CVE-2026-2226 DouPHP ZIP File file.php unrestricted upload

A vulnerability has been found in DouPHP up to 1.9. This issue affects some unknown processing of the file /admin/file.php of the component ZIP File Handler. Such manipulation of the argument sqlfilename leads to unrestricted upload. The attack can be launched remotely. The exploit has been...

CVE-2026-2226

CVE-2026-2226 affects DouPHP up to 1.9, targeting the ZIP File Handler component. The issue arises from manipulating the argument sql_filename in the file /admin/file.php, leading to unrestricted upload. The vulnerability can be exploited remotely, and the exploit has been disclosed publicly. The...

CVE-2025-15404

A security vulnerability has been detected in campcodes School File Management System 1.0. The affected element is an unknown function of the file /savefile.php. The manipulation of the argument File leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclose...

CVE-2021-47729

Selea Targa IP OCR-ANPR Camera contains a stored cross-site scripting vulnerability in the 'fileslist' parameter that allows attackers to inject malicious HTML and script code. Attackers can send a POST request to /cgi-bin/getfile.php with crafted payload to execute arbitrary scripts in victim's...

PT-2025-50248

Name of the Vulnerable Software and Affected Versions Selea Targa IP OCR-ANPR Camera affected versions not specified Description The Selea Targa IP OCR-ANPR Camera contains a stored cross-site scripting issue in the files list parameter. This allows attackers to inject malicious HTML and script...

EUVD-2014-3488

Malicious code in bioql PyPI...

CVE-2025-10480

A weakness has been identified in SourceCodester Online Student File Management System 1.0. This affects an unknown function of the file /savefile.php. Executing manipulation can lead to unrestricted upload. The attack may be launched remotely. The exploit has been made available to the public an...

CVE-2025-10481 SourceCodester Online Student File Management System remove_file.php sql injection

A security vulnerability has been detected in SourceCodester Online Student File Management System 1.0. This impacts an unknown function of the file /removefile.php. The manipulation of the argument ID leads to sql injection. Remote exploitation of the attack is possible. The exploit has been...

CVE-2025-5213

A vulnerability was found in projectworlds Responsive E-Learning System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/deletefile.php. The manipulation of the argument ID leads to sql injection. The attack can be launched...

CVE-2024-2620

A vulnerability has been found in Fujian Kelixin Communication Command and Dispatch Platform up to 20240318 and classified as critical. Affected by this vulnerability is an unknown functionality of the file api/client/downfile.php. The manipulation of the argument uuid leads to sql injection. The...

CVE-2024-0945

A vulnerability classified as critical has been found in 60IndexPage up to 1.8.5. This affects an unknown part of the file /include/file.php of the component Parameter Handler. The manipulation of the argument url leads to server-side request forgery. It is possible to initiate the attack remotel...

Arbitrary file deletion vulnerability of Co***.cl***.php file in the blue style background of NetShow's Chinese and English foreign trade websites

NetShow Chinese and English foreign trade website blue style is a website management system. There is an arbitrary file deletion vulnerability in the Co.cl.php file in the backend of the blue style of the Nethub Sino-British foreign trade website. An attacker can exploit this vulnerability to...

iStArtApp FileXChange 6.2 Command Injection / LFI / File Upload

Document Title: =============== iStArtApp FileXChange v6.2 iOS - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1237 Release Date: ============= 2014-03-26 Vulnerability Laboratory ID VL-ID:...

CVE-2012-1471

Directory traversal vulnerability in cataloguefile.php in ocPortal before 7.1.6 allows remote attackers to read arbitrary files via a .. dot dot in the file parameter...

PHPizabi 0.848b C1 HFP1-3 - Arbitrary File Upload

date"U"-300 43. 44. fnc"laneMakeToken", "file", $GET"id", array 45. "user.username" = me"username", 46. "file" = "system/cache/temp/".$filename, 47. ; 48. PHPizabi is prone to a vulnerability that lets remote attackers to upload and execute arbitrary script code...

PT-2005-4742 · Sapid · Sapid Cms

Name of the Vulnerable Software and Affected Versions: SAPID CMS versions prior to 1.2.3.03 Description: The issue allows remote attackers to bypass authentication by making direct requests to certain files, including insert file.php, insert image.php, insert link.php, insert qcfile.php, and...