CVE-2024-8941

CVE-2024-8941 affects Scriptcase v9.4.019. A path traversal flaw exists in /scriptcase/devel/compat/nm_edit_php_edit.php via the subpage parameter (and the POST field_file) that can allow unauthenticated remote users to bypass SecurityManager and list/read a parent directory. Impact stated in sou...

CVE-2024-8940

CVE-2024-8940 affects Scriptcase v9.4.019. The issue is an arbitrary file upload via POST to /scriptcase/devel/lib/third/jquery_plugin/jQuery-File-Upload/server/php/ caused by improper input verification. Impact is high (potential for full-server compromise) as indicated by CVSS scores (base 9.8–...

CVE-2024-8940 Unrestricted Upload of File with Dangerous Type vulnerability on Scriptcase

Vulnerability in the Scriptcase application version 9.4.019, which involves the arbitrary upload of a file via /scriptcase/devel/lib/third/jqueryplugin/jQuery-File-Upload/server/php/ via a POST request. An attacker could upload malicious files to the server due to the application not properly...

CVE-2024-8940 Unrestricted Upload of File with Dangerous Type vulnerability on Scriptcase

Vulnerability in the Scriptcase application version 9.4.019, which involves the arbitrary upload of a file via /scriptcase/devel/lib/third/jqueryplugin/jQuery-File-Upload/server/php/ via a POST request. An attacker could upload malicious files to the server due to the application not properly...

PT-2024-39326 · Unknown · Scriptcase

Name of the Vulnerable Software and Affected Versions: Scriptcase version 9.4.019 Description: A path traversal issue exists in Scriptcase, allowing unauthenticated remote users to bypass intended restrictions and list or read a parent directory. This is achieved via the "subpage" parameter in th...

PT-2024-39325 · Unknown · Scriptcase

Name of the Vulnerable Software and Affected Versions: Scriptcase version 9.4.019 Description: The issue involves the arbitrary upload of a file via "/scriptcase/devel/lib/third/jquery plugin/jQuery-File-Upload/server/php/" via a POST request. An attacker could upload malicious files to the serve...

CVE-2022-32199

dbconvert.php in ScriptCase through 9.9.008 is vulnerable to Arbitrary File Deletion by an admin via a directory traversal sequence in the file parameter...

CVE-2022-32199

dbconvert.php in ScriptCase through 9.9.008 is vulnerable to Arbitrary File Deletion by an admin via a directory traversal sequence in the file parameter...

Directory traversal

dbconvert.php in ScriptCase through 9.9.008 is vulnerable to Arbitrary File Deletion by an admin via a directory traversal sequence in the file parameter...

PT-2023-13059 · Unknown · Scriptcase

Name of the Vulnerable Software and Affected Versions: ScriptCase versions 9.9.008 and earlier Description: The issue allows for Arbitrary File Deletion by an admin via a directory traversal sequence in the file parameter. This can be exploited through the db convert.php file. Recommendations: Fo...

CVE-2022-32199

dbconvert.php in ScriptCase through 9.9.008 is vulnerable to Arbitrary File Deletion by an admin via a directory traversal sequence in the file parameter...

ScriptCase 路径遍历漏洞

NETMAKE SOLUÇÕES EM INFORMÁTICA LTDA ScriptCase is a professional and efficient PHP rapid code generation and development tool from NETMAKE SOLUÇÕES EM INFORMÁTICA LTDA. A security vulnerability exists in ScriptCase version 9.9.008 and earlier versions, which stems from a directory traversal...

CVE-2022-32199

CVE-2022-32199 affects ScriptCase versions up to 9.9.008, where a directory traversal in the file parameter of db_convert.php enables an admin to perform arbitrary file deletions. Root cause is unvalidated directory traversal allowing deletion of arbitrary files; impact per sources is limited to ...

CVE-2022-32199

dbconvert.php in ScriptCase through 9.9.008 is vulnerable to Arbitrary File Deletion by an admin via a directory traversal sequence in the file parameter...

Exploit for Path Traversal in Scriptcase

CVE-2022-32199 ScriptCase python CVE-2022-32...

Scriptcase 9.7 Shell Upload

Exploit Title: Scriptcasr 9.7 arbitrary file upload getshell Date: 2022-04-08 Exploit Author: luckyt0mat0 Vendor Homepage: https://www.scriptcase.net/ Software Link: https://www.scriptcase.net/download/ Version: 9.7 Tested on: Windows Server 2019 Proof of Concept: POST...

ScriptCase 8.1.053 - Multiple Vulnerabilities

Exploit for php platform in category web applications + Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/SCRIPTCASE-PHP-WEB-TOOL-MULTIPLE-VULNERABILITIES.txt + ISR: ApparitionSec Vendor: ================== www.scriptcase.net Product:...

ScriptCase 8.1.053 - Multiple Vulnerabilities

Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/SCRIPTCASE-PHP-WEB-TOOL-MULTIPLE-VULNERABILITIES.txt + ISR: ApparitionSec Vendor: ================== www.scriptcase.net Product: =================== ScriptCase v8.1.053, v8.1.051, v8.1.43.0...

ScriptCase 8.1.053 - Multiple Vulnerabilities

ScriptCase 8.1.053 - Multiple Vulnerabilities + Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/SCRIPTCASE-PHP-WEB-TOOL-MULTIPLE-VULNERABILITIES.txt + ISR: ApparitionSec Vendor: ================== www.scriptcase.net Product:...

ScriptCase CSRF / XSS / SQL Injection

Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/SCRIPTCASE-PHP-WEB-TOOL-MULTIPLE-VULNERABILITIES.txt + ISR: ApparitionSec Vendor: ================== www.scriptcase.net Product: =================== ScriptCase v8.1.053, v8.1.051, v8.1.43.0...