GHSA-44C2-3RW4-5GVH PraisonAI Has SSRF in FileTools.download_file() via Unvalidated URL

Summary FileTools.downloadfile in praisonaiagents validates the destination path but performs no validation on the url parameter, passing it directly to httpx.stream with followredirects=True. An attacker who controls the URL can reach any host accessible from the server including cloud metadata...

WordPress Order Export & Order Import for WooCommerce plugin <= 2.6.0 - Directory Traversal to Authenticated (Administrator+) Limited Arbitrary File Read via download_file Function vulnerability

Directory Traversal to Authenticated Administrator+ Limited Arbitrary File Read via downloadfile Function vulnerability discovered by HayMiz in WordPress Plugin Order Export & Order Import for WooCommerce versions = 2.6.0...

CVE-2020-36825 cyberaz0r WebRAT api.php download_file unrestricted upload

UNSUPPORTED WHEN ASSIGNED DISPUTED A vulnerability has been found in cyberaz0r WebRAT up to 20191222 and classified as critical. This vulnerability affects the function downloadfile of the file Server/api.php. The manipulation of the argument name leads to unrestricted upload. The attack can be...

CVE-2020-36825 cyberaz0r WebRAT api.php download_file unrestricted upload

UNSUPPORTED WHEN ASSIGNED DISPUTED A vulnerability has been found in cyberaz0r WebRAT up to 20191222 and classified as critical. This vulnerability affects the function downloadfile of the file Server/api.php. The manipulation of the argument name leads to unrestricted upload. The attack can be...

CVE-2019-6273

downloadfile in GL.iNet GL-AR300M-Lite devices with firmware 2.27 allows remote attackers to download arbitrary files...

CVE-2019-6273

downloadfile in GL.iNet GL-AR300M-Lite devices with firmware 2.27 allows remote attackers to download arbitrary files...

Code injection

downloadfile in GL.iNet GL-AR300M-Lite devices with firmware 2.27 allows remote attackers to download arbitrary files...

CVE-2019-6273

CVE-2019-6273 affects GL.iNet GL-AR300M-Lite devices running firmware 2.27. Affected component: download_file handling in the device’s UI/ CGI flow. Root cause and exact code path are not detailed in the provided documents, but multiple sources describe an arbitrary file download vulnerability, w...

CVE-2019-6273

downloadfile in GL.iNet GL-AR300M-Lite devices with firmware 2.27 allows remote attackers to download arbitrary files...

CVE-2014-5108

Affected software: concrete5

CVE-2014-5108

Cross-site scripting XSS vulnerability in singlepages\downloadfile.php in concrete5 before 5.6.3 allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header to index.php/downloadfile...