CVE-2024-48239

An issue was discovered in WTCMS 1.0. In the plupload method in \AssetController.class.php, the app parameters aren't processed, resulting in Cross Site Scripting XSS...

wtcms 安全漏洞

wtcms is a ThinkPHP-based content management system CMS. A cross-site scripting vulnerability exists in version 1.0 of wtcms, which stems from unprocessed application parameters in the plupload method in the file AssetController.class.php, and can be exploited by an attacker to execute arbitrary...

PT-2024-33050 · Wtcms · Wtcms

Name of the Vulnerable Software and Affected Versions: WTCMS version 1.0 Description: An issue in the plupload method within the AssetController.class.php file allows for Cross Site Scripting XSS due to unprocessed app parameters. Recommendations: For WTCMS version 1.0, consider disabling the...

PT-2023-26572 · Pimcore · Pimcore

Name of the Vulnerable Software and Affected Versions: Pimcore versions prior to 10.6.7 Description: A path traversal vulnerability exists in the AssetController::importServerFilesAction, which allows an attacker to overwrite or modify sensitive files by manipulating the pimcore log parameter. Th...

Path Traversal

pimcore/pimcore is vulnerable to Path Traversal. The vulnerability exists due to a lack of validation in the importServerFilesAction of the AssetController.php file, which allows an attacker to access files outside the expected directory and download arbitrary files...

PT-2023-18927 · Pimcore · Pimcore

Name of the Vulnerable Software and Affected Versions: pimcore/pimcore versions prior to 10.5.21 Description: The issue is related to SQL injections in the AssetController due to unsanitized concatenating strings in the where clause. This allows an attacker to dump the database, alter data, or...