CVE-2020-37116 GUnet OpenEclass 1.7.3 E-learning platform - phpMyAdmin Remote Access

GUnet OpenEclass 1.7.3 includes phpMyAdmin 2.10.0.2 by default, which allows remote logins. Attackers with access to the platform can remotely access phpMyAdmin and, after uploading a shell, view the config.php file to obtain the MySQL password, leading to full database compromise...

CVE-2025-13439

The Fancy Product Designer plugin for WordPress is vulnerable to Information Disclosure and PHAR Deserialization in all versions up to, and including, 6.4.8. This is due to insufficient validation of user-supplied input in the 'url' parameter of the 'fpdcustomuplodfile' AJAX action, which flows...

CVE-2025-10897

The CVE-2025-10897 vulnerability affects the WooCommerce Designer Pro plugin for WordPress (versions up to and including 1.9.28). It allows unauthenticated arbitrary file reads, enabling an attacker to read server files such as wp-config.php and potentially exposed database credentials. Wordfence...

CVE-2025-10897 WooCommerce Designer Pro <= 1.9.28 - Unauthenticated Arbitrary File Read

The WooCommerce Designer Pro theme for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 1.9.28. This makes it possible for unauthenticated attackers to read arbitrary files on the server, which can expose DB credentials when the wp-config.php file is read...

CVE-2025-8895

The WP Webhooks plugin for WordPress is vulnerable to arbitrary file copy due to missing validation of user-supplied input in all versions up to, and including, 3.3.5. This makes it possible for unauthenticated attackers to copy arbitrary files on the affected site's server to arbitrary locations...

CVE-2025-8895

The WP Webhooks plugin for WordPress is vulnerable to arbitrary file copy due to missing validation of user-supplied input in all versions up to, and including, 3.3.5. This makes it possible for unauthenticated attackers to copy arbitrary files on the affected site's server to arbitrary locations...

CVE-2022-1585

The Project Source Code Download WordPress plugin through 1.0.0 does not protect its backup generation and download functionalities, which may allow any visitors on the site to download the entire site, including sensitive files like wp-config.php...

CVE-2005-4686

PunBB 1.2.9, when used alone or with F-ART BLOG:CMS, includes config.php before calling the unregisterglobals function, which allows attackers to obtain unspecified sensitive information...

CVE-2022-2357

The WSM Downloader WordPress plugin through 1.4.0 allows any visitor to use its remote file download feature to download any local files, including sensitive ones like wp-config.php...

CMS ISWEB Path Traversal Vulnerability

CMS ISWEB is a content management system CMS. A directory traversal vulnerability exists in CMS ISWEB version 3.5.3. An attacker can exploit this vulnerability to download the config.php file and take control of the application...