WordPress StoreEngine plugin path traversal vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A path traversal vulnerability exists in the WordPress StoreEngine plugin, which stems from a path traversal issue in the filedownload function. An attacker can exploit this...

WordPress plugin StoreEngine 路径遍历漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A path traversal vulnerability exists in the WordPress StoreEngine plugin, which stems from a path traversal issue in the filedownload function. An attacker can exploit this...

CVE-2022-34878

CVE-2022-34878 affects VICIdial (notably VICIdial 2.14b0.5 and related builds) via an authenticated SQL injection in the /vicidial/user_stats.php file_download parameter. Connected docs confirm concrete exploitation: multiple authenticated SQLi paths and a module exploiting this (e.g., VICIdial M...

CVE-2022-34878 VICIDial 2.14b0.5 SVN 3550 was discovered to contain a SQL injection vulnerability at /vicidial/user_stats.php.

SQL Injection vulnerability in User Stats interface /vicidial/userstats.php of VICIdial via the filedownload parameter allows attacker to spoof identity, tamper with existing data, allow the complete disclosure of all data on the system, destroy the data or make it otherwise unavailable, and beco...

CVE-2012-4873

Cross-site scripting XSS vulnerability in the filedownload function in GNUBoard before 4.34.21 allows remote attackers to inject arbitrary web script or HTML via the filename parameter...