12 matches found
CVE-2025-65879
CVE-2025-65879 — Normal mode Warehouse Management System 1.2 is affected by an authenticated arbitrary file deletion vulnerability. The /goods/deleteGoods endpoint accepts a user-controlled goodsimg parameter, which is directly concatenated with the server’s UPLOAD_PATH and passed to File.delete(...
Linux Distros Unpatched Vulnerability : CVE-2018-19143
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Open Ticket Request System OTRS 4.0.x before 4.0.33, 5.0.x before 5.0.31, and 6.0.x before 6.0.13 allows an authenticated user to delete files via a modified...
CVE-2024-26292 Authenticated Arbitrary File Deletion affecting Avid NEXIS
An authenticated Arbitrary File Deletion vulnerability enables an attacker to delete critical files. This issue affects Avid NEXIS E-series: before 2025.5.1; Avid NEXIS F-series: before 2025.5.1; Avid NEXIS PRO+: before 2025.5.1; System Director Appliance SDA+: before 2025.5.1...
CVE-2018-1000647
LibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated Unrestricted File Deletion vulnerability in Import template that can result in Denial of service. This attack appear to be exploitable via User controlled parameter...
CVE-2025-0124
CVE-2025-0124 (PAN-OS): An authenticated attacker with network access to the PAN-OS management web interface can delete certain files as the "nobody" user (logs/config files; not system files). Affected product: PAN-OS running on Cloud NGFW; not Prisma Access. Root cause: authenticated file delet...
GHSA-43C9-GW4X-PCX6 Authenticated arbitrary file deletion in YesWiki
Authenticated arbitrary file deletion in YesWiki fmRestore; $this-fmShowtrue, $isAction; break; case 'erase': $this-fmErase; $this-fmShowtrue, $isAction; break; case 'del': $this-fmDelete; $this-fmShowfalse, $isAction; break; case 'trash': $this-fmShowtrue, $isAction; break; case 'emptytrash':...
CVE-2025-24019 YesWiki vulnerable to authenticated arbitrary file deletion
YesWiki is a wiki system written in PHP. In versions up to and including 4.4.5, it is possible for any authenticated user, through the use of the filemanager to delete any file owned by the user running the FastCGI Process Manager FPM on the host without any limitation on the filesystem's scope...
CVE-2025-24019 YesWiki vulnerable to authenticated arbitrary file deletion
YesWiki is a wiki system written in PHP. In versions up to and including 4.4.5, it is possible for any authenticated user, through the use of the filemanager to delete any file owned by the user running the FastCGI Process Manager FPM on the host without any limitation on the filesystem's scope...
PT-2021-16155 · WordPress · Omgf
Name of the Vulnerable Software and Affected Versions: OMGF WordPress plugin versions prior to 4.5.4 Description: The issue allows any authenticated users to delete arbitrary files or folders on the server due to the lack of path validation, authorisation, and CSRF checks in the omgf ajax empty d...
WooCommerce <= 3.4.5 - Authenticated File Deletion to Privilege Escalation
Attackers in control of a user with the shop manager role can delete certain files on the server and then take over any victim account...
Unpatched WordPress Flaw Gives Attackers Full Control Over Your Site
UPDATE— WordPress has released version 4.9.7 to finally patch this vulnerability that could allow remote attackers to gain full control over affected websites. You are recommended to install the latest available version of WordPress as soon as possible. Last week we received a tip about an...
Ajax Load More <= 2.8.1.1 - Authenticated File Upload & Deletion
Authenticated file upload in file ajax-load-more/admin/admin.php file, in the function almsaverepeater. The variable $f is set to a predictable PHP file path, and then the content of the variable $c is written into that file. The following code proves that this second variable is also set from...