CVE-2026-45230

DumbAssets through 1.0.11 contains a path traversal vulnerability in the POST /api/delete-file endpoint and filesToDelete array parameters that allows unauthenticated attackers to delete arbitrary files by supplying ../ sequences that bypass directory boundary validation. Attackers can exploit th...

PT-2026-42555

Name of the Vulnerable Software and Affected Versions Concrete CMS versions prior to 9.5.1 Description An inverted CSRF token check in the DeleteFile controller allows unauthorized file deletion. The system incorrectly throws an error when the token is valid and proceeds with the deletion process...

CVE-2026-45230

DumbAssets through 1.0.11 contains a path traversal vulnerability in the POST /api/delete-file endpoint and filesToDelete array parameters that allows unauthenticated attackers to delete arbitrary files by supplying ../ sequences that bypass directory boundary validation. Attackers can exploit th...

CVE-2026-45230 DumbAssets 1.0.11 Path Traversal File Deletion via /api/delete-file

DumbAssets through 1.0.11 contains a path traversal vulnerability in the POST /api/delete-file endpoint and filesToDelete array parameters that allows unauthenticated attackers to delete arbitrary files by supplying ../ sequences that bypass directory boundary validation. Attackers can exploit th...

CVE-2026-45230

CVE-2026-45230 affects DumbAssets 1.0.11 and earlier. The issue is a path traversal vulnerability in POST /api/delete-file and the filesToDelete array, allowing unauthenticated attackers to supply ".." sequences to escape the application directory and delete arbitrary files (e.g., server.js, pack...

CVE-2026-45230

DumbAssets through 1.0.11 contains a path traversal vulnerability in the POST /api/delete-file endpoint and filesToDelete array parameters that allows unauthenticated attackers to delete arbitrary files by supplying ../ sequences that bypass directory boundary validation. Attackers can exploit th...

CVE-2026-0578

A vulnerability has been found in code-projects Online Product Reservation System 1.0. Affected by this issue is some unknown functionality of the file /handgunner-administrator/delete.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The explo...

PT-2024-16261 · Unknown · Code-Projects Blood Bank Management System

Name of the Vulnerable Software and Affected Versions: code-projects Blood Bank Management System version 1.0 Description: A critical issue has been found in the system, affecting an unknown function of the file /file/delete.php. The manipulation of the bid argument leads to SQL injection. This...

PT-2023-32809 · Rmountjoy92 · Dashmachine

Name of the Vulnerable Software and Affected Versions: rmountjoy92 DashMachine versions 0.5 through 4 Description: A critical issue has been found in the software, affecting some unknown functionality of the file /settings/delete file. The manipulation of the argument file leads to path traversal...