EUVD-2026-28939

A vulnerability was detected in JeecgBoot up to 3.9.1. The affected element is an unknown function of the file jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/CommonController.java of the component SVG File Handler. The manipulation results in cross site...

CVE-2026-8195

A vulnerability was detected in JeecgBoot up to 3.9.1. The affected element is an unknown function of the file jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/CommonController.java of the component SVG File Handler. The manipulation results in cross site...

CVE-2026-8195 JeecgBoot SVG File CommonController.java cross site scripting

A vulnerability was detected in JeecgBoot up to 3.9.1. The affected element is an unknown function of the file jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/CommonController.java of the component SVG File Handler. The manipulation results in cross site...

CVE-2026-7605 JeecgBoot uploadImgByHttpEndpoint CommonController.java HttpFileToMultipartFileUtil.downloadImageData server-side request forgery

A security flaw has been discovered in JeecgBoot up to 3.9.1. This vulnerability affects the function CommonController.uploadImgByHttp/HttpFileToMultipartFileUtil.httpFileToMultipartFile/HttpFileToMultipartFileUtil.downloadImageData of the file CommonController.java of the component...

EUVD-2026-26753

A security flaw has been discovered in JeecgBoot up to 3.9.1. This vulnerability affects the function CommonController.uploadImgByHttp/HttpFileToMultipartFileUtil.httpFileToMultipartFile/HttpFileToMultipartFileUtil.downloadImageData of the file CommonController.java of the component...

CVE-2026-7545 SourceCodester Advanced School Management System checkEmail Endpoint commonController.php sql injection

A weakness has been identified in SourceCodester Advanced School Management System 1.0. The affected element is an unknown function of the file commonController.php of the component checkEmail Endpoint. This manipulation causes sql injection. Remote exploitation of the attack is possible. The...

SourceCodester Advanced School Management System 注入漏洞

SourceCodester Advanced School Management System is an advanced school management system developed by SourceCodester as open source. Version 1.0 of the SourceCodester Advanced School Management System has a vulnerability related to SQL injection, which originates from an unknown function in the...

CVE-2025-9409

A security flaw has been discovered in lostvip-com ruoyi-go up to 2.1. Impacted is the function DownloadTmp/DownloadUpload of the file modules/system/controller/CommonController.go. Performing manipulation of the argument fileName results in path traversal. It is possible to initiate the attack...

CVE-2025-9409 lostvip-com ruoyi-go CommonController.go DownloadUpload path traversal

A security flaw has been discovered in lostvip-com ruoyi-go up to 2.1. Impacted is the function DownloadTmp/DownloadUpload of the file modules/system/controller/CommonController.go. Performing manipulation of the argument fileName results in path traversal. It is possible to initiate the attack...

CVE-2025-7906

A vulnerability was found in yangzongzhuan RuoYi up to 4.8.1 and classified as critical. This issue affects the function uploadFile of the file ruoyi-admin/src/main/java/com/ruoyi/web/controller/common/CommonController.java. The manipulation of the argument File leads to unrestricted upload. The...

CVE-2025-0401

A vulnerability classified as critical has been found in 1902756969 reggie 1.0. Affected is the function download of the file src/main/java/com/itheima/reggie/controller/CommonController.java. The manipulation of the argument name leads to path traversal. It is possible to launch the attack...

PT-2024-33048 · Wtcms · Wtcms

Name of the Vulnerable Software and Affected Versions: WTCMS version 1.0 Description: The issue is related to Incorrect Access Control in the CommonControllerHomebaseController.class.php file. Recommendations: For WTCMS version 1.0, consider restricting access to the HomebaseController.class.php...

wtcms 安全漏洞

wtcms is a ThinkPHP-based content management system CMS by Taosir Personal Developer. A security vulnerability exists in version 1.0 of wtcms, which stems from vulnerability to a false access control attack in the file CommonControllerHomebaseController.class.php...

CVE-2024-24025

An arbitrary File upload vulnerability exists in Novel-Plus v4.3.0-RC1 and prior at com.java2nb.common.controller.FileController: upload. An attacker can pass in specially crafted filename parameter to perform arbitrary File download...

PT-2024-15715 · Unknown · Yunyou Cms

Name of the Vulnerable Software and Affected Versions: Yunyou CMS versions up to 2.2.6 Description: A critical vulnerability has been found in Yunyou CMS, affecting unknown code of the file /app/index/controller/Common.php. The manipulation of the templateFile argument leads to unrestricted uploa...

PT-2023-21019 · Jizhicms · Jizhicms

Name of the Vulnerable Software and Affected Versions: Jizhicms version 2.4.5 Description: An arbitrary file upload vulnerability in the CommonController.php component allows attackers to execute arbitrary code via a crafted phtml file. This issue is related to the admincCommonController.php...

Remote code execution

PHP remote file inclusion in the assignresumetpl method in Application/Common/Controller/BaseController.class.php in 74CMS before 6.0.48 allows remote code execution...

CVE-2019-17612

An issue was discovered in 74CMS v5.2.8. There is a SQL Injection generated by the list method in the Common/Controller/BackendController.class.php file via the index.php?m=Admin&c=Ad&a=category sort parameter...

Unspecified Vulnerability in FEBS-Shiro

FEBS-Shiro is a set of back-end permissions management system based on the Sping Boot framework . A security vulnerability exists in the 'fileDownload' function of the CommonController class in versions of FEBS-Shiro prior to 2018-11-05. An attacker can exploit the vulnerability by sending a...