Lucene search
K

20 matches found

NVD
NVD
added 2026/05/17 1:16 p.m.10 views

CVE-2018-25329

WordPress Plugin WP with Spritz 1.0 contains a remote file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by injecting file paths into the url parameter. Attackers can send GET requests to wp.spritz.content.filter.php with malicious url values to access...

8.7CVSS0.00039EPSS
Exploits0References3
OSV
OSV
added 2026/05/12 2:59 p.m.3 views

GHSA-F84P-CVGM-XGJJ protobuf.js is Vulnerable to OS Command Injection in the CLI

Summary pbts invoked JSDoc by building a shell command string from input file paths and executing it through childprocess.exec. File paths containing shell metacharacters could therefore be interpreted by the shell instead of being passed to JSDoc as plain arguments. Impact An attacker who can...

7.8CVSS6AI score0.00022EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/04/07 11:1 p.m.2 views

CVE-2026-35021

Anthropic Claude Code CLI and Claude Agent SDK contain an OS command injection vulnerability in the prompt editor invocation utility that allows attackers to execute arbitrary commands by crafting malicious file paths. Attackers can inject shell metacharacters such as $ or backtick expressions in...

8.4CVSS6.2AI score0.00041EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.2 views

EUVD-2019-3197

Malware in sbrugna...

10CVSS9.4AI score0.00346EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/05/22 8:9 a.m.6 views

CVE-2019-11526

An issue was discovered in Softing uaGate SI 1.60.01. A maintenance script, that is executable via sudo, is vulnerable to file path injection. This enables the Attacker to write files with superuser privileges in specific locations...

10CVSS7.3AI score0.00346EPSS
Exploits1References1
NVD
NVD
added 2025/03/20 10:15 a.m.2 views

CVE-2024-7034

In open-webui version 0.3.8, the endpoint /models/upload is vulnerable to arbitrary file write due to improper handling of user-supplied filenames. The vulnerability arises from the usage of filepath = f"UPLOADDIR/file.filename" without proper input validation or sanitization. An attacker can...

7.2CVSS0.06729EPSS
Exploits1References1
Hacker One
Hacker One
added 2022/02/17 10:31 p.m.21 views

GitHub Security Lab: [Java]: CWE-073 - File path injection with the JFinal framework

This bug was reported directly to GitHub Security Lab...

1.3AI score
Exploits0
OSV
OSV
added 2020/04/16 7:15 p.m.3 views

CVE-2020-11819

In Rukovoditel 2.5.2, an attacker may inject an arbitrary .php file location instead of a language file and thus achieve command execution...

9.8CVSS7.4AI score0.27004EPSS
Exploits4References1
NVD
NVD
added 2019/10/10 7:15 p.m.10 views

CVE-2019-11526

An issue was discovered in Softing uaGate SI 1.60.01. A maintenance script, that is executable via sudo, is vulnerable to file path injection. This enables the Attacker to write files with superuser privileges in specific locations...

10CVSS9.6AI score0.00346EPSS
Exploits1References1
Prion
Prion
added 2019/10/10 7:15 p.m.12 views

Path traversal

An issue was discovered in Softing uaGate SI 1.60.01. A maintenance script, that is executable via sudo, is vulnerable to file path injection. This enables the Attacker to write files with superuser privileges in specific locations...

10CVSS9.5AI score0.00346EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2019/10/10 6:48 p.m.9 views

CVE-2019-11526

An issue was discovered in Softing uaGate SI 1.60.01. A maintenance script, that is executable via sudo, is vulnerable to file path injection. This enables the Attacker to write files with superuser privileges in specific locations...

9.7AI score0.00346EPSS
Exploits1References1
CVE
CVE
added 2019/10/10 6:48 p.m.97 views

CVE-2019-11526

Softing uaGate SI 1.60.01 contains a privilege-elevation issue in its maintenance script that runs via sudo. The maintenance script is vulnerable to file path injection, allowing an attacker to write files with superuser privileges in specific locations. This CVE (CVE-2019-11526) is documented ac...

