68 matches found
WordPress plugin GI-Media Library 路径遍历漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A path traversal...
Seeyon Zhiyuan OA 安全漏洞
Seeyon Zhiyuan OA Zhiyuan OA is a collaboration management software from China's Seeyon. A security vulnerability exists in Seeyon Zhiyuan OA, which originates from insufficient validation of the realFileType and fileId parameters in the wpsAssistServlet interface, resulting in arbitrary file...
CVE-2023-1501
A vulnerability, which was classified as critical, was found in RockOA 2.3.2. This affects the function runAction of the file acloudCosAction.php.SQL. The manipulation of the argument fileid leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclos...
CVE-2020-27180
konzept-ix publiXone before 2020.015 allows attackers to download files by iterating over the IXCopy fileID parameter...
CVE-2024-12580 Logs Debug Injection in danny-avila/librechat
A vulnerability in danny-avila/librechat prior to version 0.7.6 allows for logs debug injection. The parameters sessionId, fileId, userId, and fileid in the /code/download/:sessionId/:fileId and /download/:userId/:fileid APIs are not validated or filtered, leading to potential log injection...
CVE-2025-0822
Bit Assist plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.5.2 via the fileID Parameter. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read the contents of arbitrary files on the server, which can contai...
WordPress Bit Assist plugin <= 1.5.2 - Path Traversal to Authenticated (Subscriber+) Arbitrary File Read via fileID Parameter vulnerability
Path Traversal to Authenticated Subscriber+ Arbitrary File Read via fileID Parameter vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin Bit Assist versions = 1.5.2...
CVE-2025-0822
Bit Assist plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.5.2 via the fileID Parameter. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read the contents of arbitrary files on the server, which can contai...
CVE-2024-10594
A vulnerability was found in ESAFENET CDG 5. It has been classified as critical. Affected is the function docHistory of the file /com/esafenet/servlet/fileManagement/FileDirectoryService.java. The manipulation of the argument fileId leads to sql injection. It is possible to launch the attack...
EsafeNet CDG SQL注入漏洞
EsafeNet CDG is a document security management system from EsafeNet. A SQL injection vulnerability exists in EsafeNet CDG, which stems from an incorrect manipulation of the parameter fileId that can lead to sql injection...
EsafeNet CDG SQL注入漏洞
EsafeNet CDG is a document security management system from EsafeNet. A SQL injection vulnerability exists in ESAFENET CDG V5, which originates from the fileId parameter of file/MultiServerBackService?path=1 that can lead to SQL injection...
PT-2024-39682 · Unknown · Esafenet Cdg
Name of the Vulnerable Software and Affected Versions: ESAFENET CDG V5 Description: A critical issue affects an unknown functionality of the file /MultiServerBackService?path=1. The manipulation of the fileId argument leads to SQL injection. The attack may be launched remotely. The exploit has be...
CVE-2023-3793
A vulnerability was found in Weaver e-cology. It has been rated as critical. This issue affects some unknown processing of the file filelFileDownloadForOutDoc.class of the component HTTP POST Request Handler. The manipulation of the argument fileid with the input 1+WAITFOR+DELAY leads to sql...
Sql injection
A vulnerability was found in Weaver e-cology. It has been rated as critical. This issue affects some unknown processing of the file filelFileDownloadForOutDoc.class of the component HTTP POST Request Handler. The manipulation of the argument fileid with the input 1+WAITFOR+DELAY leads to sql...
CVE-2023-3793 Weaver e-cology HTTP POST Request filelFileDownloadForOutDoc.class sql injection
A vulnerability was found in Weaver e-cology. It has been rated as critical. This issue affects some unknown processing of the file filelFileDownloadForOutDoc.class of the component HTTP POST Request Handler. The manipulation of the argument fileid with the input 1+WAITFOR+DELAY leads to sql...
Weaver e-cology SQL注入漏洞
Weaver e-cology is a collaborative management application platform from China's Panmicro Technology Weaver. A SQL injection vulnerability exists in Weaver e-cology versions prior to 10.58.0, which stems from the filelFileDownloadForOutDoc.class parameter fileid that can lead to sql injection...
PT-2023-26188 · Unknown · Weaver E-Cology
Name of the Vulnerable Software and Affected Versions: Weaver e-cology versions prior to 10.58.0 Description: A critical issue affects the HTTP POST Request Handler component of Weaver e-cology, specifically the file filelFileDownloadForOutDoc.class. The manipulation of the fileid argument with t...
CVE-2023-1501
A vulnerability, which was classified as critical, was found in RockOA 2.3.2. This affects the function runAction of the file acloudCosAction.php.SQL. The manipulation of the argument fileid leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclos...
CVE-2023-1501
A vulnerability, which was classified as critical, was found in RockOA 2.3.2. This affects the function runAction of the file acloudCosAction.php.SQL. The manipulation of the argument fileid leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclos...
PT-2023-17037 · Rockoa · Rockoa
Name of the Vulnerable Software and Affected Versions: RockOA version 2.3.2 Description: A critical issue was found in the runAction function of the file acloudCosAction.php.SQL. The manipulation of the fileid argument leads to unrestricted upload. It is possible to initiate the attack remotely...