CVE-2020-37219 Joomla com_fabrik 3.9.11 Directory Traversal via image.php

Joomla comfabrik 3.9.11 contains a directory traversal vulnerability that allows unauthenticated attackers to list arbitrary files by manipulating the folder parameter. Attackers can send GET requests to the onAjaxfiles method with path traversal sequences to enumerate files in system directories...

CVE-2025-65791

ZoneMinder v1.36.34 is vulnerable to Command Injection in web/views/image.php. The application passes unsanitized user input directly to the exec function. NOTE: this is disputed by the Supplier because there is no unsanitized user input to web/views/image.php...

CVE-2025-65791

ZoneMinder v1.36.34 is vulnerable to Command Injection in web/views/image.php. The application passes unsanitized user input directly to the exec function. NOTE: this is disputed by the Supplier because there is no unsanitized user input to web/views/image.php...

PT-2026-2381

Name of the Vulnerable Software and Affected Versions e107 CMS version 3.2.1 Description e107 CMS version 3.2.1 is affected by multiple cross-site scripting XSS issues. A reflected XSS exists in the news comment functionality, triggered when authenticated users interact with the comment form. An...

EUVD-2025-26647

Malicious code in bioql PyPI...

CVE-2025-11103 Projectworlds Online Tours and Travels change-image.php unrestricted upload

A security vulnerability has been detected in Projectworlds Online Tours and Travels 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/change-image.php. The manipulation of the argument packageimage leads to unrestricted upload. The attack may be initiated remotel...

CVE-2025-9932

The CVE-2025-9932 entry affects PHPGurukul Beauty Parlour Management System version 1.1. The vulnerability concerns an issue in the file /admin/update-image.php where manipulation of the lid parameter enables SQL injection. The attack is stated as remote with a published exploit. Connected source...

PHPGurukul Boat Booking System 代码问题漏洞

PHPGurukul Boat Booking System is a boat booking system from PHPGurukul. A code issue vulnerability exists in version 1.0 of the PHPGurukul Boat Booking System, which stems from an unrestricted file upload vulnerability contained in the image parameter of the change-image.php page of the Update...

CVE-2024-32256

Phpgurukul Tourism Management System v2.0 is vulnerable to Unrestricted Upload of File with Dangerous Type via /tms/admin/change-image.php. When updating a current package, there are no checks for what types of files are uploaded from the image...

CVE-2024-3227

A vulnerability was found in Panwei eoffice OA up to 9.5. It has been declared as critical. This vulnerability affects unknown code of the file /general/system/interface/themeset/saveimage.php of the component Backend. The manipulation of the argument imagetype leads to path traversal:...

eoffice 安全漏洞

eOffice is an electronic office system from eOffice Inc. A security vulnerability exists in eoffice OA 9.5 and earlier versions, which originates from a path traversal vulnerability in the file /general/system/interface/themeset/saveimage.php...

PT-2023-10832 · Ckeditor +1 · Ckeditor +1

Name of the Vulnerable Software and Affected Versions: ระบบบัญชีออนไลน์ Online Accounting System versions up to 1.4.0 Description: A problematic issue affects the processing of the file ckeditor/filemanager/browser/default/image.php. The manipulation of the argument fid with the input...

CVE-2016-5766

Integer overflow in the gd2GetHeader function in gdgd2.c in the GD Graphics Library aka libgd before 2.2.3, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote attackers to cause a denial of service heap-based buffer overflow and application crash or possibly ha...

PT-2009-5272 · Pixaria · Pixaria Gallery

Name of the Vulnerable Software and Affected Versions: Pixaria Gallery versions 2.0.0 through 2.3.5 Description: The issue allows remote attackers to read arbitrary files via a base64-encoded file parameter in the pixaria.image.php file. Recommendations: For Pixaria Gallery versions 2.0.0 through...

PT-2005-4742 · Sapid · Sapid Cms

Name of the Vulnerable Software and Affected Versions: SAPID CMS versions prior to 1.2.3.03 Description: The issue allows remote attackers to bypass authentication by making direct requests to certain files, including insert file.php, insert image.php, insert link.php, insert qcfile.php, and...