Lucene search
K

12 matches found

CVE
CVE
added 2025/12/05 12:0 a.m.12 views

CVE-2025-65879

CVE-2025-65879 — Normal mode Warehouse Management System 1.2 is affected by an authenticated arbitrary file deletion vulnerability. The /goods/deleteGoods endpoint accepts a user-controlled goodsimg parameter, which is directly concatenated with the server’s UPLOAD_PATH and passed to File.delete(...

8.1CVSS6.6AI score0.00693EPSS
Exploits1References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/08/25 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2018-19143

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Open Ticket Request System OTRS 4.0.x before 4.0.33, 5.0.x before 5.0.31, and 6.0.x before 6.0.13 allows an authenticated user to delete files via a modified...

6.5CVSS6.4AI score0.00861EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/07/14 8:19 a.m.15 views

CVE-2024-26292 Authenticated Arbitrary File Deletion affecting Avid NEXIS

An authenticated Arbitrary File Deletion vulnerability enables an attacker to delete critical files. This issue affects Avid NEXIS E-series: before 2025.5.1; Avid NEXIS F-series: before 2025.5.1; Avid NEXIS PRO+: before 2025.5.1; System Director Appliance SDA+: before 2025.5.1...

7.1CVSS0.00364EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/22 6:39 a.m.7 views

CVE-2018-1000647

LibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated Unrestricted File Deletion vulnerability in Import template that can result in Denial of service. This attack appear to be exploitable via User controlled parameter...

7.1CVSS6.8AI score0.01467EPSS
Exploits1References1
CVE
CVE
added 2025/04/11 1:55 a.m.70 views

CVE-2025-0124

CVE-2025-0124 (PAN-OS): An authenticated attacker with network access to the PAN-OS management web interface can delete certain files as the "nobody" user (logs/config files; not system files). Affected product: PAN-OS running on Cloud NGFW; not Prisma Access. Root cause: authenticated file delet...

5.1CVSS6.4AI score0.00307EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2025/01/21 8:11 p.m.15 views

GHSA-43C9-GW4X-PCX6 Authenticated arbitrary file deletion in YesWiki

Authenticated arbitrary file deletion in YesWiki fmRestore; $this-fmShowtrue, $isAction; break; case 'erase': $this-fmErase; $this-fmShowtrue, $isAction; break; case 'del': $this-fmDelete; $this-fmShowfalse, $isAction; break; case 'trash': $this-fmShowtrue, $isAction; break; case 'emptytrash':...

7.1CVSS6.8AI score0.00568EPSS
Exploits1References4
Cvelist
Cvelist
added 2025/01/21 5:36 p.m.56 views

CVE-2025-24019 YesWiki vulnerable to authenticated arbitrary file deletion

YesWiki is a wiki system written in PHP. In versions up to and including 4.4.5, it is possible for any authenticated user, through the use of the filemanager to delete any file owned by the user running the FastCGI Process Manager FPM on the host without any limitation on the filesystem's scope...

7.1CVSS0.00568EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/01/21 5:36 p.m.8 views

CVE-2025-24019 YesWiki vulnerable to authenticated arbitrary file deletion

YesWiki is a wiki system written in PHP. In versions up to and including 4.4.5, it is possible for any authenticated user, through the use of the filemanager to delete any file owned by the user running the FastCGI Process Manager FPM on the host without any limitation on the filesystem's scope...

7.1CVSS6.7AI score0.00568EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2021/09/20 12:0 a.m.4 views

PT-2021-16155 · WordPress · Omgf

Name of the Vulnerable Software and Affected Versions: OMGF WordPress plugin versions prior to 4.5.4 Description: The issue allows any authenticated users to delete arbitrary files or folders on the server due to the lack of path validation, authorisation, and CSRF checks in the omgf ajax empty d...

8.1CVSS7.9AI score0.00883EPSS
Exploits2References6
WPVulnDB
WPVulnDB
added 2018/10/11 12:0 a.m.21 views

WooCommerce <= 3.4.5 - Authenticated File Deletion to Privilege Escalation

Attackers in control of a user with the shop manager role can delete certain files on the server and then take over any victim account...

5.5CVSS5AI score0.01842EPSS
Exploits0References3Affected Software1
The Hacker News
The Hacker News
added 2018/06/27 9:19 a.m.3 views

Unpatched WordPress Flaw Gives Attackers Full Control Over Your Site

UPDATE— WordPress has released version 4.9.7 to finally patch this vulnerability that could allow remote attackers to gain full control over affected websites. You are recommended to install the latest available version of WordPress as soon as possible. Last week we received a tip about an...

7.8AI score
Exploits0
WPVulnDB
WPVulnDB
added 2015/10/10 12:0 a.m.12 views

Ajax Load More <= 2.8.1.1 - Authenticated File Upload & Deletion

Authenticated file upload in file ajax-load-more/admin/admin.php file, in the function almsaverepeater. The variable $f is set to a predictable PHP file path, and then the content of the variable $c is written into that file. The following code proves that this second variable is also set from...

0.5AI score
Exploits0References2Affected Software1
Rows per page
Query Builder