3 matches found
CVE-2026-2343
The PeproDev Ultimate Invoice WordPress plugin through 2.2.5 has a bulk download invoices action that generates ZIP archives containing exported invoice PDFs. The ZIP files are named predictably making it possible to brute force and retreive PII...
GHSA-P68C-RMFH-J48H ConcreteCMS is vulnerable to Denial of Service During Bulk Downloads
ConcreteCMS v9.4.7 contains a Denial of Service DoS vulnerability in the File Manager component. The 'download' method in 'concrete/controllers/backend/file.php' improperly manages memory when creating zip archives. It uses 'ZipArchive::addFromString' combined with 'filegetcontents', which loads...
CVE-2026-30662
ConcreteCMS v9.4.7 is affected by a DoS in the File Manager’s download path. The vulnerability resides in the download() method of concrete/controllers/backend/file.php, which uses ZipArchive::addFromString in combination with file_get_contents, causing PHP to load the full contents of all select...