6 matches found
EUVD-2026-27408
A vulnerability was found in chatchat-space Langchain-Chatchat up to 0.3.1.3. The affected element is the function getfileid of the file libs/chatchat-server/chatchat/server/apiserver/openairoutes.py of the component Uploaded File Handler. Performing a manipulation results in insufficiently rando...
CVE-2024-50617
Vulnerabilities in the File Download and Get File handler components in CIPPlanner CIPAce before 9.17 allow attackers to download unauthorized files. An authenticated user can easily change the file id parameter or pass the physical file path in the URL query string to retrieve the files. Retriev...
CVE-2025-13787
A flaw has been found in ZenTao up to 21.7.6-8564. The affected element is the function file::delete of the file module/file/control.php of the component File Handler. Executing manipulation of the argument fileID can lead to improper privilege management. It is possible to launch the attack...
PT-2025-48389
Name of the Vulnerable Software and Affected Versions ZenTao versions up to 21.7.6-8564 Description A flaw exists in ZenTao related to improper privilege management. The issue is located in the file::delete function within the module/file/control.php file of the File Handler component. Manipulati...
PT-2025-4031 · Embedai · Embedai
Name of the Vulnerable Software and Affected Versions: EmbedAI versions 2.1 and below Description: An Improper Access Control issue allows an authenticated attacker to obtain files stored by other users by modifying the FILE ID of the endpoint "/embedai/files/show/". Recommendations: For EmbedAI...
WisdomGarden Tronclass ilearn Security Breach
WisdomGarden Tronclass ilearn is a teaching platform from WisdomGarden. A security vulnerability exists in WisdomGarden Tronclass ilearn. The vulnerability stems from the uploading of files without proper privilege control, which allows a remote attacker to log in with general privileges, change...