19 matches found
CVE-2026-1061
A vulnerability was detected in xiweicheng TMS up to 2.28.0. Affected by this issue is the function Upload of the file src/main/java/com/lhjz/portal/controller/FileController.java. The manipulation of the argument filename results in unrestricted upload. The attack may be performed from remote. T...
EUVD-2022-45224
Malicious code in bioql PyPI...
CVE-2025-6534 xxyopen/201206030 novel-plus File FileController.java remove resource injection
A vulnerability, which was classified as problematic, was found in xxyopen/201206030 novel-plus up to 5.1.3. This affects the function remove of the file novel-admin/src/main/java/com/java2nb/common/controller/FileController.java of the component File Handler. The manipulation leads to improper...
CVE-2025-4530
A vulnerability was found in fenghaha/megagao ssm-erp and productionssm 1.0. It has been declared as problematic. Affected by this vulnerability is the function handleFileDownload of the file FileController.java of the component File Handler. The manipulation leads to path traversal. The attack c...
PT-2025-20652 · Unknown · Production Ssm +1
Name of the Vulnerable Software and Affected Versions: feng ha ha/megagao ssm-erp version 1.0 production ssm version 1.0 Description: A vulnerability was found in the function handleFileDownload of the file FileController.java of the component File Handler. The manipulation leads to path traversa...
CVE-2022-42147
kkFileView 4.0 is vulnerable to Cross Site Scripting XSS via controller\ Filecontroller.java...
CVE-2022-42147
kkFileView 4.0 is vulnerable to Cross Site Scripting XSS via controller\ Filecontroller.java...
Cross site scripting
kkFileView 4.0 is vulnerable to Cross Site Scripting XSS via controller\ Filecontroller.java...
CVE-2022-42147
CVE-2022-42147 affects kkFileView 4.0. The provided documents identify a Cross Site Scripting (XSS) vulnerability via the file controller component named Filecontroller.java . The CVE entry lists a base CVSS v3.1 score of 6.1 (Impact: Confidentiality/Integrity Low, Availability None; Network atta...
CVE-2022-36593
kkFileView v4.0.0 was discovered to contain an arbitrary file deletion vulnerability via the fileName parameter at /controller/FileController.java...
CVE-2022-36593
kkFileView v4.0.0 was discovered to contain an arbitrary file deletion vulnerability via the fileName parameter at /controller/FileController.java...
CVE-2022-36593
kkFileView v4.0.0 was discovered to contain an arbitrary file deletion vulnerability via the fileName parameter at /controller/FileController.java...
Arbitrary file deletion
kkFileView v4.0.0 was discovered to contain an arbitrary file deletion vulnerability via the fileName parameter at /controller/FileController.java...
CVE-2022-36593
kkFileView v4.0.0 was discovered to contain an arbitrary file deletion vulnerability via the fileName parameter at /controller/FileController.java...
CVE-2022-36593
CVE-2022-36593 affects kkFileView v4.0.0, exposing an arbitrary file deletion vulnerability through the fileName parameter in /controller/FileController.java. The root cause is the unsafe handling of fileName, enabling deletion of arbitrary files. Impact is stated as deletion capability; no fixes...
kkFileView 路径遍历漏洞
Keking kkFileView is a Spring-Boot project for online previewing of files and documents from Keking Technology Keking. A path traversal vulnerability exists in kkFileView v4.0.0, which is caused by an arbitrary file deletion vulnerability found in the fileName parameter of...
CVE-2021-42967
CVE-2021-42967 affects novel-plus; unrestricted file upload in /novel-admin/src/main/java/com/java2nb/common/controller/FileController.java allows uploading JSP files across all versions. Root cause is lack of file upload restrictions, enabling remote attackers to plant hostile JSPs (impact: part...
Directory traversal
Directory Traversal in the fileDownload function in com/java2nb/common/controller/FileController.java in Novel-plus ?????-plus 3.5.1 allows attackers to read arbitrary files via the filePath parameter...
NovelPlus 路径遍历漏洞
NovelPlus is an application. An open source mobile social application and idea publishing platform. NovelPlus suffers from a path traversal vulnerability that originates in the fileDownload function of com/java2nb/common/controller/FileController.java...