CVE-2025-14938

The Listeo Core plugin for WordPress is vulnerable to unauthenticated arbitrary media upload in all versions up to, and including, 2.0.27 via the "listeocorehandledroppedmedia" function. This is due to missing authorization and capability checks on the AJAX endpoint handling file uploads. This...

EUVD-2016-2087

Malware in sbrugna...

CVE-2016-15017

A vulnerability has been found in fabarea mediaupload on TYPO3 and classified as critical. This vulnerability affects the function getUploadedFileList of the file Classes/Service/UploadFileService.php. The manipulation leads to pathname traversal. Upgrading to version 0.9.0 is able to address thi...

CVE-2016-15017 fabarea media_upload UploadFileService.php getUploadedFileList pathname traversal

A vulnerability has been found in fabarea mediaupload on TYPO3 and classified as critical. This vulnerability affects the function getUploadedFileList of the file Classes/Service/UploadFileService.php. The manipulation leads to pathname traversal. Upgrading to version 0.9.0 is able to address thi...

CVE-2016-15017

CVE-2016-15017 concerns the TYPO3 extension fabarea media_upload, specifically the function getUploadedFileList in Classes/Service/UploadFileService.php. The vulnerability enables pathname traversal due to input handling in that function, with a critical impact reported (C/H/I/A = high). A fixed ...

media_upload 路径遍历漏洞

mediaupload is a Fluid widget provided for mass uploading media on the front-end using HTML5 technology. A path traversal vulnerability exists in mediaupload. An attacker could use this vulnerability to access files and directories stored outside of the web root folder...

Unrestricted file upload

Gila CMS through 1.11.4 allows Unrestricted Upload of a File with a Dangerous Type via the moveAction function in core/controllers/fm.php. The attacker needs to use admin/mediaupload and fm/move...