CVE-2025-14520

A weakness has been identified in baowzh hfly up to 638ff9abe9078bc977c132b37acbe1900b63491c. Impacted is an unknown function of the file /admin/index.php/datafile/delfile. This manipulation of the argument filename causes path traversal. The attack is possible to be carried out remotely. The...

CVE-2025-14520 baowzh hfly delfile path traversal

A weakness has been identified in baowzh hfly up to 638ff9abe9078bc977c132b37acbe1900b63491c. Impacted is an unknown function of the file /admin/index.php/datafile/delfile. This manipulation of the argument filename causes path traversal. The attack is possible to be carried out remotely. The...

CVE-2025-8132

CVE-2025-8132 affects ChanCMS up to version 3.1.2. The vulnerability is a path traversal in the delfile function of app/extend/utils.js, enabling remote exploitation. Public exploit details exist, and upgrading to version 3.1.3 addresses the issue. The recommended patch identifier is c8a282bf02a6...

CVE-2025-8132 yanyutao0402 ChanCMS utils.js delfile path traversal

A vulnerability was found in yanyutao0402 ChanCMS up to 3.1.2. It has been rated as critical. Affected by this issue is the function delfile of the file app/extend/utils.js. The manipulation leads to path traversal. The attack may be launched remotely. The exploit has been disclosed to the public...

CVE-2024-10595

A vulnerability was found in ESAFENET CDG 5. It has been declared as critical. Affected by this vulnerability is the function delFile/delDifferCourseList of the file /com/esafenet/servlet/ajax/PublicDocInfoAjax.java. The manipulation leads to sql injection. The attack can be launched remotely. Th...

CVE-2024-27489

An issue in the DelFile function of WMCMS v4.4 allows attackers to delete arbitrary files via a crafted POST request...

CVE-2024-10595 ESAFENET CDG PublicDocInfoAjax.java delDifferCourseList sql injection

A vulnerability was found in ESAFENET CDG 5. It has been declared as critical. Affected by this vulnerability is the function delFile/delDifferCourseList of the file /com/esafenet/servlet/ajax/PublicDocInfoAjax.java. The manipulation leads to sql injection. The attack can be launched remotely. Th...

CVE-2024-27489

An issue in the DelFile function of WMCMS v4.4 allows attackers to delete arbitrary files via a crafted POST request...

PT-2024-21919 · Wmcms · Wmcms

Name of the Vulnerable Software and Affected Versions: WMCMS version 4.4 Description: An issue in the DelFile function allows attackers to delete arbitrary files via a crafted POST request. Recommendations: For WMCMS version 4.4, consider disabling the DelFile function until a patch is available ...

CVE-2024-27489

An issue in the DelFile function of WMCMS v4.4 allows attackers to delete arbitrary files via a crafted POST request...

CVE-2024-27489

The CVE-2024-27489 issue affects WMCMS v4.4 and is tied to the DelFile() function, which allows an attacker to delete arbitrary files via a crafted POST request. Sources consistently describe the vulnerability as a file-deletion flaw in DelFile(), with confirmed references from Red Hat and NVD in...

PHPOK Arbitrary File Deletion Vulnerability

PHPOK is an enterprise building system that supports expansion. An arbitrary file deletion vulnerability exists in the 'delfilef' function in the framework/admin/tplcontrol.php file in PHPOK version 4.9.032. An attacker can exploit this vulnerability to delete arbitrary files...