CVE-2022-0377

Users of the LearnPress WordPress plugin before 4.1.5 can upload an image as a profile avatar after the registration. After this process the user crops and saves the image. Then a "POST" request that contains user supplied name of the image is sent to the server for renaming and cropping of the...

CVE-2022-0377

Users of the LearnPress WordPress plugin before 4.1.5 can upload an image as a profile avatar after the registration. After this process the user crops and saves the image. Then a "POST" request that contains user supplied name of the image is sent to the server for renaming and cropping of the...

CVE-2022-0377

Users of the LearnPress WordPress plugin before 4.1.5 can upload an image as a profile avatar after the registration. After this process the user crops and saves the image. Then a "POST" request that contains user supplied name of the image is sent to the server for renaming and cropping of the...

CVE-2022-0377 LearnPress < 4.1.5 - Arbitrary Image Renaming

Users of the LearnPress WordPress plugin before 4.1.5 can upload an image as a profile avatar after the registration. After this process the user crops and saves the image. Then a "POST" request that contains user supplied name of the image is sent to the server for renaming and cropping of the...

CVE-2022-0377

Affected software: WordPress LearnPress plugin prior to version 4.1.5. Vulnerability: An arbitrary image rename during profile avatar handling. After uploading and cropping, a POST contains the user-supplied image name; the server renames the file using an MD5 value, allowing an attacker to renam...

Wordpress Plugin Learnpress 加密问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. An encryption issue vulnerability...

WordPress Learnpress 4.1.4.1 Arbitrary Image Renaming

Exploit Title: WordPress Plugin Learnpress 4.1.4.1 - Arbitrary Image Renaming Date: 08-01-2022 Exploit Author: Ceylan Bozogullarindan Author Webpage: https://bozogullarindan.com Vendor Homepage: https://thimpress.com/ Software Link: https://thimpress.com/learnpress-plugin/ Version: 4.1.4.1 Tested...

WordPress Learnpress 4.1.4.1 Plugin - Arbitrary Image Renaming Vulnerability

Exploit Title: WordPress Plugin Learnpress 4.1.4.1 - Arbitrary Image Renaming Exploit Author: Ceylan Bozogullarindan Author Webpage: https://bozogullarindan.com Vendor Homepage: https://thimpress.com/ Software Link: https://thimpress.com/learnpress-plugin/ Version: 4.1.4.1 Tested on: Linux CVE:...

WordPress Plugin Learnpress 4.1.4.1 - Arbitrary Image Renaming

Exploit Title: WordPress Plugin Learnpress 4.1.4.1 - Arbitrary Image Renaming Date: 08-01-2022 Exploit Author: Ceylan Bozogullarindan Author Webpage: https://bozogullarindan.com Vendor Homepage: https://thimpress.com/ Software Link: https://thimpress.com/learnpress-plugin/ Version: 4.1.4.1 Tested...

LearnPress < 4.1.5 - Arbitrary Image Renaming

Users of the plugin can upload an image as a profile avatar after the registration. After this process the user crops and saves the image. Then a "POST" request that contains user supplied name of the image is sent to the server for renaming and cropping of the image. As a result of this request,...

WordPress LearnPress plugin <= 4.1.4.1 - Arbitrary Image Renaming vulnerability

Arbitrary Image Renaming vulnerability discovered by Ceylan Bozogullarindan in WordPress LearnPress plugin versions = 4.1.4.1. Solution Update the WordPress LearnPress plugin to the latest available version at least 4.1.5...

LearnPress < 4.1.5 - Arbitrary Image Renaming

Users of the plugin can upload an image as a profile avatar after the registration. After this process the user crops and saves the image. Then a "POST" request that contains user supplied name of the image is sent to the server for renaming and cropping of the image. As a result of this request,...

Chadha PHPKB path traversal vulnerability (CNVD-2020-18319)

Chadha Software Technologies PHPKB Standard Multi-Language is a web-based, multi-language knowledge base management system from Chadha Software Technologies, India. A path traversal vulnerability exists in admin/imagepaster/image-renaming.php in Chadha PHPKB Standard Multi-Language 9. An attacker...

Path traversal

Path Traversal in admin/imagepaster/image-renaming.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to rename any file on the webserver using a dot-dot-slash sequence ../ via the POST parameter imgName for the new name and imgUrl for the current file to be renamed...

File Renaming Vulnerability in HAIRUICMS v2.1.4 /FileManage/fsorename.asp File

HAIRUICMS HAIRUICMS is developed by HAIRUICMS based on Microsoft ASP and general ACCESS/MSSQL database. A file renaming vulnerability exists in the HAIRUICMS v2.1.4 /FileManage/fsorename.asp file. The vulnerability is caused by not filtering the file name suffix, resulting in the image can be...

Mandriva Update for gwenview MDKA-2007:087 (gwenview)

Check for the Version of gwenview OpenVAS Vulnerability Test Mandriva Update for gwenview MDKA-2007:087 gwenview Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...