CVE-2025-11908

A security flaw has been discovered in Shenzhen Ruiming Technology Streamax Crocus 1.3.40. The affected element is the function uploadFile of the file /FileDir.do?Action=Upload. Performing manipulation of the argument File results in unrestricted upload. The attack is possible to be carried out...

CVE-2024-8409 ABCD ABCD2 show_image.php path traversal

A vulnerability classified as problematic has been found in ABCD ABCD2 up to 2.2.0-beta-1. This affects an unknown part of the file /common/showimage.php. The manipulation of the argument image leads to path traversal: '../filedir'. It is possible to initiate the attack remotely. The exploit has...

CVE-2024-3218

A vulnerability classified as critical has been found in Shibang Communications IP Network Intercom Broadcasting System 1.0. This affects an unknown part of the file /php/busyscreenshotpush.php. The manipulation of the argument jsondatacallee/jsondataimagename leads to path traversal: '../filedir...

CVE-2024-3218

The CVE-2024-3218 entry affects Shibang Communications IP Network Intercom Broadcasting System v1.0, specifically the /php/busyscreenshotpush.php endpoint. The vulnerability arises from path traversal via manipulation of jsondata[callee]/jsondata[imagename] to escalate outside the intended direct...

PT-2024-15122 · Biges Safe Life Technologies Electronics Inc · Vguard

Name of the Vulnerable Software and Affected Versions: Biges Safe Life Technologies Electronics Inc. VGuard versions prior to V500.0003.R008.4011.C0012.B351.C Description: The issue is related to a Path Traversal vulnerability, specifically an Absolute Path Traversal, which can be exploited using...

CVE-2024-0354

A vulnerability, which was classified as critical, has been found in unknown-o download-station up to 1.1.8. This issue affects some unknown processing of the file index.php. The manipulation of the argument f leads to path traversal: '../filedir'. The attack may be initiated remotely. The exploi...

Path traversal

A vulnerability was found in Inis up to 2.0.1. It has been rated as problematic. This issue affects some unknown processing of the file /app/api/controller/default/File.php of the component GET Request Handler. The manipulation of the argument path leads to path traversal: '../filedir'. The explo...

Path traversal

A vulnerability, which was classified as critical, has been found in rmountjoy92 DashMachine 0.5-4. Affected by this issue is some unknown functionality of the file /settings/deletefile. The manipulation of the argument file leads to path traversal: '../filedir'. The exploit has been disclosed to...

CVE-2023-3240

CVE-2023-3240 affects OTCMS up to version 6.62, involving an issue in the file usersNews_deal.php where manipulating the file parameter enables path traversal via '../filedir'. Public exploitation has been disclosed. The vulnerability is described as a path traversal exposure; no remediation deta...

PT-2023-22787 · Yfcmf · Yfcmf

Name of the Vulnerable Software and Affected Versions: YFCMF versions up to 3.0.4 Description: A vulnerability has been found that affects unknown code in the file index.php, leading to path traversal. The manipulation can be initiated remotely, using '../filedir' to traverse paths. The exploit h...

CVE-2023-1398

A vulnerability classified as critical was found in XiaoBingBy TeaCMS 2.0. Affected by this vulnerability is an unknown functionality of the file /admin/upload. The manipulation leads to path traversal: '../filedir'. The attack can be launched remotely. The exploit has been disclosed to the publi...

PT-2023-16955 · Unknown · Xiaobingby Teacms

Name of the Vulnerable Software and Affected Versions: XiaoBingBy TeaCMS version 2.0 Description: A critical vulnerability was found in XiaoBingBy TeaCMS, affecting an unknown functionality of the file /admin/upload. The manipulation leads to path traversal: '../filedir'. The attack can be launch...

CVE-2014-125033 rails-cv-app uploaded_files_controller.rb path traversal

A vulnerability was found in rails-cv-app. It has been rated as problematic. Affected by this issue is some unknown functionality of the file app/controllers/uploadedfilescontroller.rb. The manipulation with the input ../../../etc/passwd leads to path traversal: '../filedir'. The exploit has been...

SeaCMS Arbitrary File Deletion Vulnerability (CNVD-2018-20079)

SeaCMS is a free and open source web content management system written in PHP. The system has been designed primarily to manage video-on-demand resources. A security vulnerability exists in SeaCMS version 6.64. A remote attacker can exploit the vulnerability to delete arbitrary files with the hel...

CVE-2018-17365

SeaCMS 6.64 and 7.2 allows remote attackers to delete arbitrary files via the filedir parameter...

CVE-2018-17365

SeaCMS 6.64 and 7.2 allows remote attackers to delete arbitrary files via the filedir parameter...