallery 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A code issue...
PT-2025-48789
Name of the Vulnerable Software and Affected Versions Modula Image Gallery plugin for WordPress versions 2.13.1 through 2.13.2 Description The Modula Image Gallery plugin for WordPress is susceptible to arbitrary file deletion due to inadequate file path validation within the ajax unzip file...
PT-2025-48790
Name of the Vulnerable Software and Affected Versions Modula Image Gallery plugin for WordPress versions 2.13.1 through 2.13.2 Description The Modula Image Gallery plugin for WordPress is susceptible to arbitrary file uploads because of a lack of file type validation. This issue is present in the...
Oracle Linux 10 : ELSA-2025-20478-0: / zziplib (ELSA-2025-204780)
The remote Oracle Linux 10 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-204780 advisory. 0.13.78-2 - Fix directory traversal in unzip binary - Disable the CVE tests during the check phase - the reproducers for these are downloaded from the github...
CVE-2025-13816
A security vulnerability has been detected in moxi159753 Mogu Blog v2 up to 5.2. The impacted element is the function FileOperation.unzip of the file /networkDisk/unzipFile of the component ZIP File Handler. Such manipulation of the argument fileUrl leads to path traversal. The attack may be...