4 matches found
PT-2025-52069
Name of the Vulnerable Software and Affected Versions AncoraThemes Integro versions through 1.8.0 Description The software contains a flaw related to improper control of filename handling for include/require statements, specifically a PHP Local File Inclusion issue. This allows for the inclusion ...
CVE-2022-3124
The Frontend File Manager Plugin WordPress plugin before 21.3 allows any unauthenticated user to rename uploaded files from users. Furthermore, due to the lack of validation in the destination filename, this could allow allow them to change the content of arbitrary files on the web server...
CVE-2022-44006
An issue was discovered in BACKCLICK Professional 5.9.63. Due to improper validation or sanitization of upload filenames, an externally reachable, unauthenticated update function permits writing files outside the intended target location. Achieving remote code execution is possible, e.g., by...
Online Fire Reporting System 安全漏洞
Online Fire Reporting System is an online fire reporting system from Carlo Montero's personal developer. v1.0 of Online Fire Reporting System is vulnerable to an arbitrary file deletion vulnerability, which originates in /ofrs/classes/Master.php?f= deleteimg lacks valid validation for filenames,...