81 matches found
UBUNTU-CVE-2024-43362
Cacti is an open source performance and fault management framework. The fileurl parameter is not properly sanitized when saving external links in links.php . Morever, the said fileurl is placed in some html code which is passed to the print function in link.php and index.php, finally leading to...
PT-2024-7358 · Cacti +1 · Cacti +1
Name of the Vulnerable Software and Affected Versions: Cacti versions prior to 1.2.28 Description: The issue is related to the lack of protection of the web page structure in the Cacti network monitoring tool, specifically in the links.php script. This allows a remote attacker to perform cross-si...
CVE-2024-1117
A vulnerability was found in openBI up to 1.0.8. It has been declared as critical. Affected by this vulnerability is the function index of the file /application/index/controller/Screen.php. The manipulation of the argument fileurl leads to code injection. The attack can be launched remotely. The...
CVE-2024-1114
A vulnerability has been found in openBI up to 1.0.8 and classified as critical. This vulnerability affects the function dlfile of the file /application/index/controller/Screen.php. The manipulation of the argument fileUrl leads to improper access controls. The attack can be initiated remotely. T...
CVE-2024-1114 openBI Screen.php dlfile access control
A vulnerability has been found in openBI up to 1.0.8 and classified as critical. This vulnerability affects the function dlfile of the file /application/index/controller/Screen.php. The manipulation of the argument fileUrl leads to improper access controls. The attack can be initiated remotely. T...
PT-2024-16784 · Openbi · Openbi
Name of the Vulnerable Software and Affected Versions: openBI versions up to 1.0.8 Description: A critical issue has been found, affecting the dlfile function of the file /application/index/controller/Screen.php. The manipulation of the fileUrl argument leads to improper access controls. The atta...
PT-2024-16797 · Openbi · Openbi
Name of the Vulnerable Software and Affected Versions: openBI versions up to 1.0.8 Description: A critical issue has been found in the function index of the file /application/index/controller/Screen.php. The manipulation of the fileurl argument leads to code injection. This issue can be exploited...
CVE-2023-3121
A vulnerability has been found in Dahua Smart Parking Management up to 20230528 and classified as problematic. This vulnerability affects unknown code of the file /ipms/imageConvert/image. The manipulation of the argument fileUrl leads to server-side request forgery. The exploit has been disclose...
Dahua Smart Parking Management 代码问题漏洞
Dahua Smart Parking Management is a parking solution from Dahua, China. A code issue vulnerability exists in Dahua Smart Parking Management 20230528 and prior versions, which stems from an issue with unknown code in the file /ipms/imageConvert/image, where manipulation of the parameter fileUrl ca...
CVE-2022-30049
A Server-Side Request Forgery SSRF in Rebuild v2.8.3 allows attackers to obtain the real IP address and scan Intranet information via the fileurl parameter...
Server side request forgery (ssrf)
A Server-Side Request Forgery SSRF in Rebuild v2.8.3 allows attackers to obtain the real IP address and scan Intranet information via the fileurl parameter...
CVE-2022-30049
A Server-Side Request Forgery SSRF in Rebuild v2.8.3 allows attackers to obtain the real IP address and scan Intranet information via the fileurl parameter...
CVE-2022-30049
A Server-Side Request Forgery SSRF in Rebuild v2.8.3 allows attackers to obtain the real IP address and scan Intranet information via the fileurl parameter...
CVE-2022-30049
A Server-Side Request Forgery SSRF in Rebuild v2.8.3 allows attackers to obtain the real IP address and scan Intranet information via the fileurl parameter...
Rebuild 代码问题漏洞
Rebuild is a highly customizable enterprise management system. A security vulnerability exists in Rebuild version 2.8.3. An attacker can use this vulnerability to obtain a real IP address via the fileurl parameter and scan for Intranet information...
PT-2022-19985 · Rebuild · Rebuild
Name of the Vulnerable Software and Affected Versions: Rebuild version 2.8.3 Description: A Server-Side Request Forgery SSRF issue allows attackers to obtain the real IP address and scan Intranet information via the fileurl parameter. This enables attackers to access internal network details...
bloofoxCMS path traversal vulnerability (CNVD-2021-41076)
bloofoxCMS is a free open source PHP + MySQL based Web content management system . A path traversal vulnerability exists in the fileurl parameter in bloofoxCMS version 0.5.2.1. An attacker can exploit this vulnerability to read local files...
CVE-2020-35762
bloofoxCMS 0.5.2.1 is infected with Path traversal in the 'fileurl' parameter that allows attackers to read local files...
Path traversal
bloofoxCMS 0.5.2.1 is infected with Path traversal in the 'fileurl' parameter that allows attackers to read local files...
CVE-2020-35762
bloofoxCMS 0.5.2.1 is infected with Path traversal in the 'fileurl' parameter that allows attackers to read local files...