35 matches found
CVE-2026-34735 Hytale Modding Vulnerable to Remote Code Execution via File Upload Bypass in `FileController`
The Hytale Modding Wiki is a free service for Hytale mods to host their documentation & wikis. In version 1.2.0 and prior, the quickUpload endpoint validates uploaded files by checking their MIME type via PHP's finfo, which inspects file contents but constructs the stored filename using the...
CVE-2026-1061
A vulnerability was detected in xiweicheng TMS up to 2.28.0. Affected by this issue is the function Upload of the file src/main/java/com/lhjz/portal/controller/FileController.java. The manipulation of the argument filename results in unrestricted upload. The attack may be performed from remote. T...
CVE-2026-1061
A vulnerability was detected in xiweicheng TMS up to 2.28.0. Affected by this issue is the function Upload of the file src/main/java/com/lhjz/portal/controller/FileController.java. The manipulation of the argument filename results in unrestricted upload. The attack may be performed from remote. T...
PT-2026-1054
Name of the Vulnerable Software and Affected Versions yeqifu carRental affected versions not specified Description A path traversal issue exists due to the manipulation of the path argument within the downloadShowFile function located in /file/downloadShowFile.action of the...
CVE-2025-8841
A vulnerability was identified in zlt2000 microservices-platform up to 6.0.0. Affected by this vulnerability is the function Upload of the file zlt-business/file-center/src/main/java/com/central/file/controller/FileController.java. The manipulation leads to unrestricted upload. The attack can be...
PT-2025-32535 · Unknown · Zlt2000 Microservices-Platform
Name of the Vulnerable Software and Affected Versions: zlt2000 microservices-platform versions through 6.0.0 Description: A vulnerability exists in the Upload function located in zlt-business/file-center/src/main/java/com/central/file/controller/FileController.java. This manipulation allows for...
CVE-2025-4530 feng_ha_ha/megagao ssm-erp/production_ssm File FileController.java handleFileDownload path traversal
A vulnerability was found in fenghaha/megagao ssm-erp and productionssm 1.0. It has been declared as problematic. Affected by this vulnerability is the function handleFileDownload of the file FileController.java of the component File Handler. The manipulation leads to path traversal. The attack c...
CVE-2025-4530
CVE-2025-4530 affects feng_ha_ha/megagao ssm-erp and production_ssm 1.0. the vulnerability resides in File Handler’s FileController.java handleFileDownload, enabling path traversal. exploitation is remote and publicly disclosed. Exploits are noted in multiple sources; CVSS metrics from the initia...
CVE-2025-2195 MRCMS org.marker.mushroom.controller.FileController rename.do rename cross site scripting
A vulnerability was found in MRCMS 3.1.2. It has been classified as problematic. Affected is the function rename of the file /admin/file/rename.do of the component org.marker.mushroom.controller.FileController. The manipulation of the argument name/path leads to cross site scripting. It is possib...
PT-2025-10752 · Mrcms · Mrcms
Name of the Vulnerable Software and Affected Versions: MRCMS version 3.1.2 Description: A problem was found in the rename function of the /admin/file/rename.do file in the org.marker.mushroom.controller.FileController component. The manipulation of the name/path argument leads to cross-site...
PT-2025-10751 · Mrcms · Mrcms
Name of the Vulnerable Software and Affected Versions: MRCMS version 3.1.2 Description: A vulnerability was found in the function list of the file "/admin/file/list.do" of the component org.marker.mushroom.controller.FileController. The manipulation of the path argument leads to cross-site...
CVE-2024-57452
ChestnutCMS =1.5.0 has an arbitrary file deletion vulnerability in contentcore.controller.FileController, which allows attackers to delete any file and folder...
CVE-2024-57451
ChestnutCMS =1.5.0 has a directory traversal vulnerability in contentcore.controller.FileControllergetFileList, which allows attackers to view any directory...
CVE-2024-57451
ChestnutCMS =1.5.0 has a directory traversal vulnerability in contentcore.controller.FileControllergetFileList, which allows attackers to view any directory...
CVE-2024-57452
ChestnutCMS =1.5.0 has an arbitrary file deletion vulnerability in contentcore.controller.FileController, which allows attackers to delete any file and folder...
ChestnutCMS 安全漏洞
ChestnutCMS is a front-end and back-end separated enterprise-level content management system by liweiyi individual developer. A security vulnerability exists in ChestnutCMS version 1.5.0 and earlier versions, which stems from a contentcore.controller.FileController contains an arbitrary file...
PT-2025-3449 · Unknown · Chestnutcms
Name of the Vulnerable Software and Affected Versions: ChestnutCMS versions =1.5.0 Description: The issue allows attackers to delete any file and folder due to an arbitrary file deletion vulnerability in the contentcore.controller.FileController. This vulnerability enables attackers to exploit th...
CVE-2024-13139 wangl1989 mysiteforme FileController doContent server-side request forgery
A vulnerability was found in wangl1989 mysiteforme 1.0. It has been rated as critical. This issue affects the function doContent of the file src/main/java/com/mysiteform/admin/controller/system/FileController. The manipulation of the argument content leads to server-side request forgery. The atta...
Mysiteforme 代码问题漏洞
Mysiteforme is a permission management system for wangl1989 individual developers. A code issue vulnerability exists in Mysiteforme version 1.0, which stems from the parameter content in the file src/main/java/com/mysiteform/admin/controller/system/FileController that can lead to server-side...
CVE-2024-24024
An arbitrary File download vulnerability exists in Novel-Plus v4.3.0-RC1 and prior at com.java2nb.common.controller.FileController: fileDownload. An attacker can pass in specially crafted filePath and fieName parameters to perform arbitrary File download...