CVE-2026-5192 Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.52.1 - Unauthenticated Arbitrary File Read via 'upload-1[file][file_path]'

The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Path Traversal in versions up to, and including, 1.52.1 via the 'upload-1filefilepath' parameter. This makes it possible for unauthenticated attackers to read the contents of arbitrary...

EUVD-2009-1149

Malware in sbrugna...

EUVD-2015-9080

Malware in sbrugna...

CVE-2025-10472

MoneyPrinterTurbo (harry0703) vulnerable up to 1.2.6 due to path traversal in the URL Handler’s video download/stream logic. Affected: download_video/stream_video in app/controllers/v1/video.py; parameter file_path can be manipulated to traverse paths. Exploit is remote and publicly disclosed. Mi...

CVE-2024-22857

Heap based buffer flow in zlog v1.1.0 to v1.2.17 in zlogrulenew.The size of recordname is MAXLENPATH1024 + 1 but filepath may have data upto MAXLENCFGLINEMAXLENPATH4 + 1. So a check was missing in zlogrulenew while copying the recordname from filepath + 1 which caused the buffer overflow. An...

CVE-2023-1044

A vulnerability was found in MuYuCMS 2.2. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /editor/index.php. The manipulation of the argument filepath leads to relative path traversal. The attack can be launched remotely. The exploit has...

CVE-2023-1044

Summary: CVE-2023-1044 affects MuYuCMS 2.2 via the file_path parameter in the file "/editor/index.php", enabling a relative path traversal vulnerability. The issue is triggered by manipulating the affected argument, and the attack is remote with the exploit reportedly disclosed publicly. Multiple...

SUSE CVE-2009-1148

Directory traversal vulnerability in bsdispasmimetype.php in the BLOB streaming feature in phpMyAdmin before 3.1.3.1 allows remote attackers to read arbitrary files via directory traversal sequences in the filepath parameter $filename variable...

GOG GalaxyClientService Privilege Escalation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core/post/windows/services' require 'openssl' class MetasploitModule 'GOG GalaxyClientService Privilege Escalation', 'Description' = %q This module will sen...

CVE-2018-13290

Synology SRM 1.1.x is affected by CVE-2018-13290 (Information exposure via SYNO.Core.ACL). Affected: Synology Router Manager (SRM) before 1.1.7-6941-2. Issue: remote authenticated users can determine file existence or access sensitive file information via the file_path parameter. CVSS metrics ind...

CVE-2018-13290

Information exposure vulnerability in SYNO.Core.ACL in Synology Router Manager SRM before 1.1.7-6941-2 allows remote authenticated users to determine the existence of files or obtain sensitive information of files via the filepath parameter...

CVE-2018-13281

Information exposure vulnerability in SYNO.Core.ACL in Synology DiskStation Manager DSM before 6.2-23739-2 allows remote authenticated users to determine the existence and obtain the metadata of arbitrary files via the filepath parameter...

CVE-2018-13281

Information exposure vulnerability in SYNO.Core.ACL in Synology DiskStation Manager DSM before 6.2-23739-2 allows remote authenticated users to determine the existence and obtain the metadata of arbitrary files via the filepath parameter...

CVE-2018-13281

The CVE-2018-13281 entry affects Synology DiskStation Manager (DSM) prior to 6.2-23739-2, specifically the SYNO.Core.ACL component. The vulnerability allows remote authenticated users to determine the existence of files and obtain their metadata via the file_path parameter, constituting an inform...

AlegroCart Arbitrary Code Execution Vulnerability

AlegroCart is an open source online business solution from the Canadian ALEGROCART team. AlegroCart version 1.2.8 has a remote file inclusion vulnerability in the 'getfile' function of the upload/admin2/controller/reportlogs.php file, which stems from the program failing to detect the 'filepath'...

Jtbccms V1.0 'jtbc_cms_admin_manage_delete_filedisp()' function has a file deletion vulnerability

Jtbccms is a website system that can expand and clone existing modules. Jtbccms version 1.0 'jtbccmsadminmanagedeletefiledisp' function has a file deletion vulnerability. Due to receiving filepath variable to do iicstr function for adslashes filtering, the code conversion can be directly deleted ...

phpMyAdmin file_path Parameter Vulnerabilities (PMASA-2009-1)

The version of phpMyAdmin installed on the remote host fails to sanitize user-supplied input to the 'filepath' parameter of the 'bsdispasmimetype.php' script before using it to read a file and reporting it in dynamically-generated HTML. An unauthenticated, remote attacker may be able to leverage...

Voodoo chat 1.0RC1b - file_path Remote File Inclusion

Voodoo chat 1.0RC1b - filepath Remote File Inclusion ================================================================= Voodoo chat 1.0RC1b ================================================================= Exploit : -------------------------------- http://sitename.com/Script...

CVE-2006-2852

PHP remote file inclusion vulnerability in dotWidget CMS 1.0.6 and earlier, when registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the filepath parameter in 1 index.php, 2 feedback.php, and 3 printfriendly.php...