Lucene search
+L

68 matches found

CNNVD
CNNVD
added 2025/07/19 12:0 a.m.3 views

WordPress plugin GI-Media Library 路径遍历漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A path traversal...

7.5CVSS6.7AI score0.02041EPSS
Exploits0References8
CNNVD
CNNVD
added 2025/06/24 12:0 a.m.4 views

Seeyon Zhiyuan OA 安全漏洞

Seeyon Zhiyuan OA Zhiyuan OA is a collaboration management software from China's Seeyon. A security vulnerability exists in Seeyon Zhiyuan OA, which originates from insufficient validation of the realFileType and fileId parameters in the wpsAssistServlet interface, resulting in arbitrary file...

10CVSS6.6AI score0.1438EPSS
Exploits3References6
RedhatCVE
RedhatCVE
added 2025/05/23 2:33 a.m.8 views

CVE-2023-1501

A vulnerability, which was classified as critical, was found in RockOA 2.3.2. This affects the function runAction of the file acloudCosAction.php.SQL. The manipulation of the argument fileid leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclos...

8.8CVSS7.3AI score0.00883EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:34 p.m.9 views

CVE-2020-27180

konzept-ix publiXone before 2020.015 allows attackers to download files by iterating over the IXCopy fileID parameter...

7.5CVSS6.9AI score0.01219EPSS
Exploits0
Cvelist
Cvelist
added 2025/03/20 10:9 a.m.11 views

CVE-2024-12580 Logs Debug Injection in danny-avila/librechat

A vulnerability in danny-avila/librechat prior to version 0.7.6 allows for logs debug injection. The parameters sessionId, fileId, userId, and fileid in the /code/download/:sessionId/:fileId and /download/:userId/:fileid APIs are not validated or filtered, leading to potential log injection...

4.3CVSS0.00458EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/02/17 1:28 p.m.13 views

CVE-2025-0822

Bit Assist plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.5.2 via the fileID Parameter. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read the contents of arbitrary files on the server, which can contai...

6.5CVSS9.1AI score0.00615EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/02/17 10:2 a.m.6 views

WordPress Bit Assist plugin <= 1.5.2 - Path Traversal to Authenticated (Subscriber+) Arbitrary File Read via fileID Parameter vulnerability

Path Traversal to Authenticated Subscriber+ Arbitrary File Read via fileID Parameter vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin Bit Assist versions = 1.5.2...

6.5CVSS7AI score0.00615EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2025/02/15 1:15 p.m.4 views

CVE-2025-0822

Bit Assist plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.5.2 via the fileID Parameter. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read the contents of arbitrary files on the server, which can contai...

6.5CVSS5.9AI score0.00615EPSS
Exploits0References4
OSV
OSV
added 2024/10/31 9:15 p.m.4 views

CVE-2024-10594

A vulnerability was found in ESAFENET CDG 5. It has been classified as critical. Affected is the function docHistory of the file /com/esafenet/servlet/fileManagement/FileDirectoryService.java. The manipulation of the argument fileId leads to sql injection. It is possible to launch the attack...

8.8CVSS5.7AI score0.00543EPSS
Exploits1References4
CNNVD
CNNVD
added 2024/10/31 12:0 a.m.2 views

EsafeNet CDG SQL注入漏洞

EsafeNet CDG is a document security management system from EsafeNet. A SQL injection vulnerability exists in EsafeNet CDG, which stems from an incorrect manipulation of the parameter fileId that can lead to sql injection...

8.8CVSS7.2AI score0.00543EPSS
Exploits1References4
CNNVD
CNNVD
added 2024/10/05 12:0 a.m.6 views

EsafeNet CDG SQL注入漏洞

EsafeNet CDG is a document security management system from EsafeNet. A SQL injection vulnerability exists in ESAFENET CDG V5, which originates from the fileId parameter of file/MultiServerBackService?path=1 that can lead to SQL injection...

9.8CVSS8AI score0.00639EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2024/10/05 12:0 a.m.8 views

PT-2024-39682 · Unknown · Esafenet Cdg

Name of the Vulnerable Software and Affected Versions: ESAFENET CDG V5 Description: A critical issue affects an unknown functionality of the file /MultiServerBackService?path=1. The manipulation of the fileId argument leads to SQL injection. The attack may be launched remotely. The exploit has be...

9.8CVSS6.8AI score0.00639EPSS
Exploits1References9
OSV
OSV
added 2023/07/20 8:15 p.m.7 views

CVE-2023-3793

A vulnerability was found in Weaver e-cology. It has been rated as critical. This issue affects some unknown processing of the file filelFileDownloadForOutDoc.class of the component HTTP POST Request Handler. The manipulation of the argument fileid with the input 1+WAITFOR+DELAY leads to sql...

9.8CVSS5.7AI score0.00421EPSS
Exploits0References2
Prion
Prion
added 2023/07/20 8:15 p.m.26 views

Sql injection

A vulnerability was found in Weaver e-cology. It has been rated as critical. This issue affects some unknown processing of the file filelFileDownloadForOutDoc.class of the component HTTP POST Request Handler. The manipulation of the argument fileid with the input 1+WAITFOR+DELAY leads to sql...

5.2CVSS9.7AI score0.00421EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/07/20 7:31 p.m.15 views

CVE-2023-3793 Weaver e-cology HTTP POST Request filelFileDownloadForOutDoc.class sql injection

A vulnerability was found in Weaver e-cology. It has been rated as critical. This issue affects some unknown processing of the file filelFileDownloadForOutDoc.class of the component HTTP POST Request Handler. The manipulation of the argument fileid with the input 1+WAITFOR+DELAY leads to sql...

5.5CVSS7.6AI score0.00421EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/07/20 12:0 a.m.4 views

Weaver e-cology SQL注入漏洞

Weaver e-cology is a collaborative management application platform from China's Panmicro Technology Weaver. A SQL injection vulnerability exists in Weaver e-cology versions prior to 10.58.0, which stems from the filelFileDownloadForOutDoc.class parameter fileid that can lead to sql injection...

9.8CVSS6.6AI score0.00421EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/07/20 12:0 a.m.9 views

PT-2023-26188 · Unknown · Weaver E-Cology

Name of the Vulnerable Software and Affected Versions: Weaver e-cology versions prior to 10.58.0 Description: A critical issue affects the HTTP POST Request Handler component of Weaver e-cology, specifically the file filelFileDownloadForOutDoc.class. The manipulation of the fileid argument with t...

9.8CVSS8.7AI score0.00421EPSS
Exploits0References8
OSV
OSV
added 2023/03/19 8:15 p.m.6 views

CVE-2023-1501

A vulnerability, which was classified as critical, was found in RockOA 2.3.2. This affects the function runAction of the file acloudCosAction.php.SQL. The manipulation of the argument fileid leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclos...

8.8CVSS5.4AI score0.00883EPSS
Exploits1References3
NVD
NVD
added 2023/03/19 8:15 p.m.23 views

CVE-2023-1501

A vulnerability, which was classified as critical, was found in RockOA 2.3.2. This affects the function runAction of the file acloudCosAction.php.SQL. The manipulation of the argument fileid leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclos...

8.8CVSS7AI score0.00883EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2023/03/19 12:0 a.m.7 views

PT-2023-17037 · Rockoa · Rockoa

Name of the Vulnerable Software and Affected Versions: RockOA version 2.3.2 Description: A critical issue was found in the runAction function of the file acloudCosAction.php.SQL. The manipulation of the fileid argument leads to unrestricted upload. It is possible to initiate the attack remotely...

8.8CVSS7AI score0.00883EPSS
Exploits1References6
Rows per page
Query Builder