5 matches found
CVE-2026-33484 Langflow has Unauthenticated IDOR on Image Downloads
Langflow is a tool for building and deploying AI-powered agents and workflows. In versions 1.0.0 through 1.8.1, the /api/v1/files/images/flowid/filename endpoint serves image files without any authentication or ownership check. Any unauthenticated request with a known flowid and filename returns...
EUVD-2023-60210
SitemagicCMS 4.4.3 contains a remote code execution vulnerability that allows attackers to upload malicious PHP files to the files/images directory. Attackers can upload a .phar file with system command execution payload to compromise the web application and execute arbitrary system commands...
CVE-2023-53921
SitemagicCMS 4.4.3 is affected by a remote code execution vulnerability via unrestricted file upload. The issue allows uploading a .phar file containing a system command execution payload into the files/images directory, enabling attackers to execute arbitrary commands on the hosting system. Docu...
CVE-2023-53921 SitemagicCMS 4.4.3 Remote Code Execution via Unrestricted File Upload
SitemagicCMS 4.4.3 contains a remote code execution vulnerability that allows attackers to upload malicious PHP files to the files/images directory. Attackers can upload a .phar file with system command execution payload to compromise the web application and execute arbitrary system commands...
DownloadFile - Critical - Unsupported - SA-CONTRIB-2017-023
DownloadFile is a module to direct download files or images. The security team is marking this module unsupported. There is a known security issue with the module that has not been fixed by the maintainer. If you would like to maintain this module, please read: https://www.drupal.org/node/251466...