Lucene search
K

56 matches found

CVE
CVE
added 2026/03/09 8:16 a.m.24 views

CVE-2025-41756

CVE-2025-41756 describes an arbitrary-file-write flaw exploitable by a low-privileged remote attacker via the ubr-editfile method of the undocumented wwwubr.cgi API endpoint. The vulnerability enables writing arbitrary files on the affected system, with CVSSv3.1 metrics indicating Network attack,...

8.1CVSS5.9AI score0.00326EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/03/09 8:15 a.m.31 views

CVE-2025-41754 Arbitrary Read with ubr-editfile

A low-privileged remote attacker can exploit the ubr-editfile method in wwwubr.cgi, an undocumented and unused API endpoint to read arbitrary files on the system...

6.5CVSS0.00334EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/09 8:15 a.m.4 views

CVE-2025-41754 Arbitrary Read with ubr-editfile

A low-privileged remote attacker can exploit the ubr-editfile method in wwwubr.cgi, an undocumented and unused API endpoint to read arbitrary files on the system...

6.5CVSS5.9AI score0.00334EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/09 8:15 a.m.3 views

CVE-2025-41754

A low-privileged remote attacker can exploit the ubr-editfile method in wwwubr.cgi, an undocumented and unused API endpoint to read arbitrary files on the system...

6.5CVSS5.9AI score0.00334EPSS
Exploits0References2
CVE
CVE
added 2026/03/09 8:15 a.m.8 views

CVE-2025-41754

CVE-2025-41754 describes a low-priv remote attack where an undocumented, unused API endpoint (wwwubr.cgi: ubr-editfile) allows reading arbitrary files on the system. The vulnerability arises from exposing an edit-file API without proper access controls, enabling read access via network. The CVSS ...

6.5CVSS5.9AI score0.00334EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/09 12:0 a.m.4 views

PT-2026-24024

A low-privileged remote attacker can exploit the ubr-editfile method in wwwubr.cgi, an undocumented and unused API endpoint to read arbitrary files on the system...

6.5CVSS5.9AI score0.00334EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/09 12:0 a.m.11 views

PT-2026-24026

Name of the Vulnerable Software and Affected Versions Versions prior to 2025-41756 Description A low-privileged remote attacker can exploit the ubr-editfile method in the /wwwubr.cgi API endpoint to write arbitrary files on the system. The /wwwubr.cgi endpoint is undocumented and unused...

8.1CVSS5.9AI score0.00326EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/03/09 12:0 a.m.7 views

MBS多款产品 安全漏洞

MBS UBR-01 Mk II, etc., are products of the German MBS company. MBS UBR-01 Mk II is a remote base station device. MBS UBR-02 is also a remote base station device. MBS UBR-LON is a communication interface device for industrial automation systems. Several MBS products have security vulnerabilities;...

8.1CVSS6AI score0.00326EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2020-11585

Malware in sbrugna...

5.4CVSS5.5AI score0.00562EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/08/07 12:0 a.m.2 views

FoxCMS 安全漏洞

FoxCMS is a free commercial open source content management system from China Qianxu FoxCMS company. A security vulnerability exists in FoxCMS 1.2.5 and earlier versions, which originates from a code execution vulnerability in admin/templatefile/editFile.html...

9.8CVSS7.4AI score0.0065EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/05/22 11:39 p.m.4 views

CVE-2022-41512

An arbitrary file upload vulnerability in the component /phpaction/editFile.php of Online Diagnostic Lab Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file...

7.2CVSS7.5AI score0.0095EPSS
Exploits1References1
OSV
OSV
added 2024/11/14 3:15 p.m.5 views

CVE-2024-11210

A vulnerability was found in EyouCMS 1.51. It has been rated as critical. This issue affects the function editFile of the file application/admin/logic/FilemanagerLogic.php. The manipulation of the argument activepath leads to path traversal. The attack may be initiated remotely. The exploit has...

5.4CVSS5.5AI score0.00622EPSS
Exploits1References4
CNNVD
CNNVD
added 2024/11/14 12:0 a.m.6 views

EyouCMS 路径遍历漏洞

EyouCMS is an open source content management system CMS based on ThinkPHP by China Eyou Eyou Company. A path traversal vulnerability exists in EyouCMS version 1.51, which originates from a path traversal issue in the activepath parameter of the editFile function on the...

5.5CVSS5.5AI score0.00622EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2024/11/14 12:0 a.m.6 views

PT-2024-16828 · Eyoucms · Eyoucms

Name of the Vulnerable Software and Affected Versions: EyouCMS version 1.51 Description: A critical issue affects the function editFile of the file application/admin/logic/FilemanagerLogic.php. The manipulation of the argument activepath leads to path traversal. The attack may be initiated...

5.5CVSS5.8AI score0.00622EPSS
Exploits1References10
Github Security Blog
Github Security Blog
added 2024/10/25 9:31 p.m.22 views

SQL injection in funadmin

Funadmin v5.0.2 has an arbitrary file read vulnerability in /curd/index/editfile...

7.5CVSS5.5AI score0.00644EPSS
Exploits1References3Affected Software1
Snyk
Snyk
added 2024/10/25 9:31 p.m.4 views

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection due to improper input sanitization via the editfile method in \controller\Index.php file . An attacker can execute arbitrary SQL commands by injecting malicious SQL code into the input parameters. Remediation There is no...

8.3CVSS8.7AI score0.00644EPSS
Exploits1References2
OSV
OSV
added 2024/10/25 9:31 p.m.14 views

GHSA-6J8F-88MH-R9VQ SQL injection in funadmin

Funadmin v5.0.2 has an arbitrary file read vulnerability in /curd/index/editfile...

8.7CVSS5.1AI score0.00644EPSS
Exploits1References3
NVD
NVD
added 2024/10/25 9:15 p.m.17 views

CVE-2024-48224

Funadmin v5.0.2 has an arbitrary file read vulnerability in /curd/index/editfile...

7.5CVSS0.00644EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/10/25 12:0 a.m.17 views

CVE-2024-48224

Funadmin v5.0.2 has an arbitrary file read vulnerability in /curd/index/editfile...

0.00644EPSS
Exploits1References1
CNNVD
CNNVD
added 2024/10/25 12:0 a.m.4 views

FunAdmin 安全漏洞

FunAdmin is FunAdmin open source a lightweight and high-color backend development system based on ThinkPHP6+Layui development. A security vulnerability exists in FunAdmin version 5.0.2, which originates from an arbitrary file read vulnerability in /curd/index/editfile...

7.5CVSS6.6AI score0.00644EPSS
Exploits1References1
Rows per page
Query Builder