CVE-2019-20071

On Netis DL4323 devices, CSRF exists via form2logaction.cgi to delete all logs...

EUVD-2021-11901

Malware in sbrugna...

EUVD-2025-16882

Malicious code in bioql PyPI...

EUVD-2025-6260

Malicious code in bioql PyPI...

CVE-2025-21609

SiYuan is self-hosted, open source personal knowledge management software. SiYuan Note version 3.1.18 has an arbitrary file deletion vulnerability. The vulnerability exists in the POST /api/history/getDocHistoryContent endpoint. An attacker can craft a payload to exploit this vulnerability,...

CVE-2020-5296

In OctoberCMS october/october composer package versions from 1.0.319 and before 1.0.466, an attacker can exploit this vulnerability to delete arbitrary local files of an October CMS server. The vulnerability is only exploitable by an authenticated backend user with the cms.manageassets permission...

CVE-2020-19886

DBHcms v1.2.0 has no CSRF protection mechanism,as demonstrated by CSRF for an /index.php?dbhcmspid=-80=9 can delete any menu...

CVE-2014-3849

The iMember360 plugin 3.8.012 through 3.9.001 for WordPress does not properly restrict access, which allows remote attackers to delete arbitrary users via a request containing a user name in the Email parameter and the API key in the i4wclearuser parameter...

20,000 WordPress Sites Affected by Arbitrary File Upload and Deletion Vulnerabilities in WP Ultimate CSV Importer WordPress Plugin

📢Did you know Wordfence runs aBug Bounty Program for all WordPress plugins and themes at no cost to vendors? Researchers can earn up to $31,200 per vulnerability , for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we...

Improper Access Control Allows deleting other users' reminders

Description Because the report I reported before was exploited on the public, I created a new report to exploit on the local machine The vulnerability allows users to delete other users' prompts on the system via the groupid parameter Proof of Concept const deletePromptController = async req, res...

HTML2WP <= 1.0.0 - Subscriber+ Arbitrary File Deletion

The plugin does not have authorisation and CSRF checks in an AJAX action, available to any authenticated users such as subscriber, which could allow them to delete arbitrary file To delete the license.txt at the root of the blog: await...

Telesquare TLR-2855KS6 - Arbitrary File Deletion

Exploit Title: Telesquare TLR-2855KS6 - Arbitrary File Deletion Date: 7/4/2022 Exploit Author: Momen Eldawakhly Cyber Guy Vendor Homepage: http://www.telesquare.co.kr/ Version: TLR-2855KS6 Tested on: Linux Firefox CVE : CVE-2021-46419 Proof of Concept DELETE /cgi-bin/test.cgi HTTP/1.1 Host:...

Logic Flaw Vulnerability in SongCMS

SongCMS is a PHP MySQL, ASP Access/SQL Server based development, enterprise-oriented, multi-language support, free, open source CMS to help business users to quickly build and deploy enterprise-level portals. A logic flaw vulnerability exists in SongCMS. An attacker can exploit this vulnerability...

UsualToolCMS suffers from an arbitrary file deletion vulnerability (CNVD-2021-03498)

UsualToolCMS UTCMS is a content management system and rapid site building framework. UsualToolCMS suffers from an arbitrary file deletion vulnerability. An attacker can exploit the vulnerability to delete arbitrary files...

U-mail一处SQL注入+任意文件删除

简要描述： U-mail一处SQL注入+任意文件删除 详细说明： oletterpaper.php 1.sql注入： if ACTION == "letterpaper-set" $url = makelink "option", "view", "letterpaper" ; $lpid = gss $POST'id' ; .... if $lpid $lpinfo = $Widget-getoneletterpaper "id=".$lpid, "", 0 ; 没啥好分析的，直接上exp...

WePay: CSRF on email address operations. Also performing unintended operations.

After authentication in the WePay application, a user can navigate to the "My Settings" tab and perform operations like makeprimary and resend on the email addresses. These operations do not have any CSRF tokens present in the request. The only value unknown to an attacker present in the request ...

Silentum Uploader 1.4.0 Remote File Deletion Exploit

No description provided by source. Vendor: http://hypersilence.net Versions: Silentum Uploader 1.4.0 May also affect earlier versions Credit: Danny Moules Critical: Yes See PUSH 55 Advisory at http://www.push55.co.uk/advisories.php?id=2 ---- Due to insufficient validation of client-side data, we...

MultiTheftAuto 0.5 patch 1 Server Crash and MOTD Deletion Exploit

No description provided by source. / by Luigi Auriemma / include stdio.h include stdlib.h ifdef WIN32 include winsock.h / Header file used for manage errors in Windows It support socket and errno too this header replace the previous sockerrX.h / include string.h include errno.h void stderrvoid ch...