CVE-2025-13198

A vulnerability has been found in DouPHP up to 1.8 Release 20251022. This impacts an unknown function of the file upload/include/file.class.php. The manipulation of the argument File leads to unrestricted upload. Remote exploitation of the attack is possible. The exploit has been disclosed to the...

CVE-2025-13198

CVE-2025-13198 affects DouPHP up to version 1.8 Release 20251022. The vulnerability is tied to the file upload/include/file.class.php component, where manipulation of the File argument enables unrestricted file uploads. This enables remote exploitation, with public disclosure of the exploit. Reme...

CVE-2025-13198 DouPHP file.class.php unrestricted upload

A vulnerability has been found in DouPHP up to 1.8 Release 20251022. This impacts an unknown function of the file upload/include/file.class.php. The manipulation of the argument File leads to unrestricted upload. Remote exploitation of the attack is possible. The exploit has been disclosed to the...

CVE-2021-27755

"Sametime Android potential path traversal vulnerability when using File class"...

CVE-2023-7212

A vulnerability classified as critical has been found in DeDeCMS up to 5.7.112. Affected is an unknown function of the file fileclass.php of the component Backend. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the...

CVE-2022-39224

Arr-pm is an RPM reader/writer library written in Ruby. Versions prior to 0.0.12 are subject to OS command injection resulting in shell execution if the RPM contains a malicious "payload compressor" field. This vulnerability impacts the extract and files methods of the RPM::File class of this...

PT-2022-5132 · Arr-Pm · Arr-Pm

Name of the Vulnerable Software and Affected Versions: Arr-pm versions prior to 0.0.12 Description: The issue is related to OS command injection, which can result in shell execution if an RPM contains a malicious payload compressor field. This impacts the extract and files methods of the RPM::Fil...

CVE-2021-27755

"Sametime Android potential path traversal vulnerability when using File class"...

CVE-2021-27755

"Sametime Android potential path traversal vulnerability when using File class"...

Path traversal

"Sametime Android potential path traversal vulnerability when using File class"...

CVE-2021-27755

"Sametime Android potential path traversal vulnerability when using File class"...

CVE-2021-27755

Technical details about CVE-2021-27755 are not publicly provided in the supplied documents. No affected products, root cause, or remediation are stated. Monitor for updates from vendors and security advisories.

PhpSpreadsheet 1.5.0 XXE vulnerability reproduction and analysis-vulnerability warning-the black bar safety net

0x01 introduction PhpSpreadsheet is a very popular pure PHP class library that allows you to easily read and write Excel, LibreOffic Calc and other spreadsheet file formats, is PHPExcel alternative. 2018 11 October 13, PhpSpreadsheet was broke presence of the XXE vulnerability, CVE-2018-19277, in...

Cross site request forgery (csrf)

An issue was discovered in the MULTIDOTS Woo Checkout for Digital Goods plugin 2.1 for WordPress. If an admin user can be tricked into visiting a crafted URL created by an attacker via spear phishing/social engineering, the attacker can change the plugin settings. The function...

CVE-2008-7252

libraries/File.class.php in phpMyAdmin 2.11.x before 2.11.10 uses predictable filenames for temporary files, which has unknown impact and attack vectors...