7 matches found
EUVD-2015-9066
Malware in sbrugna...
EUVD-2020-2292
Malware in sbrugna...
EUVD-2022-46240
Malicious code in bioql PyPI...
CVE-2024-7864
The Favicon Generator CLOSED WordPress plugin before 2.1 does not have CSRF and path validation in the outputsubadminpage0 function, allowing attackers to make logged in admins delete arbitrary files on the server...
CVE-2024-6851 Arbitrary File Deletion in aimhubio/aim
In version 3.22.0 of aimhubio/aim, the LocalFileManager.cleanup function in the aim tracking server accepts a user-specified glob-pattern for deleting files. The function does not verify that the matched files are within the directory managed by LocalFileManager, allowing a maliciously crafted...
CVE-2023-23151
bloofoxCMS v0.5.2.1 was discovered to contain an arbitrary file deletion vulnerability via the component /include/inccontentmedia.php...
CVE-2019-16985
In FusionPBX up to v4.5.7, the file app\xmlcdr\xmlcdrdelete.php uses an unsanitized "rec" variable coming from the URL, which is base64 decoded and allows deletion of any file of the system...