CVE-2025-41754

CVE-2025-41754 describes a low-priv remote attack where an undocumented, unused API endpoint (wwwubr.cgi: ubr-editfile) allows reading arbitrary files on the system. The vulnerability arises from exposing an edit-file API without proper access controls, enabling read access via network. The CVSS ...

CVE-2025-41754 Arbitrary Read with ubr-editfile

A low-privileged remote attacker can exploit the ubr-editfile method in wwwubr.cgi, an undocumented and unused API endpoint to read arbitrary files on the system...

CVE-2025-41754 Arbitrary Read with ubr-editfile

A low-privileged remote attacker can exploit the ubr-editfile method in wwwubr.cgi, an undocumented and unused API endpoint to read arbitrary files on the system...

CVE-2025-41754

A low-privileged remote attacker can exploit the ubr-editfile method in wwwubr.cgi, an undocumented and unused API endpoint to read arbitrary files on the system...

PT-2026-24026

Name of the Vulnerable Software and Affected Versions Versions prior to 2025-41756 Description A low-privileged remote attacker can exploit the ubr-editfile method in the /wwwubr.cgi API endpoint to write arbitrary files on the system. The /wwwubr.cgi endpoint is undocumented and unused...

PT-2026-24024

A low-privileged remote attacker can exploit the ubr-editfile method in wwwubr.cgi, an undocumented and unused API endpoint to read arbitrary files on the system...

MBS多款产品 安全漏洞

MBS UBR-01 Mk II, etc., are products of the German MBS company. MBS UBR-01 Mk II is a remote base station device. MBS UBR-02 is also a remote base station device. MBS UBR-LON is a communication interface device for industrial automation systems. Several MBS products have security vulnerabilities;...

EUVD-2020-11585

Malware in sbrugna...

FoxCMS 安全漏洞

FoxCMS is a free commercial open source content management system from China Qianxu FoxCMS company. A security vulnerability exists in FoxCMS 1.2.5 and earlier versions, which originates from a code execution vulnerability in admin/templatefile/editFile.html...

CVE-2022-41512

An arbitrary file upload vulnerability in the component /phpaction/editFile.php of Online Diagnostic Lab Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file...

CVE-2024-11210

A vulnerability was found in EyouCMS 1.51. It has been rated as critical. This issue affects the function editFile of the file application/admin/logic/FilemanagerLogic.php. The manipulation of the argument activepath leads to path traversal. The attack may be initiated remotely. The exploit has...

PT-2024-16828 · Eyoucms · Eyoucms

Name of the Vulnerable Software and Affected Versions: EyouCMS version 1.51 Description: A critical issue affects the function editFile of the file application/admin/logic/FilemanagerLogic.php. The manipulation of the argument activepath leads to path traversal. The attack may be initiated...

EyouCMS 路径遍历漏洞

EyouCMS is an open source content management system CMS based on ThinkPHP by China Eyou Eyou Company. A path traversal vulnerability exists in EyouCMS version 1.51, which originates from a path traversal issue in the activepath parameter of the editFile function on the...

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection due to improper input sanitization via the editfile method in \controller\Index.php file . An attacker can execute arbitrary SQL commands by injecting malicious SQL code into the input parameters. Remediation There is no...

GHSA-6J8F-88MH-R9VQ SQL injection in funadmin

Funadmin v5.0.2 has an arbitrary file read vulnerability in /curd/index/editfile...

SQL injection in funadmin

Funadmin v5.0.2 has an arbitrary file read vulnerability in /curd/index/editfile...

CVE-2024-48224

Funadmin v5.0.2 has an arbitrary file read vulnerability in /curd/index/editfile...

CVE-2024-48224

Funadmin v5.0.2 has an arbitrary file read vulnerability in /curd/index/editfile...

PT-2024-33034 · Funadmin · Funadmin

Name of the Vulnerable Software and Affected Versions: Funadmin version 5.0.2 Description: The issue is related to an arbitrary file read vulnerability. It affects the /curd/index/editfile endpoint. There is no information provided about the estimated number of potentially affected devices...

CVE-2024-48224

Funadmin v5.0.2 has an arbitrary file read vulnerability in /curd/index/editfile...