55 matches found
CVE-2024-48224
Funadmin v5.0.2 has an arbitrary file read vulnerability in /curd/index/editfile...
CVE-2024-48224
Funadmin v5.0.2 has an arbitrary file read vulnerability in the /curd/index/editfile endpoint. The issue is documented across multiple sources (NVD entry CVE-2024-48224 and Red Hat, Veracode, OSV, Snyk, GHSA advisories, CNNVD, PT Security) and is consistently described as an arbitrary file read/l...
FunAdmin 安全漏洞
FunAdmin is FunAdmin open source a lightweight and high-color backend development system based on ThinkPHP6+Layui development. A security vulnerability exists in FunAdmin version 5.0.2, which originates from an arbitrary file read vulnerability in /curd/index/editfile...
CVE-2022-43277
Canteen Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via ip/youthappam/phpaction/editFile.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file...
PT-2022-26823 · Unknown · Canteen Management System
Name of the Vulnerable Software and Affected Versions: Canteen Management System version 1.0 Description: The issue allows attackers to execute arbitrary code via a crafted PHP file, exploiting an arbitrary file upload vulnerability. This is achievable through the "ip/youthappam/php...
CVE-2022-41512
An arbitrary file upload vulnerability in the component /phpaction/editFile.php of Online Diagnostic Lab Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file...
CVE-2020-19683
A Cross Site Scripting XSS exists in ZZZCMS V1.7.1 via an editfile action in save.php...
CVE-2020-19683
A Cross Site Scripting XSS exists in ZZZCMS V1.7.1 via an editfile action in save.php...
Cross site scripting
A Cross Site Scripting XSS exists in ZZZCMS V1.7.1 via an editfile action in save.php...
ZZCMS 跨站脚本漏洞
ZZZCMS is a content management system CMS from the ZZZCMS team in China. ZZZCMS suffers from a cross-site scripting vulnerability that stems from a lack of data validation filtering of user-supplied and output data in the editfile action of /adminxxx/save.php. An attacker could exploit the...
Jfinal CMS 路径遍历漏洞
Jfinal CMS is a powerful information consulting website developed in java, using JFinal as the web framework, template engine with beetl, database with mysql, front-end bootstrap framework. jfinal CMS 4.7.1 and earlier versions have improper access control vulnerabilities. An attacker could use t...
CVE-2019-9182
There is a CSRF in ZZZCMS zzzphp V1.6.1 via a /admin015/save.php?act=editfile request. It allows PHP code injection by providing a filename in the file parameter, and providing file content in the filetext parameter...
OMRON CX-Supervisor sr3 File Parsing EditFile API Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of OMRON CX-Supervisor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing ...
zzzcms V1.5.7 php official version of the back-end code execution vulnerabilities exist
zzcms is a free and open source building system, mainly facing the majority of webmasters to use. zzzcms V1.5.7 php official version of the background sa.php file editfile function there is a code execution vulnerability, an attacker can take advantage of the vulnerability to execute arbitrary co...
CVE-2015-1053
Cross-site scripting XSS vulnerability in the administrative backend in Croogo before 2.2.1 allows remote attackers to inject arbitrary web script or HTML via the path parameter to admin/filemanager/filemanager/editfile...