CVE-2024-10161

A vulnerability, which was classified as critical, was found in PHPGurukul Boat Booking System 1.0. This affects an unknown part of the file change-image.php of the component Update Boat Image Page. The manipulation of the argument image leads to unrestricted upload. It is possible to initiate th...

CVE-2024-10161 PHPGurukul Boat Booking System Update Boat Image Page change-image.php unrestricted upload

A vulnerability, which was classified as critical, was found in PHPGurukul Boat Booking System 1.0. This affects an unknown part of the file change-image.php of the component Update Boat Image Page. The manipulation of the argument image leads to unrestricted upload. It is possible to initiate th...

CVE-2024-9816 Codezips Tourist Management System change-image.php unrestricted upload

A vulnerability was found in Codezips Tourist Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/change-image.php. The manipulation of the argument packageimage leads to unrestricted upload. The attack may be launched remotely...

CVE-2024-9816 Codezips Tourist Management System change-image.php unrestricted upload

A vulnerability was found in Codezips Tourist Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/change-image.php. The manipulation of the argument packageimage leads to unrestricted upload. The attack may be launched remotely...

PT-2024-24473

Name of the Vulnerable Software and Affected Versions Phpgurukul Tourism Management System version 2.0 Description The issue allows for Unrestricted Upload of File with Dangerous Type via the "/tms/admin/change-image.php" API endpoint. When updating a current package, there are no checks for what...

CVE-2018-25094 ระบบบัญชีออนไลน์ Online Accounting System image.php path traversal

A vulnerability was found in ระบบบัญชีออนไลน์ Online Accounting System up to 1.4.0 and classified as problematic. This issue affects some unknown processing of the file ckeditor/filemanager/browser/default/image.php. The manipulation of the argument fid with the input ../../../etc/passwd leads to...

Adult Video Script 8.2 File Inclusion

==================================================================================================================================== | Title : Adult Video Script 8.2 RFI /LFI Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 69.032-bit | |...

Joomla! com_fabrik 3.9.11 - Directory Traversal

Joomla! comfabrik 3.9.11 - Directory Traversal Exploit Title: Joomla! comfabrik 3.9.11 - Directory Traversal Google Dork: inurl:"index.php?option=comfabrik" Date: 2020-03-30 Exploit Author: qw3rTyTy Vendor Homepage: https://fabrikar.com/ Software Link: https://fabrikar.com/downloads Version: 3.9...

CVE-2013-2631

TinyWebGallery TWG 1.8.9 and earlier contains a full path disclosure vulnerability which allows remote attackers to obtain sensitive information through the parameters "twgbrowserx" and "twgbrowsery" in the page image.php...

Path traversal

TinyWebGallery TWG 1.8.9 and earlier contains a full path disclosure vulnerability which allows remote attackers to obtain sensitive information through the parameters "twgbrowserx" and "twgbrowsery" in the page image.php...

CVE-2013-2631

TinyWebGallery TWG 1.8.9 and earlier contains a full path disclosure vulnerability which allows remote attackers to obtain sensitive information through the parameters "twgbrowserx" and "twgbrowsery" in the page image.php...

CVE-2013-2631

The CVE-2013-2631 issue affects TinyWebGallery (TWG) versions

irenevinkenburg.nl XSS vulnerability

Open Bug Bounty ID: OBB-683534 Description| Value ---|--- Affected Website:| irenevinkenburg.nl Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Directory traversal

The Wechat Broadcast plugin 1.2.0 and earlier for WordPress allows Directory Traversal via the Image.php url parameter...

CVE-2018-16283

The Wechat Broadcast plugin 1.2.0 and earlier for WordPress allows Directory Traversal via the Image.php url parameter...

CVE-2018-16283

The Wechat Broadcast plugin 1.2.0 and earlier for WordPress allows Directory Traversal via the Image.php url parameter...

CVE-2018-16283

CVE-2018-16283 affects the WordPress plugin Wechat Broadcast (versions ≤ 1.2.0). The NVD/Nuclei/Exploits describe a Local/Directory Traversal vulnerability in the plugin’s Image.php that reads the GET parameter url without proper sanitization, enabling an attacker to include local or remote files...

WordPress Wechat Broadcast 1.2.0 Plugin - Local File Inclusion Vulnerability

Exploit for php platform in category web applications Exploit Title: WordPress Plugin Wechat Broadcast 1.2.0 - Local File Inclusion Author: Manuel Garcia Cardenas Software link: https://es.wordpress.org/plugins/wechat-broadcast/ CVE: N/A Description This bug was found in the file:...

WordPress Plugin Wechat Broadcast 1.2.0 - Local File Inclusion

Exploit Title: WordPress Plugin Wechat Broadcast 1.2.0 - Local File Inclusion Author: Manuel Garcia Cardenas Date: 2018-09-19 Software link: https://es.wordpress.org/plugins/wechat-broadcast/ CVE: CVE-2018-16283 Description This bug was found in the file: /wechat-broadcast/wechat/Image.php echo...

WordPress Wechat Broadcast 1.2.0 Local File Inclusion

Exploit Title: WordPress Plugin Wechat Broadcast 1.2.0 - Local File Inclusion Author: Manuel Garcia Cardenas Date: 2018-09-19 Software link: https://es.wordpress.org/plugins/wechat-broadcast/ CVE: N/A Description This bug was found in the file: /wechat-broadcast/wechat/Image.php echo...