PT-2025-49259

Name of the Vulnerable Software and Affected Versions zdh web versions through 5.6.17 Description zdh web is a data collection, processing, monitoring, scheduling, and management platform. Insufficient validation of file upload paths allows an authenticated user to write arbitrary files to the...

Gradio < 4.19.2 Vulnerability - CVE-2024-1728

The version of Gradio installed on the remote host is prior to 4.19.2. It is, therefore, affected by a local file inclusion vulnerability due to improper validation of user-supplied input in the UploadButton component. Attackers can exploit this vulnerability to read arbitrary files on the...

Duplicate Advisory: Gradio Local File Inclusion vulnerability

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-m842-4qm8-7gpq. This link is maintained to preserve external references. Original Description gradio-app/gradio is vulnerable to a local file inclusion vulnerability due to improper validation of user-supplied...

CVE-2024-1728

gradio-app/gradio is vulnerable to a local file inclusion vulnerability due to improper validation of user-supplied input in the UploadButton component. Attackers can exploit this vulnerability to read arbitrary files on the filesystem, such as private SSH keys, by manipulating the file path in t...

CVE-2024-1728 Local File Inclusion in gradio-app/gradio

gradio-app/gradio is vulnerable to a local file inclusion vulnerability due to improper validation of user-supplied input in the UploadButton component. Attackers can exploit this vulnerability to read arbitrary files on the filesystem, such as private SSH keys, by manipulating the file path in t...

CVE-2024-1728 Local File Inclusion in gradio-app/gradio

gradio-app/gradio is vulnerable to a local file inclusion vulnerability due to improper validation of user-supplied input in the UploadButton component. Attackers can exploit this vulnerability to read arbitrary files on the filesystem, such as private SSH keys, by manipulating the file path in t...

CVE-2024-1728

Gradio has a local file inclusion/path traversal vulnerability in the UploadButton component (affecting Gradio prior to 4.19.2). Attackers could read arbitrary files on the host (e.g., private keys) by manipulating the file path in requests to /queue/join, with potential remote code execution ris...

WordPress和Fancy Product Designer 代码问题漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports personal blog sites on PHP and MySQL servers. A code issue exists in the WordPress plugin Fancy Product Designer, which originates from "wp-admin" or...