6 matches found
CVE-2025-5213
CVE-2025-5213 affects projectworlds Responsive E-Learning System 1.0. The vulnerability is an SQL injection in an unknown functionality of the file /admin/delete_file.php caused by improper handling of the ID argument. It can be exploited remotely and the exploit has been disclosed publicly. Impa...
CVE-2025-5213 projectworlds Responsive E-Learning System delete_file.php sql injection
A vulnerability was found in projectworlds Responsive E-Learning System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/deletefile.php. The manipulation of the argument ID leads to sql injection. The attack can be launched...
CVE-2019-8291
Online Store System v1.0 deletefile.php doesn't check to see if a user has administrative rights nor does it check for path traversal...
Path traversal
Online Store System v1.0 deletefile.php doesn't check to see if a user has administrative rights nor does it check for path traversal...
CVE-2019-8291
Online Store System v1.0 deletefile.php doesn't check to see if a user has administrative rights nor does it check for path traversal...
CVE-2019-8291
The CVE-2019-8291 entry concerns Online Store System v1.0, specifically delete_file.php, which does not verify administrative rights and lacks path traversal protection. Publicly available connected records describe a path traversal vulnerability enabling access to locations outside restricted di...