10CVSS9.5AI score0.00346EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2018/01/03 8:29 p.m.0 views

DEBIAN-CVE-2017-1000472

The ZipCommon::isValidPath function in Zip/src/ZipCommon.cpp in POCO C++ Libraries before 1.8 does not properly restrict the filename value in the ZIP header, which allows attackers to conduct absolute path traversal attacks during the ZIP decompression, and possibly create or overwrite arbitrary...

6.5CVSS7AI score0.0046EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2018/01/03 12:0 a.m.6 views

PT-2018-5238 · Poco +1 · Poco C++ Libraries +1

Name of the Vulnerable Software and Affected Versions: POCO C++ Libraries versions prior to 1.8 Description: The issue concerns a "file path injection vulnerability" in the ZipCommon::isValidPath function, which does not properly restrict the filename value in the ZIP header. This allows attacker...

9.8CVSS7.5AI score0.0046EPSS
Exploits2References22
Tenable Nessus
Tenable Nessus
added 2013/09/04 12:0 a.m.43 views

Amazon Linux AMI : php (ALAS-2011-07)

The MITRE CVE database describes these CVEs as : Revert isa behavior to php = 5.3.6 and add a new new option allowstring for the new behavior accept string and raise autoload if needed Use-after-free vulnerability in the substrreplace function in PHP 5.3.6 and earlier allows context-dependent...

7.5CVSS9.1AI score0.36532EPSS
Exploits17References9
Tenable Nessus
Tenable Nessus
added 2012/01/31 12:0 a.m.49 views

RHEL 4 : php (RHSA-2012:0071)

The remote Redhat Enterprise Linux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2012:0071 advisory. - php: buffer over-read in Exif extension CVE-2011-0708 - php: Crash by converting serial day numbers SDN into Julian calendar CVE-2011-1466...

6.4CVSS8.8AI score0.86573EPSS
Exploits21References13
Tenable Nessus
Tenable Nessus
added 2011/09/12 12:0 a.m.53 views

Fedora 16 : maniadrive-1.2-32.fc16 / php-5.3.8-1.fc16 / php-eaccelerator-0.9.6.1-9.fc16 (2011-11464)

Security Enhancements and Fixes : - Updated cryptblowfish to 1.2. CVE-2011-2483 - Fixed crash in errorlog. Reported by Mateusz Kocielski - Fixed buffer overflow on overlog salt in crypt. - Fixed bug 54939 File path injection vulnerability in RFC1867 File upload filename. Reported by Krzysztof...

7.5CVSS8.4AI score0.36532EPSS
Exploits16References16
securityvulns
securityvulns
added 2011/08/27 12:0 a.m.197 views

[slackware-security] php (SSA:2011-237-01)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 slackware-security php SSA:2011-237-01 New php packages are available for Slackware 11.0, 12.0, 12.1, 12.2, 13.0, 13.1, 13.37, and -current to fix security issues. Here are the details from the Slackware 13.37 ChangeLog: +--------------------------+...

7.5CVSS9AI score0.36532EPSS
Exploits15
FreeBSD
FreeBSD
added 2011/08/18 12:0 a.m.61 views

php -- multiple vulnerabilities

PHP development team reports: Security Enhancements and Fixes in PHP 5.3.7: Updated cryptblowfish to 1.2. CVE-2011-2483 Fixed crash in errorlog. Reported by Mateusz Kocielski Fixed buffer overflow on overlog salt in crypt. Fixed bug 54939 File path injection vulnerability in RFC1867 File upload...

7.5CVSS7.7AI score0.36532EPSS
Exploits15
Prion
Prion
added 2011/06/16 11:55 p.m.17 views

Path traversal

The rfc1867posthandler function in main/rfc1867.c in PHP before 5.3.7 does not properly restrict filenames in multipart/form-data POST requests, which allows remote attackers to conduct absolute path traversal attacks, and possibly create or overwrite arbitrary files, via a crafted upload request...

6.4CVSS7.5AI score0.11671EPSS
Exploits1References21Affected Software1
Rows per page
Query Builder