CVE-2024-24161

MRCMS 3.0 contains an Arbitrary File Read vulnerability in /admin/file/edit.do as the incoming path parameter is not filtered...

CVE-2024-24161

MRCMS 3.0 contains an Arbitrary File Read vulnerability in /admin/file/edit.do as the incoming path parameter is not filtered...

CVE-2024-24161

MRCMS 3.0 contains an Arbitrary File Read vulnerability in /admin/file/edit.do as the incoming path parameter is not filtered...

MRCMS Security Vulnerabilities

MRCMS is a content management system from the individual developers at marker. A security vulnerability exists in MRCMS version 3.0 that stems from not filtering the incoming path parameter...

PT-2024-20305 · Mrcms · Mrcms

Name of the Vulnerable Software and Affected Versions: MRCMS version 3.0 Description: The issue is related to an Arbitrary File Read vulnerability. It affects the /admin/file/edit.do endpoint, where the incoming path parameter is not properly filtered. This allows for unauthorized access to files...

Cross site scripting

Cross Site Scripting vulnerability in the path parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL...

PT-2024-19641 · Eyoucms · Eyoucms

Name of the Vulnerable Software and Affected Versions: eyoucms version 1.6.5 Description: The issue allows a remote attacker to run arbitrary code via a crafted URL, exploiting a Cross Site Scripting vulnerability in the path parameter. Recommendations: For eyoucms version 1.6.5, consider...

DFIRKuiper Kuiper Path Traversal Vulnerability

DFIRKuiper Kuiper is a digital investigation platform from the individual developers of DFIRKuiper that provides investigative teams and individuals with the ability to parse, search, and visualize collected evidence. A path traversal vulnerability exists in DFIRKuiper Kuiper version 2.3.4, which...

PT-2023-32794 · Unknown · Kodexplorer

Name of the Vulnerable Software and Affected Versions: KodExplorer versions up to 4.51.03 Description: A critical vulnerability was found in the function index of the file plugins/officeLive/app.php. The manipulation of the argument path leads to server-side request forgery. The attack can be...

PT-2023-31617 · Hono · Hono

Name of the Vulnerable Software and Affected Versions: Hono versions prior to 3.11.7 Description: The issue allows clients to override named path parameter values from previous requests when the application is using TrieRouter. This poses a risk that a privileged user may use unintended parameter...

Hono Code Injection Vulnerability

Hono is a web framework written in TypeScript from the Hono community. A code injection vulnerability exists in versions prior to Hono 3.11.7 that stems from the risk that if an application uses TrieRouter, a client may overwrite the value of the named path parameter in a previous request, leadin...

CVE-2023-48928

Franklin Fueling Systems System Sentinel AnyWare SSA version 1.6.24.492 is vulnerable to Open Redirect. The 'path' parameter of the prefs.asp resource allows an attacker to redirect a victim user to an arbitrary web site using a crafted URL...

CVE-2023-48928

Franklin Fueling Systems System Sentinel AnyWare SSA version 1.6.24.492 is vulnerable to Open Redirect. The 'path' parameter of the prefs.asp resource allows an attacker to redirect a victim user to an arbitrary web site using a crafted URL...

CVE-2023-5974

The WPB Show Core WordPress plugin through 2.2 is vulnerable to server-side request forgery SSRF via the path parameter...

CVE-2023-4922

The WPB Show Core WordPress plugin through 2.2 is vulnerable to a local file inclusion via the path parameter...

Server side request forgery (ssrf)

The WPB Show Core WordPress plugin through 2.2 is vulnerable to server-side request forgery SSRF via the path parameter...

WordPress plugin WPB Show Core security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

PT-2023-31118 · WordPress · Wpb Show Core

Name of the Vulnerable Software and Affected Versions: WPB Show Core WordPress plugin versions through 2.2 Description: The issue concerns a local file inclusion vulnerability via the path parameter. This allows for potential unauthorized access to sensitive files on the system. Recommendations:...

PT-2023-32453 · WordPress · Wpb Show Core

Name of the Vulnerable Software and Affected Versions: WPB Show Core WordPress plugin versions through 2.2 Description: The issue concerns server-side request forgery SSRF via the path parameter. This allows for potentially malicious requests to be made to the server. Recommendations: For WPB Sho...

WordPress plugin WPB Show Core security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...