CVE-2023-41932

Jenkins Job Configuration History Plugin 1227.v7a79fc4dc01f and earlier does not restrict 'timestamp' query parameters in multiple endpoints, allowing attackers with to delete attacker-specified directories on the Jenkins controller file system as long as they contain a file called 'history.xml'...

Skyway Web Site Navigation System of any downloads, file deletion vulnerability and fix-vulnerability warning-the black bar safety net

Design flaws Vulnerabilityfiles: admin/addata.php Backup and Restore Database functions no management login authentication Look at the code.... case 'down': $filename or message'the file name cannot be empty'; filedown'../data/'.$ filename; break; case 'delete': unlink"../data/$GET'filenames'";...