WordPress plugin WP All Import 代码注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

PT-2026-23657

The WP All Import – Drag & Drop Import for CSV, XML, Excel & Google Sheets plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘filepath’ parameter in all versions up to, and including, 4.0.0 due to insufficient input sanitization and output escaping. This makes it possib...

CVE-2025-59819

This vulnerability allows authenticated attackers to read an arbitrary file by changing a filepath parameter into an internal system path...

CVE-2025-59819

This vulnerability allows authenticated attackers to read an arbitrary file by changing a filepath parameter into an internal system path...

CVE-2025-59819

The CVE-2025-59819 entries describe an authenticated arbitrary-file-read vulnerability: an attacker can supply a crafted filepath parameter that is mapped to an internal system path, enabling access to arbitrary files. Multiple sources (NVD, Red Hat, CVE list, Attackerkb, etc.) corroborate the sa...

CVE-2025-59819 Authenticated Arbitrary File Read via filepath parameter

This vulnerability allows authenticated attackers to read an arbitrary file by changing a filepath parameter into an internal system path...

CVE-2025-59819

This vulnerability allows authenticated attackers to read an arbitrary file by changing a filepath parameter into an internal system path...

CVE-2025-59819 Authenticated Arbitrary File Read via filepath parameter

This vulnerability allows authenticated attackers to read an arbitrary file by changing a filepath parameter into an internal system path...

PT-2026-21002

This vulnerability allows authenticated attackers to read an arbitrary file by changing a filepath parameter into an internal system path...

CVE-2026-2552

A vulnerability was identified in ZenTao up to 21.7.8. Affected by this issue is the function delete of the file editor/control.php of the component Committer. Such manipulation of the argument filePath leads to path traversal. Upgrading to version 21.7.9 can resolve this issue. The affected...

CVE-2026-2552

ZenTao up to version 21.7.8 is affected by a path traversal in the delete function of editor/control.php (component Committer). Manipulation of the filePath argument enables traversal. Upgrading to version 21.7.9 resolves the issue; the affected component should be upgraded.

CVE-2026-2552 ZenTao Editor control.php delete path traversal

A vulnerability was identified in ZenTao up to 21.7.8. Affected by this issue is the function delete of the file editor/control.php of the component Committer. Such manipulation of the argument filePath leads to path traversal. Upgrading to version 21.7.9 can resolve this issue. The affected...

CVE-2026-2111

A weakness has been identified in JeecgBoot up to 3.9.0. Affected by this issue is some unknown functionality of the file /airag/knowledge/doc/edit of the component Retrieval-Augmented Generation Module. Executing a manipulation of the argument filePath can lead to path traversal. The attack can ...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the filePath argument in the /airag/knowledge/doc/edit component. An attacker can access sensitive files outside the intended directory by supplying crafted input remotely. Details A Directory Traversal attack al...

CVE-2026-2111 JeecgBoot Retrieval-Augmented Generation edit path traversal

A weakness has been identified in JeecgBoot up to 3.9.0. Affected by this issue is some unknown functionality of the file /airag/knowledge/doc/edit of the component Retrieval-Augmented Generation Module. Executing a manipulation of the argument filePath can lead to path traversal. The attack can ...

EUVD-2026-5716

A weakness has been identified in JeecgBoot up to 3.9.0. Affected by this issue is some unknown functionality of the file /airag/knowledge/doc/edit of the component Retrieval-Augmented Generation Module. Executing a manipulation of the argument filePath can lead to path traversal. The attack can ...

PT-2026-6919

Name of the Vulnerable Software and Affected Versions JeecgBoot versions prior to 3.9.0 Description A path traversal weakness exists in JeecgBoot. This issue affects some unknown functionality of the file /airag/knowledge/doc/edit within the Retrieval-Augmented Generation Module. Manipulation of...

JeecgBoot 路径遍历漏洞

JeecgBoot is a Java low-code platform developed by Jeecg Corporation, designed for enterprise web applications. JeecgBoot versions 3.9.0 and earlier contained a path traversal vulnerability. This vulnerability stemmed from incorrect handling of the parameter “filePath” in the Component...

CVE-2020-37117 jizhiCMS 1.6.7 - Arbitrary File Download

jizhiCMS 1.6.7 contains a file download vulnerability in the admin plugins update endpoint that allows authenticated administrators to download arbitrary files. Attackers can exploit the vulnerability by sending crafted POST requests with malicious filepath and downloadurl parameters to trigger...

EUVD-2020-31049

jizhiCMS 1.6.7 contains a file download vulnerability in the admin plugins update endpoint that allows authenticated administrators to download arbitrary files. Attackers can exploit the vulnerability by sending crafted POST requests with malicious filepath and downloadurl parameters to trigger...