25 matches found
CVE-2026-3892
The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 1.4.107. This is due to insufficient file path validation in the become-dealer logo upload flow. The plugin allows any authenticated user to...
EUVD-2026-23935
The wpForo Forum plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to and including 3.0.5. This is due to two compounding flaws: the Members::update method does not validate or restrict the value of file-type custom profile fields, allowing authenticated users to store ...
PT-2026-32096
The wpForo Forum plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to and including 3.0.2. This is due to a two-step logic flaw: the topic add and topic edit action handlers accept arbitrary user-supplied data arrays from $ REQUEST and store them as postmeta without...
Directory Traversal
Overview phpmyfaq/phpmyfaq is a FAQ system for PHP and MySQL, PostgreSQL and other databases Affected versions of this package are vulnerable to Directory Traversal via the index function in MediaBrowserController when the fileRemove action is triggered and user input is concatenated with the...
Directory Traversal
Overview thorsten/phpmyfaq is a FAQ system for PHP and MySQL, PostgreSQL and other databases Affected versions of this package are vulnerable to Directory Traversal via the index function in MediaBrowserController when the fileRemove action is triggered and user input is concatenated with the...
webTareas 安全漏洞
webTareas is a web-based open-source collaboration tool developed by luiswang as an individual developer. This product supports features such as project management, error tracking, content management, and meeting management. Version 2.0.p8 of webTareas contains a security vulnerability. This...
CVE-2025-15035
Improper Input Validation vulnerability in TP-Link Archer AXE75 v1.6 vpn modules allows an authenticated adjacent attacker to delete arbitrary server file, leading to possible loss of critical system files and service interruption or degraded functionality.This issue affects Archer AXE75 v1.6: ≤...
PT-2026-1765
Name of the Vulnerable Software and Affected Versions TP-Link Archer AXE75 versions through build 20250107 Description An improper input validation issue exists in the vpn modules of TP-Link Archer AXE75. An authenticated attacker in a nearby location can delete arbitrary server files, potentiall...
PT-2025-49258
Name of the Vulnerable Software and Affected Versions Warehouse Management System version 1.2 Description The software contains an authenticated arbitrary file deletion issue. The /goods/deleteGoods API endpoint accepts a user-controlled goodsimg parameter. This parameter is directly concatenated...
EUVD-2025-28791
Malicious code in bioql PyPI...
CVE-2025-8141 Redirection for Contact Form 7 <= 3.2.4 - Unauthenticated Arbitrary File Deletion
The Redirection for Contact Form 7 plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the deleteassociatedfiles function in all versions up to, and including, 3.2.4. This makes it possible for unauthenticated attackers to delete arbitrary fil...
CVE-2024-6851
In version 3.22.0 of aimhubio/aim, the LocalFileManager.cleanup function in the aim tracking server accepts a user-specified glob-pattern for deleting files. The function does not verify that the matched files are within the directory managed by LocalFileManager, allowing a maliciously crafted...
PYSEC-2024-73
A vulnerability in the JSON file handling of gaizhenbiao/chuanhuchatgpt version 20240410 allows any user to delete any JSON file on the server, including critical configuration files such as config.json and dsconfigchatbot.json. This issue arises due to improper validation of file paths, enabling...
PT-2023-27001 · Unknown · Prestashop
Name of the Vulnerable Software and Affected Versions: PrestaShop versions prior to 8.1.1 Description: The issue allows deletion of files from the server via the CustomerMessage API. There are no known workarounds for this problem. Recommendations: For versions prior to 8.1.1, update to version...
CVE-2022-4101
The Images Optimize and Upload CF7 WordPress plugin through 2.1.4 does not validate the file to be deleted via an AJAX action available to unauthenticated users, which could allow them to delete arbitrary files on the server via path traversal attack...
Arbitrary File Deletion Vulnerability in Station Helpers CMS
Station Helpers CMS is a CMS open source system dedicated to creating a full-featured ... Station Helpers CMS has an arbitrary file deletion vulnerability , an attacker can exploit the vulnerability by path traversal to delete any file on the server...
Subrion CMS Cross-Site Request Forgery Vulnerability (CNVD-2020-32357)
Subrion CMS is a PHP-based content management system CMS from the Subrion team. The system can be integrated into a website and supports a variety of extensions plugins and more. A cross-site request forgery vulnerability exists in Subrion CMS version 4.2.1, which can be exploited by a remote...
Arbitrary File Deletion Vulnerability in Fiyocms System
Fiyocms is a free and open source cms system for rapid development of personal and corporate websites and blogging systems. Fiyocms system has an arbitrary file deletion vulnerability that can be exploited by an attacker to delete any file under the server...
PHPSHE mall system 1.7 background exists arbitrary file deletion vulnerability
PHPSHE Mall System V1.7 is an online mall building system based on PHP5.2+/MySQL 5.0+. PHPSHE Mall System 1.7 background there are arbitrary file deletion vulnerability, the vulnerability stems from the absence of directory checks, attackers can use the vulnerability to delete any file server...
Arbitrary File Deletion Vulnerability in Frontend of Medical Virtual Simulation Teaching Experiment Platform
Medical virtual simulation teaching experiment platform system is a virtual reality system with computer virtual reality and digital simulation technology as the core, biosimulation engine, processing factor database, virtual environment interface and other technologies as the support. Medical...