5 matches found
CVE-2025-12182
The Qi Blocks plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the resizeimagecallback function in all versions up to, and including, 1.4.3. This is due to the plugin not properly verifying that a user has permission to resize a specific attachment...
Acquia DAM - Moderately critical - Cross Site Request Forgery, Denial of Service - SA-CONTRIB-2024-025
Acquia DAM provides a connection to a third-party asset management system, allowing for images to be managed, linked to, and viewed from Drupal. In order for assets to be managed in Drupal, a site administrator must first authenticate the site to their DAM instance. The module doesn't sufficientl...
BloofoxCMS Directory Traversal Vulnerability
bloofoxCMS is a free open source PHP + MySQL based Web content management system . A directory traversal vulnerability exists in bloofoxCMS 0.5.2.1. An attacker can exploit this vulnerability by using the admin/index.php?mode=tools&page=upload URI to upload any .php file to . /media/images/...
Directory traversal
bloofoxCMS 0.5.2.1 allows admins to upload arbitrary .php files with "Content-Type: application/octet-stream" to ../media/images/ via the admin/index.php?mode=tools&page=upload URI, aka directory traversal...
BloofoxCms 路径遍历漏洞
bloofoxCMS is a free open source PHP + MySQL based Web content management system . A directory traversal vulnerability exists in bloofoxCMS 0.5.2.1. An attacker can exploit this vulnerability by using the admin/index.php?mode=tools&page=upload URI to upload any .php file to . /media/images/...