Lucene search
K

6 matches found

Github Security Blog
Github Security Blog
added 2026/06/12 8:7 p.m.14 views

TYPO3 CMS: Destructive Actions on File Mount Folders

Problem Non-privileged backend users with file mount access were able to perform write operations move, delete, rename on folders representing the root of an active file mount due to missing authorization restrictions. Solution Update to TYPO3 versions 10.4.57 ELTS, 11.5.51 ELTS, 12.4.46 ELTS,...

7.2CVSS5.2AI score0.00238EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2026/05/18 4:21 p.m.7 views

GHSA-245J-XJVR-XVM5 CI4MS Fileeditor allows deletion and rename of critical application files due to missing extension allowlist on destructive operations

Summary The Fileeditor module enforces an extension allowlist 'css','js','html','txt','json','sql','md' on content-write operations saveFile, createFile, but two destructive endpoints — deleteFileOrFolder and renameFile — never validate the extension of the source path. A backend user with...

6.5CVSS6AI score0.00037EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/11 12:0 a.m.18 views

PT-2026-39571

A security flaw has been discovered in D-Link DNS-320 2.06B01. This affects the function delete/rename/copy/move/chmod/chown of the file /cgi-bin/webfile mgr.cgi. The manipulation results in os command injection. The attack may be performed from remote. The exploit has been released to the public...

5.8CVSS5.6AI score0.05587EPSS
Exploits1References6
Cvelist
Cvelist
added 2025/10/20 5:38 p.m.17 views

CVE-2025-62509 FileRise improper ownership/permission validation allowed cross-tenant file operations

FileRise is a self-hosted web-based file manager with multi-file upload, editing, and batch operations. Prior to version 1.4.0, a business logic flaw in FileRise’s file/folder handling allows low-privilege users to perform unauthorized operations view/delete/modify on files created by other users...

8.1CVSS0.00279EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2013/06/01 2:21 p.m.4 views

CVE-2013-0136

Multiple directory traversal vulnerabilities in the EditDocument servlet in the Frontend in Mutiny before 5.0-1.11 allow remote authenticated users to upload and execute arbitrary programs, read arbitrary files, or cause a denial of service file deletion or renaming via 1 the uploadPath parameter...

8.5CVSS6AI score0.40338EPSS
Exploits8References5
exploitpack
exploitpack
added 2007/11/14 12:0 a.m.12 views

CONTENTCustomizer 3.1 - Dialog.php Unauthorized Access

CONTENTCustomizer 3.1 - Dialog.php Unauthorized Access source: https://www.securityfocus.com/bid/26437/info CONTENTCustomizer is prone to an unauthorized access vulnerability because the application fails to sufficiently sanitize user-supplied input. An attacker could exploit this issue to delete...

0.5AI score
Exploits0
Rows per page
Query Builder