2 matches found
CVE-2018-10523
CMS Made Simple CMSMS through 2.2.7 contains a physical path leakage Vulnerability via /modules/DesignManager/action.ajaxgettemplates.php, /modules/DesignManager/action.ajaxgetstylesheets.php, /modules/FileManager/dunzip.php, or /modules/FileManager/untgz.php...
CVE-2019-11626
CVE-2019-11626 affects doorGets 7.0, where routers/ajaxRouter.php exposes a web site physical path via an ajax/index.php?uri=1234\ request. The published sources (NVD, Red Hat, CNVD, CVE lists) describe an information-disclosure vulnerability in doorGets 7.0’s AJAX router, enabling path leakage. ...