36 matches found
CVE-2023-54339
Webgrind 1.1 contains a remote command execution vulnerability that allows unauthenticated attackers to inject OS commands via the dataFile parameter in index.php. Attackers can execute arbitrary system commands by manipulating the dataFile parameter, such as using payload '0%27%26calc.exe%26%27'...
CVE-2023-54339
Webgrind 1.1 contains a remote command execution vulnerability that allows unauthenticated attackers to inject OS commands via the dataFile parameter in index.php. Attackers can execute arbitrary system commands by manipulating the dataFile parameter, such as using payload '0%27%26calc.exe%26%27'...
CVE-2023-54339 Webgrind 1.1 - Remote Command Execution (RCE) via dataFile Parameter
Webgrind 1.1 contains a remote command execution vulnerability that allows unauthenticated attackers to inject OS commands via the dataFile parameter in index.php. Attackers can execute arbitrary system commands by manipulating the dataFile parameter, such as using payload '0%27%26calc.exe%26%27'...
CVE-2023-54339
Webgrind 1.1 is affected by a remote command execution vulnerability in index.php via the unvalidated dataFile parameter. An unauthenticated attacker can inject and execute OS commands (example payload: '0%27%26calc.exe%26%27'). The issue stems from dataFile handling, enabling arbitrary system co...
CVE-2023-54339 Webgrind 1.1 - Remote Command Execution (RCE) via dataFile Parameter
Webgrind 1.1 contains a remote command execution vulnerability that allows unauthenticated attackers to inject OS commands via the dataFile parameter in index.php. Attackers can execute arbitrary system commands by manipulating the dataFile parameter, such as using payload '0%27%26calc.exe%26%27'...
PT-2026-2429
Name of the Vulnerable Software and Affected Versions Webgrind version 1.1 Description Webgrind version 1.1 contains a remote command execution issue. Unauthenticated attackers can inject OS commands through the dataFile parameter in the ''index.php'' file. Attackers can execute arbitrary system...
EUVD-2025-202690
A weakness has been identified in baowzh hfly up to 638ff9abe9078bc977c132b37acbe1900b63491c. Impacted is an unknown function of the file /admin/index.php/datafile/delfile. This manipulation of the argument filename causes path traversal. The attack is possible to be carried out remotely. The...
CVE-2025-14520
A weakness has been identified in baowzh hfly up to 638ff9abe9078bc977c132b37acbe1900b63491c. Impacted is an unknown function of the file /admin/index.php/datafile/delfile. This manipulation of the argument filename causes path traversal. The attack is possible to be carried out remotely. The...
CVE-2025-14521
A security vulnerability has been detected in baowzh hfly up to 638ff9abe9078bc977c132b37acbe1900b63491c. The affected element is an unknown function of the file /admin/index.php/datafile/download. Such manipulation of the argument filename leads to path traversal. The attack may be performed fro...
CVE-2025-14520
A weakness has been identified in baowzh hfly up to 638ff9abe9078bc977c132b37acbe1900b63491c. Impacted is an unknown function of the file /admin/index.php/datafile/delfile. This manipulation of the argument filename causes path traversal. The attack is possible to be carried out remotely. The...
CVE-2025-14521 baowzh hfly download path traversal
A security vulnerability has been detected in baowzh hfly up to 638ff9abe9078bc977c132b37acbe1900b63491c. The affected element is an unknown function of the file /admin/index.php/datafile/download. Such manipulation of the argument filename leads to path traversal. The attack may be performed fro...
CVE-2025-14521
The CVE-2025-14521 entry concerns baowzh hfly, where the path traversal vulnerability is triggered by manipulating the filename argument in the API endpoint /admin/index.php/datafile/download. The condition arises from an unknown function within that file, allowing remote exploitation and publicl...
CVE-2025-14520
CVE-2025-14520 affects the baowzh hfly software. Multiple connected sources describe a path traversal vulnerability in the file /admin/index.php/datafile/delfile triggered by manipulation of the filename parameter. This allows remote exploitation and has been publicly available as an exploit. The...
CVE-2025-14520 baowzh hfly delfile path traversal
A weakness has been identified in baowzh hfly up to 638ff9abe9078bc977c132b37acbe1900b63491c. Impacted is an unknown function of the file /admin/index.php/datafile/delfile. This manipulation of the argument filename causes path traversal. The attack is possible to be carried out remotely. The...
CVE-2025-14520 baowzh hfly delfile path traversal
A weakness has been identified in baowzh hfly up to 638ff9abe9078bc977c132b37acbe1900b63491c. Impacted is an unknown function of the file /admin/index.php/datafile/delfile. This manipulation of the argument filename causes path traversal. The attack is possible to be carried out remotely. The...
hfly 路径遍历漏洞
hfly is a travel website by the individual developer baowzh. A path traversal vulnerability exists in hfly, which stems from an incorrect manipulation of the parameter filename in the file /admin/index.php/datafile/delfile, which could lead to a path traversal attack...
hfly 路径遍历漏洞
hfly is a travel website by the individual developer baowzh. A path traversal vulnerability exists in hfly, which stems from an incorrect manipulation of the parameter filename in the file /admin/index.php/datafile/download, which could lead to a path traversal attack...
PT-2025-50629
Name of the Vulnerable Software and Affected Versions baowzh hfly versions prior to 638ff9abe9078bc977c132b37acbe1900b63491c Description A security issue exists in baowzh hfly that allows for path traversal. This occurs due to manipulation of the filename argument in the...
Linux Distros Unpatched Vulnerability : CVE-2019-10878
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Teeworlds 0.7.2, there is a failed bounds check in CDataFileReader::GetData and CDataFileReader::ReplaceData and related functions in...
Linux Distros Unpatched Vulnerability : CVE-2019-10879
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Teeworlds 0.7.2, there is an integer overflow in CDataFileReader::Open in engine/shared/datafile.cpp that can lead to a buffer overflow and possibly remote...