Lucene search
K

7 matches found

RedhatCVE
RedhatCVE
added 2026/06/10 2:59 p.m.12 views

CVE-2026-47346

Backend users with file write permissions were able to upload form definition files with mixed-case extensions e.g., .FORM.YAML to bypass the Form Framework's upload restriction. Maliciously crafted form definition files can be used to execute arbitrary SQL statements, allowing attackers to...

7.6CVSS6AI score0.00253EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2018-12697

Malware in sbrugna...

7.5CVSS7.5AI score0.01388EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2018-13032

Malware in sbrugna...

7.5CVSS7.6AI score0.01208EPSS
Exploits1References2
CNVD
CNVD
added 2019/01/15 12:0 a.m.3 views

DedeCMS Arbitrary PHP Code Execution Vulnerability (CNVD-2019-04908)

Desdev DedeCMS Dream Weaving Content Management System is China's Zhuozhuo network Desdev Technology Co., Ltd. of a set of open-source set of content publishing, editing, management and retrieval is equal to one of the PHP Web site content management system CMS. A security vulnerability exists in...

8.8CVSS7.4AI score0.01929EPSS
Exploits0References1
OSV
OSV
added 2018/12/26 3:29 a.m.3 views

CVE-2018-20478

An issue was discovered in S-CMS 1.0. It allows reading certain files, such as PHP source code, via the admin/download.php DownName parameter with a mixed-case extension, as demonstrated by a DownName=download.Php value...

7.5CVSS5.8AI score0.01208EPSS
Exploits1References1
OSV
OSV
added 2018/12/13 8:29 a.m.3 views

CVE-2018-20127

An issue was discovered in zzzphp cms 1.5.8. delfile in /admin/save.php allows remote attackers to delete arbitrary files via a mixed-case extension and an extra '.' character, because for example "php" is blocked but path=F:/1.phP. succeeds...

7.5CVSS5.9AI score0.01388EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2015/07/01 12:0 a.m.28 views

FreeBSD : wesnoth -- disclosure of .pbl files with lowercase, uppercase, and mixed-case extension (2a8b7d21-1ecc-11e5-a4a5-002590263bf5)

Ignacio R. Morelle reports : As mentioned in the Wesnoth 1.12.4 and Wesnoth 1.13.1 release announcements, a security vulnerability targeting add-on authors was found bug 23504 which allowed a malicious user to obtain add-on server passphrases from the client's .pbl files and transmit them over th...

4.3CVSS5AI score0.01715EPSS
Exploits0References5
Rows per page
Query Builder