PT-2026-45041

Summary modules/documents-files.php gates state-changing modes by checking that the actor has hasUploadRight on the URL parameter folder uuid. The move save handler then operates on a separate URL parameter file uuid and calls File::moveToFolder$destFolderUUID. File::moveToFolder checks the uploa...

CVE-2026-4347

The MW WP Form plugin for WordPress is vulnerable to arbitrary file moving due to insufficient file path validation via the 'generateuserfilepath' function and the 'movetempfiletouploaddir' function in all versions up to, and including, 5.1.0. This makes it possible for unauthenticated attackers ...

CVE-2018-10521

In CMS Made Simple CMSMS through 2.2.7, the "file move" operation in the admin dashboard contains an arbitrary file movement vulnerability that can cause DoS, exploitable by an admin user, because config.php can be moved into an incorrect directory...

aether

Aether - Adaptive Exploit & Threat Hunting Engine for EVM-base...

CVE-2023-37910

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting with the introduction of attachment move support in version 14.0-rc-1 and prior to versions 14.4.8, 14.10.4, and 15.0-rc-1, an attacker with edit access on any document can be the use...

PT-2023-24851 · Move · Move

Name of the Vulnerable Software and Affected Versions: MOVE versions 4.10.x and earlier Description: An unquoted Windows search path vulnerability existed in the Windows install service, allowing an unauthorized local user to insert arbitrary code into the unquoted service path to obtain privileg...

BP Group Documents 1.2.1 XSS / CSRF / File Move

Details below. We intended to publish these earlier, but they slipped through the net. The most recent version is 1.5, and all these were reported fixed in 1.2.2. First one: https://security.dxw.com/advisories/stored-xss-vulnerability-in-bp-group-documents-1-2-1/ Details ================ Software...