EUVD-2018-21943

Open STA Manager 2.3 contains a path traversal vulnerability that allows authenticated users to download arbitrary files by manipulating the file parameter. Attackers can send GET requests to modules/backup/actions.php with op=getfile and traverse directories using ../ sequences to access sensiti...

CVE-2026-25992 SiYuan has a File Read Interface Case Bypass Vulnerability

SiYuan is a personal knowledge management system. Prior to 3.5.5, the /api/file/getFile endpoint uses case-sensitive string equality checks to block access to sensitive files. On case-insensitive file systems such as Windows, attackers can bypass restrictions using mixed-case paths and read...

CVE-2026-25992

SiYuan is a personal knowledge management system. Prior to 3.5.5, the /api/file/getFile endpoint uses case-sensitive string equality checks to block access to sensitive files. On case-insensitive file systems such as Windows, attackers can bypass restrictions using mixed-case paths and read...

CVE-2026-25992 SiYuan has a File Read Interface Case Bypass Vulnerability

SiYuan is a personal knowledge management system. Prior to 3.5.5, the /api/file/getFile endpoint uses case-sensitive string equality checks to block access to sensitive files. On case-insensitive file systems such as Windows, attackers can bypass restrictions using mixed-case paths and read...

Improper Handling of Case Sensitivity

Overview Affected versions of this package are vulnerable to Improper Handling of Case Sensitivity via the /api/file/getFile endpoint. An attacker can access sensitive configuration files by submitting mixed-case paths to bypass case-sensitive checks on case-insensitive file systems. Remediation...

PT-2026-7417

Name of the Vulnerable Software and Affected Versions SiYuan versions prior to 3.5.5 Description The /api/file/getFile endpoint uses case-sensitive string equality checks to block access to sensitive files. On case-insensitive file systems, such as Windows, attackers can bypass these restrictions...

CVE-2025-10709 Four-Faith Water Conservancy Informatization Platform historyDownload.do;otheruserLogin.do;getfile path traversal

A vulnerability was detected in Four-Faith Water Conservancy Informatization Platform 1.0. Affected by this issue is some unknown functionality of the file /history/historyDownload.do;otheruserLogin.do;getfile. The manipulation of the argument fileName results in path traversal. The attack can be...

CVE-2024-33863

An issue was discovered in linqi before 1.4.0.1 on Windows. There is /api/Cdn/GetFile local file inclusion...

PT-2024-25520 · Linqi · Linqi

Name of the Vulnerable Software and Affected Versions: linqi versions prior to 1.4.0.1 Description: An issue was discovered that leads to an NTLM hash leak. This occurs via the "api/Cdn/GetFile" and "api/DocumentTemplate/GUID" endpoints. Recommendations: For versions prior to 1.4.0.1, update to...

PT-2023-32791 · Kalcaddle · Kodexplorer

Name of the Vulnerable Software and Affected Versions: kalcaddle KodExplorer versions up to 4.51.03 Description: A critical issue affects the API Endpoint Handler component, specifically the /index.php?pluginApp/to/yzOffice/getFile file. The manipulation of the path/file argument leads to...