56 matches found
CVE-2025-41756
CVE-2025-41756 describes an arbitrary-file-write flaw exploitable by a low-privileged remote attacker via the ubr-editfile method of the undocumented wwwubr.cgi API endpoint. The vulnerability enables writing arbitrary files on the affected system, with CVSSv3.1 metrics indicating Network attack,...
CVE-2025-41754 Arbitrary Read with ubr-editfile
A low-privileged remote attacker can exploit the ubr-editfile method in wwwubr.cgi, an undocumented and unused API endpoint to read arbitrary files on the system...
CVE-2025-41754 Arbitrary Read with ubr-editfile
A low-privileged remote attacker can exploit the ubr-editfile method in wwwubr.cgi, an undocumented and unused API endpoint to read arbitrary files on the system...
CVE-2025-41754
A low-privileged remote attacker can exploit the ubr-editfile method in wwwubr.cgi, an undocumented and unused API endpoint to read arbitrary files on the system...
CVE-2025-41754
CVE-2025-41754 describes a low-priv remote attack where an undocumented, unused API endpoint (wwwubr.cgi: ubr-editfile) allows reading arbitrary files on the system. The vulnerability arises from exposing an edit-file API without proper access controls, enabling read access via network. The CVSS ...
PT-2026-24024
A low-privileged remote attacker can exploit the ubr-editfile method in wwwubr.cgi, an undocumented and unused API endpoint to read arbitrary files on the system...
PT-2026-24026
Name of the Vulnerable Software and Affected Versions Versions prior to 2025-41756 Description A low-privileged remote attacker can exploit the ubr-editfile method in the /wwwubr.cgi API endpoint to write arbitrary files on the system. The /wwwubr.cgi endpoint is undocumented and unused...
MBS多款产品 安全漏洞
MBS UBR-01 Mk II, etc., are products of the German MBS company. MBS UBR-01 Mk II is a remote base station device. MBS UBR-02 is also a remote base station device. MBS UBR-LON is a communication interface device for industrial automation systems. Several MBS products have security vulnerabilities;...
EUVD-2020-11585
Malware in sbrugna...
FoxCMS 安全漏洞
FoxCMS is a free commercial open source content management system from China Qianxu FoxCMS company. A security vulnerability exists in FoxCMS 1.2.5 and earlier versions, which originates from a code execution vulnerability in admin/templatefile/editFile.html...
CVE-2022-41512
An arbitrary file upload vulnerability in the component /phpaction/editFile.php of Online Diagnostic Lab Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file...
CVE-2024-11210
A vulnerability was found in EyouCMS 1.51. It has been rated as critical. This issue affects the function editFile of the file application/admin/logic/FilemanagerLogic.php. The manipulation of the argument activepath leads to path traversal. The attack may be initiated remotely. The exploit has...
EyouCMS 路径遍历漏洞
EyouCMS is an open source content management system CMS based on ThinkPHP by China Eyou Eyou Company. A path traversal vulnerability exists in EyouCMS version 1.51, which originates from a path traversal issue in the activepath parameter of the editFile function on the...
PT-2024-16828 · Eyoucms · Eyoucms
Name of the Vulnerable Software and Affected Versions: EyouCMS version 1.51 Description: A critical issue affects the function editFile of the file application/admin/logic/FilemanagerLogic.php. The manipulation of the argument activepath leads to path traversal. The attack may be initiated...
SQL injection in funadmin
Funadmin v5.0.2 has an arbitrary file read vulnerability in /curd/index/editfile...
SQL Injection
Overview Affected versions of this package are vulnerable to SQL Injection due to improper input sanitization via the editfile method in \controller\Index.php file . An attacker can execute arbitrary SQL commands by injecting malicious SQL code into the input parameters. Remediation There is no...
GHSA-6J8F-88MH-R9VQ SQL injection in funadmin
Funadmin v5.0.2 has an arbitrary file read vulnerability in /curd/index/editfile...
CVE-2024-48224
Funadmin v5.0.2 has an arbitrary file read vulnerability in /curd/index/editfile...
CVE-2024-48224
Funadmin v5.0.2 has an arbitrary file read vulnerability in /curd/index/editfile...
FunAdmin 安全漏洞
FunAdmin is FunAdmin open source a lightweight and high-color backend development system based on ThinkPHP6+Layui development. A security vulnerability exists in FunAdmin version 5.0.2, which originates from an arbitrary file read vulnerability in /curd/index/editfile...