15 matches found
EUVD-2014-4915
Malware in sbrugna...
EUVD-2021-11056
Malware in sbrugna...
EUVD-2020-21679
Malware in sbrugna...
EUVD-2023-54090
Malicious code in bioql PyPI...
CVE-2023-2252
The Directorist WordPress plugin before 7.5.4 is vulnerable to Local File Inclusion as it does not validate the file parameter when importing CSV files...
CVE-2020-29304
A cross-site scripting XSS vulnerability exists in the SabaiApps WordPress Directories Pro plugin version 1.3.45 and previous, allows attackers who have convinced a site administrator to import a specially crafted CSV file to inject arbitrary web script or HTML as the victim is proceeding through...
CVE-2023-2252 Directorist < 7.5.4 - Admin+ LFI
The Directorist WordPress plugin before 7.5.4 is vulnerable to Local File Inclusion as it does not validate the file parameter when importing CSV files...
PT-2024-11967 · WordPress · Directorist Wordpress Plugin
Name of the Vulnerable Software and Affected Versions: Directorist WordPress plugin versions prior to 7.5.4 Description: The issue is related to Local File Inclusion, where the plugin does not validate the file parameter when importing CSV files. This allows for potential exploitation. There is n...
Path traversal
A vulnerability, which was classified as critical, was found in IP Blacklist Cloud Plugin up to 3.42 on WordPress. This affects the function validjsidentifier of the file ipblacklistcloud.php of the component CSV File Import. The manipulation of the argument filename leads to path traversal. It i...
CVE-2015-10105 IP Blacklist Cloud Plugin CSV File Import ip_blacklist_cloud.php valid_js_identifier path traversal
A vulnerability, which was classified as critical, was found in IP Blacklist Cloud Plugin up to 3.42 on WordPress. This affects the function validjsidentifier of the file ipblacklistcloud.php of the component CSV File Import. The manipulation of the argument filename leads to path traversal. It i...
CVE-2015-10105 IP Blacklist Cloud Plugin CSV File Import ip_blacklist_cloud.php valid_js_identifier path traversal
A vulnerability, which was classified as critical, was found in IP Blacklist Cloud Plugin up to 3.42 on WordPress. This affects the function validjsidentifier of the file ipblacklistcloud.php of the component CSV File Import. The manipulation of the argument filename leads to path traversal. It i...
CVE-2015-10105
CVE-2015-10105 affects the WordPress IP Blacklist Cloud Plugin (CSV File Import) up to version 3.42, specifically the valid_js_identifier function in ip_blacklist_cloud.php. The vulnerability arises from improper handling of the filename argument, enabling path traversal and remote initiation of ...
PT-2023-14971 · WordPress · Members Import
Name of the Vulnerable Software and Affected Versions: Members Import plugin for WordPress versions up to, and including, 1.4.2 Description: The issue is related to Self Cross-Site Scripting via the user login parameter in an imported CSV file due to insufficient input sanitization and output...
The CSV import function in JSM Insight’s data processing center for Atlassian Jira Server and Data Center is vulnerable, allowing attackers to perform SSRF attacks.
The vulnerability of the CSV import function in JSM Insight, a data processing tool for Atlassian Jira Server and Data Center, is related to insufficient validation of requests at the server side. Exploiting this vulnerability could allow a malicious actor to perform an SSRF attack remotely...
CVE-2022-2268
The Import any XML or CSV File to WordPress plugin before 3.6.8 accepts all zip files and automatically extracts the zip file without validating the extracted file type. Allowing high privilege users such as admin to upload an arbitrary file like PHP, leading to RCE...