EUVD-2026-25073

Xerte Online Toolkits versions 3.15 and earlier contain an information disclosure vulnerability that allows unauthenticated attackers to retrieve the full server-side filesystem path of the application root. Attackers can send a GET request to the /setup page to access the exposed rootpath value...

CVE-2026-41459 Xerte Online Toolkits Path Disclosure via /setup

Xerte Online Toolkits versions 3.15 and earlier contain an information disclosure vulnerability that allows unauthenticated attackers to retrieve the full server-side filesystem path of the application root. Attackers can send a GET request to the /setup page to access the exposed rootpath value...

EUVD-2021-31483

Malicious code in bioql PyPI...

CVE-2021-44663

A Remote Code Execution RCE vulnerability exists in the Xerte Project Xerte through 3.8.4 via a crafted php file through elfinder in connetor.php...

CVE-2021-44663

A Remote Code Execution RCE vulnerability exists in the Xerte Project Xerte through 3.8.4 via a crafted php file through elfinder in connetor.php...

CVE-2021-44663

A Remote Code Execution RCE vulnerability exists in the Xerte Project Xerte through 3.8.4 via a crafted php file through elfinder in connetor.php...

CVE-2021-44663

The CVE-2021-44663 vulnerability affects Xerte Project (Xerte) up to version 3.8.4, where remote code execution can be triggered via a crafted PHP file uploaded through elfinder in connector.php. The underlying issue enables network-exposed RCE with high impact (as indicated by CVSS scores in the...

CVE-2019-1010178

CVE-2019-1010178 affects MODX Revolution ≤ 1.0.0-beta4/β5 via the Fred add-on (assets/components/fred/web/elfinder/connector.php). The root cause is Incorrect Access Control (CWE-648), enabling Remote Code Execution. The attack vector involves uploading a PHP file or altering data in the database...

WordPress CYSTEME Finder Plugin 1.3 - Arbitrary File Upload

Arbitrary File Upload vulnerability was found in WordPress CYSTEME Finder Plugin 1.3. It allows remote attackers to upload aribitary files to the target server. This vulnerability exists in http://targetserver/wp-content/plugins/cysteme-finder/php/connector.php file. Solution Update CYSTEME Finde...

DoceboLMS <= 2.0.4 connector.php Shell Upload Exploit

No description provided by source. ?php ---docebo204xpl.php 15.38 04/12/2005 DoceboLMS AKA SpaghettiLearning= 2.0.4 connector.php Shell Upload coded by rgod site: http://rgod.altervista.org usage: launch from Apache, fill in requested fields, then go! Sun-Tzu: This is called, using the conquered...

espcms <=4.3 public-class-connector.php sql注入漏洞

No description provided by source...

FCKeditor connector.php任意文件上传漏洞

BUGTRAQ ID: 31812 CVECAN ID: CVE-2008-6178 FCKeditor是一款开放源码的HTML文本编辑器。 FCKeditor的editor/filemanager/browser/default/connectors/php/connector.php模块中存在文件上传限制漏洞： 147. function FileUpload $resourceType, $currentFolder 148. 149. $sErrorNumber = '0' ; 150. $sFileName = '' ; 151. 152. if isset...

CVE-2008-3568

Absolute path traversal vulnerability in fckeditor/editor/filemanager/browser/default/connectors/php/connector.php in UNAK-CMS 1.5.5 allows remote attackers to include and execute arbitrary local files via a full pathname in the Dirroot parameter, a different vulnerability than CVE-2006-4890.1...

UNAK-CMS 1.5 - &#039;connector.php&#039; Local File Inclusion

source: https://www.securityfocus.com/bid/30533/info UNAK-CMS is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability using directory-traversal strings to view local files within the context of the...

miniCWB connector.php多个跨站脚本漏洞

BUGTRAQ ID: 29368 miniCWB是一款小型的开源内容管理系统。 Mini CWB没有正确过滤对/javascript/editor/editor/filemanager/browser/mcpuk/connectors/php/connector.php所传送的URL便返回给了用户，这允许远程攻击者通过跨站脚本攻击在用户浏览器会话中执行任意代码。 GraFX miniCWB = 2.1.1 GraFX ----- 目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本： http://www.mini-open-cms.com/...

minicwb-xss.txt

========================================================== Mini-CWB - http://target/minicwbpath/javascript/editor/editor/filemanager/browser/mcpuk/connectors/php/connector.php?GET= - http://target/minicwbpath/javascript/editor/editor/filemanager/browser/mcpuk/connectors/php/connector.php?POST= -...

miniCWB 2.1.1 - connector.php Multiple Cross-Site Scripting Vulnerabilities

miniCWB 2.1.1 - connector.php Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/29368/info miniCWB is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to...

GeekLog 1.4.0sr3 - f(u)ckeditor Remote Code Execution

GeekLog 1.4.0sr3 - fuckeditor Remote Code Execution !/usr/bin/php -q -d shortopentag=on 126 $result.=" ."; else $result.=" ".$string$i; if strlendechexord$string$i==2 $exa.=" ".dechexord$string$i; else $exa.=" 0".dechexord$string$i; $cont++;if $cont==15 $cont=0; $result.="\r\n"; $exa.="\r\n";...

Directory traversal

Multiple directory traversal vulnerabilities in connector.php in FCKeditor 2.0 FC, as used in products such as RunCMS, allow remote attackers to list and create arbitrary directories via a .. dot dot in the CurrentFolder parameter to 1 GetFoldersAndFiles and 2 CreateFolder...

CVE-2006-0922

CubeCart 3.0 through 3.6 does not properly check authorization for an administration session because of a missing auth.inc.php include, which results in an absolute path traversal vulnerability in FileUpload in connector.php aka upload.php that allows remote attackers to upload arbitrary files vi...