EUVD-2026-14239

A security flaw has been discovered in PbootCMS up to 3.2.12. This affects an unknown function of the file core/function/file.php of the component File Upload. The manipulation of the argument black results in incomplete blacklist. The attack may be launched remotely. The exploit has been release...

CVE-2026-4509 PbootCMS File Upload file.php incomplete blacklist

A security flaw has been discovered in PbootCMS up to 3.2.12. This affects an unknown function of the file core/function/file.php of the component File Upload. The manipulation of the argument black results in incomplete blacklist. The attack may be launched remotely. The exploit has been release...

PT-2026-7091

A vulnerability has been found in DouPHP up to 1.9. This issue affects some unknown processing of the file /admin/file.php of the component ZIP File Handler. Such manipulation of the argument sql filename leads to unrestricted upload. The attack can be launched remotely. The exploit has been...

EUVD-2025-206088

A security vulnerability has been detected in Kohana KodiCMS up to 13.82.135. This impacts the function Save of the file cms/modules/kodicms/classes/kodicms/model/file.php of the component Layout API Endpoint. The manipulation of the argument content leads to code injection. The attack can be...

ThinkPHP 安全漏洞

ThinkPHP is a PHP-based, open-source, lightweight web application development framework from China Top Thinking Information Technology ThinkPHP. A security vulnerability exists in ThinkPHP version 5.0.24, which originates from a remote code execution vulnerability in the read function in the file...

EUVD-2007-5755

Malware in sbrugna...

EUVD-2007-4789

Malware in sbrugna...

EUVD-2025-13385

Malicious code in bioql PyPI...

EUVD-2024-43118

Malicious code in bioql PyPI...

EUVD-2024-16137

Malicious code in bioql PyPI...

CVE-2025-11136 YiFang CMS Backend File.php webUploader unrestricted upload

A flaw has been found in YiFang CMS up to 2.0.2. The impacted element is the function webUploader of the file app/app/controller/File.php of the component Backend. Executing manipulation of the argument uploadpath can lead to unrestricted upload. The attack can be launched remotely. The exploit h...

CVE-2025-11136

YiFang CMS up to version 2.0.2 contains a flaw in the Backend component where the webUploader function (file: app/app/controller/File.php) mishandles the uploadpath parameter, enabling unrestricted file uploads. The vulnerability can be exploited remotely, and the exploit has been published. Affe...

PT-2025-39804

Name of the Vulnerable Software and Affected Versions YiFang CMS versions up to 2.0.2 Description A flaw exists in YiFang CMS that allows for unrestricted file uploads. This is due to manipulation of the uploadpath argument within the webUploader function located in the app/app/controller/File.ph...

CVE-2025-4305

A vulnerability has been found in kefaming mayi up to 1.3.9 and classified as critical. This vulnerability affects the function Upload of the file app/tools/controller/File.php. The manipulation of the argument File leads to unrestricted upload. The attack can be initiated remotely. The exploit h...

CVE-2025-4305 kefaming mayi File.php upload unrestricted upload

A vulnerability has been found in kefaming mayi up to 1.3.9 and classified as critical. This vulnerability affects the function Upload of the file app/tools/controller/File.php. The manipulation of the argument File leads to unrestricted upload. The attack can be initiated remotely. The exploit h...

CVE-2024-48824

An issue in Automatic Systems Maintenance SlimLane 29565d74ecce0c1081d50546db573a499941b10799fb7 allows a remote attacker to obtain sensitive information via the Racine & FileName parameters in the download-file.php component...

CVE-2024-48824

Affected software: Automatic Systems Maintenance SlimLane (SlimLane 29565_d74ecce0c1081d50546db573a499941b10799fb7). Vulnerability: Information disclosure via the Racine and FileName parameters in the download-file.php component, allowing a remote attacker to obtain sensitive data. Impact context...

CVE-2024-9293 skyselang yylAdmin Backend File.php list sql injection

A vulnerability classified as critical was found in skyselang yylAdmin up to 3.0. Affected by this vulnerability is the function list of the file /app/admin/controller/file/File.php of the component Backend. The manipulation of the argument isdisable leads to sql injection. The attack can be...

CVE-2024-9293 skyselang yylAdmin Backend File.php list sql injection

A vulnerability classified as critical was found in skyselang yylAdmin up to 3.0. Affected by this vulnerability is the function list of the file /app/admin/controller/file/File.php of the component Backend. The manipulation of the argument isdisable leads to sql injection. The attack can be...

yylAdmin SQL注入漏洞

yylAdmin is a minimalist backend management system based on ThinkPHP8 and Vue3 by skyselang individual developer. SQL injection vulnerability exists in yylAdmin 3.0 and earlier versions, the vulnerability stems from the parameter isdisable in the file /app/admin/controller/file/File.php which can...