19 matches found
Exploit for CVE-2026-37071
CVE-2026-37071 Arbitrary File Rename Leading to Privilege Esca...
Incorrect Authorization
Overview admidio/admidio is a free open source user management system for websites of organizations and groups. Affected versions of this package are vulnerable to Incorrect Authorization through insufficient authorization checks in the renameFile process. An attacker can modify file names and...
Admidio: IDOR in documents-files.php allows cross-folder file rename and description changes by unauthorized uploaders
Summary modules/documents-files.php mode filerenamesave shares the same root-cause shape as the cross-folder move bug 05-documents-cross-folder-move-idor.md: the top-level rights check at lines 79-89 validates hasUploadRight on the URL parameter folderuuid, but the rename operation acts on fileuu...
PT-2026-45040
Summary modules/documents-files.php mode file rename save shares the same root-cause shape as the cross-folder move bug 05-documents-cross-folder-move-idor.md: the top-level rights check at lines 79-89 validates hasUploadRight on the URL parameter folder uuid, but the rename operation acts on fil...
PT-2026-41769
Summary The Fileeditor module enforces an extension allowlist 'css','js','html','txt','json','sql','md' on content-write operations saveFile, createFile, but two destructive endpoints — deleteFileOrFolder and renameFile — never validate the extension of the source path. A backend user with...
CVE-2026-8272
CVE-2026-8272 affects D-Link DNS-320 firmware 2.06B01 and targets the webfile_mgr.cgi component. The vulnerability arises from manipulation of file operations (delete/rename/copy/move/chmod/chown), enabling OS command injection via remote input. Publicly released exploit details exist, and exploi...
PT-2026-33774
Vvveb prior to 1.0.8.1 contains a stored cross-site scripting vulnerability that allows authenticated users with media upload and rename permissions to execute arbitrary JavaScript by bypassing MIME type validation and renaming uploaded files to executable extensions. Attackers can prepend a GIF8...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001203)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001203 advisory. A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause a use-after-free in ext4xattrsetentry function and a denial of service or unspecified...
EUVD-2025-201594
A vulnerability was determined in SGAI Space1 NAS N1211DS up to 1.0.915. Impacted is the function RENAMEFILE/OPERATEFILE/NGNIXUPLOAD of the file /cgi-bin/JSONAPI of the component gsaiagent. This manipulation causes command injection. The attack may be initiated remotely. The exploit has been...
CVE-2025-14184
A vulnerability was determined in SGAI Space1 NAS N1211DS up to 1.0.915. Impacted is the function RENAMEFILE/OPERATEFILE/NGNIXUPLOAD of the file /cgi-bin/JSONAPI of the component gsaiagent. This manipulation causes command injection. The attack may be initiated remotely. The exploit has been...
CVE-2025-14184
CVE-2025-14184 affects SGAI Space1 NAS N1211DS (firmware up to 1.0.915). The gsaiagent component exposes a vulnerability in the /cgi-bin/JSONAPI handling of RENAME_FILE/OPERATE_FILE/NGNIX_UPLOAD that enables command injection. The issue can be triggered remotely; public disclosure of the exploit ...
PT-2023-32849 · Unknown · Codelyfe Stupid Simple Cms
Name of the Vulnerable Software and Affected Versions: codelyfe Stupid Simple CMS versions up to 1.2.4 Description: A critical issue has been found in the software, affecting some unknown functionality of the file /file-manager/rename.php. The manipulation of the newName argument leads to path...
CuteEditor for PHP 6.6 - Directory Traversal Vulnerability
Exploit Title: CuteEditor for PHP 6.6 - Directory Traversal Exploit Author: Stefan Hesselman Vendor Homepage: http://phphtmledit.com/ Software Link: http://phphtmledit.com/download/phphtmledit.zip Version: 6.6 Tested on: Windows Server 2019 CVE : N/A There is a path traversal vulnerability in the...
Path traversal
Path Traversal in admin/imagepaster/image-renaming.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to rename any file on the webserver using a dot-dot-slash sequence ../ via the POST parameter imgName for the new name and imgUrl for the current file to be renamed...
CVE-2019-11230
In Avast Antivirus before 19.4, a local administrator can trick the product into renaming arbitrary files by replacing the Logs\Update.log file with a symlink. The next time the product attempts to write to the log file, the target of the symlink is renamed. This defect can be exploited to rename...
CVE-2019-7174
Roxy Fileman 1.4.5 allows attackers to execute renamefile.php aka Rename File, createdir.php aka Create Directory, fileslist.php aka Echo File List, and movefile.php aka Move File operations...
gausCMS - Multiple Vulnerabilities
No description provided by source. ''' | / |/ \ /\ | | | | \ | \ / | | | | / \ | | | | | | | |/| | | | |/ /\ | | | | | | | | || / \ || | | | || ||// \/|/ http://www.exploit-db.com/moaub-21-gauscms-multiple-vulnerabilities/ ''' Abysssec Inc Public Advisory Title : gausCMS Multiple...
execution of javascript from filename
Steps to replicate: Add an attachment Rename the file to ".txt" Copy its remove link and open the link in a new browser window Result: The JavaScript code is executed, rather than showing the "proceed w/ deletion" screen. Everything works normally if you just click the delete button rather than...
gausCMS - Multiple Vulnerabilities
''' | / |/ \ /\ | | | | \ | \ / | | | | / \ | | | | | | | |/| | | | |/ /\ | | | | | | | | || / \ || | | | || ||// \/|/ http://www.exploit-db.com/moaub-21-gauscms-multiple-vulnerabilities/ ''' Abysssec Inc Public Advisory Title : gausCMS Multiple Vulnerabilities Affected Version : Gaus CMS...