7 matches found
9routers has Exposure of Sensitive Information and Unprotected Database Import/Export, Allowing Complete Credential Theft and Database Takeover
The /api/settings/database endpoint allows full database export containing all credentials, API keys, OAuth tokens, and settings and full database import complete overwrite without any authentication requirement beyond the ALWAYSPROTECTED middleware check, which only validates JWT or CLI token...
CVE-2025-35112
CVE-2025-35112 describes an XML External Entities path-traversal vulnerability in Agiloft Release 28, exploitable via any table that allows import/export. An authenticated attacker can import a template file and traverse local system files. The issue is caused by improper handling of XML entities...
PT-2025-34818 · Agiloft · Agiloft
Name of the Vulnerable Software and Affected Versions: Agiloft versions prior to 31 Description: Agiloft Release 28 contains an XML External Entities issue in any table that allows 'import/export'. An authenticated attacker can import a template file and perform path traversal on local system...
CVE-2025-3919 WordPress Comments Import & Export <= 2.4.3 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting
The WordPress Comments Import & Export plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the savesettings function in all versions up to, and including, 2.4.3. Additionally, the plugin fails to properly sanitize and escape FTP settings...
CVE-2025-25279 Arbitrary file read in Mattermost Boards via import & export board archive
Mattermost versions 10.4.x = 10.4.1, 9.11.x = 9.11.7, 10.3.x = 10.3.2, 10.2.x = 10.2.2 fail to properly validate board blocks when importing boards which allows an attacker could read any arbitrary file on the system via importing and exporting a specially crafted import archive in Boards...
IBM Db2 信息泄露漏洞
IBM Db2 is a relational database management system from International Business Machines IBM. The system executes on UNIX, Linux, IBMi, z/OS, and Windows server versions. IBM Db2 suffers from an information disclosure vulnerability that originates when ADMINCMD is used in conjunction with IMPORT o...
Portal Apache Jetspeed 2.3.0 and earlier versions: a remote code execution vulnerability analysis-vulnerability warning-the black bar safety net
! As my personal“friendship detect open source software security”one of the projects I'm ready to play play the Apache Jetspeed 2, which v2. 3 0 one. Jetspeed this stuff, used those words, that is: “An open portal platform and enterprise information portal, completely based on open standards,...