CVE-2026-5574 Technostrobe HI-LED-WR120-G2 FsBrowseClean deletefile authorization

A security vulnerability has been detected in Technostrobe HI-LED-WR120-G2 5.5.0.1R6.03.30. Affected is the function deletefile of the component FsBrowseClean. The manipulation of the argument dir/path leads to missing authorization. The attack may be initiated remotely. The exploit has been...

CVE-2025-7628

A vulnerability was found in YiJiuSmile kkFileViewOfficeEdit up to 5fbc57c48e8fe6c1b91e0e7995e2d59615f37abd. It has been classified as critical. This affects the function deleteFile of the file /deleteFile. The manipulation of the argument fileName leads to path traversal. It is possible to...

CVE-2025-7628

A vulnerability was found in YiJiuSmile kkFileViewOfficeEdit up to 5fbc57c48e8fe6c1b91e0e7995e2d59615f37abd. It has been classified as critical. This affects the function deleteFile of the file /deleteFile. The manipulation of the argument fileName leads to path traversal. It is possible to...

PT-2025-29505 · Unknown · Kkfileviewofficeedit

Name of the Vulnerable Software and Affected Versions: YiJiuSmile kkFileViewOfficeEdit versions up to 5fbc57c48e8fe6c1b91e0e7995e2d59615f37abd Description: A critical issue exists in the deleteFile function located at /deleteFile. Manipulation of the fileName argument can lead to path traversal,...

PT-2025-28122 · Unknown · Risesoft-Y9 Digital-Infrastructure

Name of the Vulnerable Software and Affected Versions: risesoft-y9 Digital-Infrastructure versions prior to 9.6.8 Description: A critical issue affects the deleteFile function in the file...

CVE-2020-22761

Cross Site Request Forgery CSRF vulnerability in FlatPress 1.1 via the DeleteFile function in flat/admin.php...

Denial Of Service (DoS)

github.com/casdoor/casdoor is vulnerable to denial of service. The vulnerability exists in the DeleteFile function of storage.go due to arbitrary file deletion via uploadFile which allows an attacker to delete arbitrary files in the system...

CVE-2020-22761

Cross Site Request Forgery CSRF vulnerability in FlatPress 1.1 via the DeleteFile function in flat/admin.php...

Cross site request forgery (csrf)

Cross Site Request Forgery CSRF vulnerability in FlatPress 1.1 via the DeleteFile function in flat/admin.php...

FlatPress cross-site request forgery vulnerability

FlatPress is a lightweight, easy-to-setup blogging engine. flatPress version 1.1 is vulnerable to cross-site request forgery. An attacker can use the DeleteFile function in flat/admin.php to conduct a cross-site request forgery attack...

CVE-2020-22761

Cross Site Request Forgery CSRF vulnerability in FlatPress 1.1 via the DeleteFile function in flat/admin.php...

PT-2021-10786 · Flatpress · Flatpress

Name of the Vulnerable Software and Affected Versions: FlatPress version 1.1 Description: A Cross Site Request Forgery CSRF issue exists, allowing unauthorized actions. The DeleteFile function in flat/admin.php is affected. Recommendations: For FlatPress version 1.1, consider disabling the...