21 matches found
CVE-2023-50897 WordPress Media File Renamer plugin <= 5.7.7 - Arbitrary File Rename lead to RCE vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in Meow Apps Media File Renamer allows Using Malicious Files.This issue affects Media File Renamer: from n/a through 5.7.7...
CVE-2023-50897 WordPress Media File Renamer plugin <= 5.7.7 - Arbitrary File Rename lead to RCE vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in Meow Apps Media File Renamer allows Using Malicious Files.This issue affects Media File Renamer: from n/a through 5.7.7...
CVE-2025-65474
An arbitrary file rename vulnerability in the /admin/manager.php component of EasyImages 2.0 v2.8.6 and below allows attackers to execute arbitrary code via renaming a PHP file to a SVG format...
PT-2025-50636
Name of the Vulnerable Software and Affected Versions EasyImages versions 2.0 through 2.8.6 Description A flaw exists in the /admin/manager.php component that allows for arbitrary file renaming. An attacker can exploit this to execute arbitrary code by renaming a PHP file to an SVG format...
EUVD-2025-202703
An arbitrary file rename vulnerability in the /admin/filer.php component of EasyImages 2.0 v2.8.6 and below allows attackers with Administrator privileges to execute arbitrary code via injecting a crafted payload into an uploaded file name...
EUVD-2025-202767
An arbitrary file rename vulnerability in the /admin/manager.php component of EasyImages 2.0 v2.8.6 and below allows attackers to execute arbitrary code via renaming a PHP file to a SVG format...
CVE-2025-65474
An arbitrary file rename vulnerability in the /admin/manager.php component of EasyImages 2.0 v2.8.6 and below allows attackers to execute arbitrary code via renaming a PHP file to a SVG format...
CVE-2025-65473
An arbitrary file rename vulnerability in the /admin/filer.php component of EasyImages 2.0 v2.8.6 and below allows attackers with Administrator privileges to execute arbitrary code via injecting a crafted payload into an uploaded file name...
CVE-2025-65474
An arbitrary file rename vulnerability in the /admin/manager.php component of EasyImages 2.0 v2.8.6 and below allows attackers to execute arbitrary code via renaming a PHP file to a SVG format...
PT-2025-50635
Name of the Vulnerable Software and Affected Versions EasyImages versions 2.0 through 2.8.6 Description A flaw exists within the /admin/filer.php component that allows attackers with Administrator privileges to execute arbitrary code. This is possible by injecting a crafted payload into an upload...
CVE-2025-65474
An arbitrary file rename vulnerability in the /admin/manager.php component of EasyImages 2.0 v2.8.6 and below allows attackers to execute arbitrary code via renaming a PHP file to a SVG format...
CVE-2025-65474
CVE-2025-65474 affects EasyImages 2.0 up to and including 2.8.6. The vulnerability resides in the /admin/manager.php component, where insecure file renaming can be exploited to execute arbitrary code by renaming a PHP file to an SVG format. Impact is described as arbitrary code execution with hig...
CVE-2025-65473
CVE-2025-65473 affects EasyImages 2.0 through 2.8.6, specifically the /admin/filer.php component. A flaw allows attackers with Administrator privileges to execute arbitrary code by injecting a crafted payload into an uploaded file name, resulting in arbitrary file rename. The Red Hat, CIRCL, NVD,...
CVE-2024-23634
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. An arbitrary file renaming vulnerability exists in versions prior to 2.23.5 and 2.24.2 that enables an authenticated administrator with permissions to modify stores through the REST...
GeoServer Security Vulnerabilities
GeoServer is an open source software server written in Java. It allows users to share and edit geospatial data. A security vulnerability exists in GeoServer versions prior to 2.23.5 and prior to 2.24.2, which stems from an arbitrary file renaming vulnerability that allows authenticated...
PT-2024-19986 · Geoserver · Geoserver
Name of the Vulnerable Software and Affected Versions: GeoServer versions prior to 2.23.5 and 2.24.2 Description: An arbitrary file renaming issue exists, allowing an authenticated administrator with permissions to modify stores through the REST Coverage Store or Data Store API to rename arbitrar...
Photo Gallery by 10Web - Mobile-Friendly Image Gallery < 1.8.20 - Directory Traversal to Arbitrary File Rename
Description The plugin is vulnerable to Directory Traversal attacks via the renameitem function. This makes it possible for authenticated attackers to rename arbitrary files on the server. Note: By default this can be exploited by administrators only. In the premium version of the plugin,...
PT-2022-13138 · WordPress · Learnpress
Name of the Vulnerable Software and Affected Versions: LearnPress WordPress plugin versions prior to 4.1.5 Description: The issue allows users to upload an image as a profile avatar after registration, which is then cropped and saved. A "POST" request is sent to the server to rename and crop the...
Logic Flaw Vulnerability in ETA CMS (CNVD-2020-26403)
ETA CMS is a simple, practical and efficient website builder. A logical flaw exists in EDA CMS, which can be exploited by an attacker to rename arbitrary files to gain control of the web server...
Symantec Endpoint Protection AvHostPlugin Missing Authentication Arbitrary File Rename Vulnerability
This vulnerability allows local attackers to rename arbitrary files on affected installations of Symantec Endpoint Protection. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...