40 matches found
CVE-2016-20081
HB Audio Gallery Lite 1.0.0 (WordPress) has a path traversal in audio-download.php via the file_path parameter that allows unauthenticated access to arbitrary files outside the gallery directory (e.g., wp-config.php). Root cause: inadequate validation of the file_path input. The connected documen...
CVE-2026-30996
An issue in the file handling logic of the component download.php of SAC-NFe v2.0.02 allows attackers to execute a directory traversal and read arbitrary files from the system via a crafted GET request...
CVE-2026-37266
An issue in Responsive File Manager Responsive FileManager Version 9.14.0 allows a remote attacker to execute arbitrary code via the forcedownload.php component...
EUVD-2018-21915
Navigate CMS 2.8.5 contains a path traversal vulnerability that allows authenticated users to download arbitrary files by injecting directory traversal sequences in the id parameter. Attackers can send GET requests to navigatedownload.php with path traversal payloads ../../../cfg/globals.php to...
CVE-2018-25393 Navigate CMS 2.8.5 Path Traversal via navigate_download.php
Navigate CMS 2.8.5 contains a path traversal vulnerability that allows authenticated users to download arbitrary files by injecting directory traversal sequences in the id parameter. Attackers can send GET requests to navigatedownload.php with path traversal payloads ../../../cfg/globals.php to...
PT-2026-44871
Navigate CMS 2.8.5 contains a path traversal vulnerability that allows authenticated users to download arbitrary files by injecting directory traversal sequences in the id parameter. Attackers can send GET requests to navigate download.php with path traversal payloads ../../../cfg/globals.php to...
CVE-2026-7132 code-projects Online Lot Reservation System download.php readfile path traversal
A vulnerability was found in code-projects Online Lot Reservation System up to 1.0. This affects the function readfile of the file /download.php. The manipulation of the argument File results in path traversal. It is possible to launch the attack remotely. The exploit has been made public and cou...
CVE-2026-7132 code-projects Online Lot Reservation System download.php readfile path traversal
A vulnerability was found in code-projects Online Lot Reservation System up to 1.0. This affects the function readfile of the file /download.php. The manipulation of the argument File results in path traversal. It is possible to launch the attack remotely. The exploit has been made public and cou...
CVE-2026-30996
An issue in the file handling logic of the component download.php of SAC-NFe v2.0.02 allows attackers to execute a directory traversal and read arbitrary files from the system via a crafted GET request...
CVE-2026-30996
An issue in the file handling logic of the component download.php of SAC-NFe v2.0.02 allows attackers to execute a directory traversal and read arbitrary files from the system via a crafted GET request...
CVE-2020-37088 School ERP Pro 1.0 - Arbitrary File Read
School ERP Pro 1.0 contains a file disclosure vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the 'document' parameter in download.php. Attackers can access sensitive configuration files by supplying directory traversal paths to retrieve system...
EUVD-2020-30989
School ERP Pro 1.0 contains a file disclosure vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the 'document' parameter in download.php. Attackers can access sensitive configuration files by supplying directory traversal paths to retrieve system...
Student File Management System download.php File SQL Injection Vulnerability
Student File Management System is a student file management system. A SQL injection vulnerability exists in Student File Management System due to mishandling of the istoreid parameter by an unknown function module in the /download.php file. An attacker can use this vulnerability to obtain or tamp...
CVE-2025-15205
A vulnerability was identified in code-projects Student File Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /download.php. The manipulation of the argument istoreid leads to sql injection. The attack can be initiated remotely. The exploit is publicly...
CVE-2025-15205 code-projects Student File Management System download.php sql injection
A vulnerability was identified in code-projects Student File Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /download.php. The manipulation of the argument istoreid leads to sql injection. The attack can be initiated remotely. The exploit is publicly...
CVE-2025-63950
An insecure deserialization vulnerability exists in the download.php script of the to3k Twittodon application through commit b1c58a7d1dc664b38deb486ca290779621342c0b 2023-02-28. The 'obj' parameter receives base64-encoded data that is passed directly to the unserialize function without validation...
CVE-2025-63950
An insecure deserialization vulnerability exists in the download.php script of the to3k Twittodon application through commit b1c58a7d1dc664b38deb486ca290779621342c0b 2023-02-28. The 'obj' parameter receives base64-encoded data that is passed directly to the unserialize function without validation...
CVE-2025-63950
The CVE describes an insecure deserialization vulnerability in the to3k Twittodon application, specifically in the download.php script where the obj parameter is base64-encoded data passed directly to unserialize() without validation. This allows a remote, unauthenticated attacker to inject arbit...
PT-2025-52346
Name of the Vulnerable Software and Affected Versions to3k Twittodon versions prior to commit b1c58a7d1dc664b38deb486ca290779621342c0b Description An insecure deserialization issue exists in the download.php script of the to3k Twittodon application. The obj parameter accepts base64-encoded data...
CVE-2025-11692 Zip Attachments <= 1.6 - Missing Authorization to Limited File Deletion
The Zip Attachments plugin for WordPress is vulnerable to unauthorized loss of data due to a missing authorization and capability checks on the download.php file in all versions up to, and including, 1.6. This makes it possible for unauthenticated attackers to delete arbitrary files from the...