EUVD-2025-201452

The warehouse management system version 1.2 contains an arbitrary file read vulnerability. The endpoint /file/showImageByPath does not sanitize user-controlled path parameters. An attacker could exploit directory traversal to read arbitrary files on the server's file system. This could lead to th...

CVE-2025-65878

The warehouse management system version 1.2 contains an arbitrary file read vulnerability. The endpoint /file/showImageByPath does not sanitize user-controlled path parameters. An attacker could exploit directory traversal to read arbitrary files on the server's file system. This could lead to th...

CVE-2025-65878

The warehouse management system version 1.2 contains an arbitrary file read vulnerability. The endpoint /file/showImageByPath does not sanitize user-controlled path parameters. An attacker could exploit directory traversal to read arbitrary files on the server's file system. This could lead to th...

ABCD2 安全漏洞

ABCD2 is an ABCD open source software suite for library and documentation center automation. A security vulnerability exists in ABCD2 2.2.0-beta-1 and earlier versions, which originates in an unknown section of the file /common/showimage.php, where manipulation of the parameter image results in...

TYPO3 跨站脚本漏洞

TYPO3 is a free and open source content management system framework CMS/CMF from the Swiss TYPO3 Association. A cross-site scripting vulnerability exists in TYPO3 CMS, which stems from an inability to correctly encode user control values in file entities, making ShowImageController susceptible to...

PT-2024-25814 · Typo3 · Typo3

Name of the Vulnerable Software and Affected Versions: TYPO3 versions 9.0.0 through 9.5.47 ELTS TYPO3 versions 10.0.0 through 10.4.44 ELTS TYPO3 versions 11.0.0 through 11.5.36 LTS TYPO3 versions 12.0.0 through 12.4.14 LTS TYPO3 versions 13.0.0 through 13.0.0 Description: The issue arises from...

CVE-2023-52187

CVE-2023-52187 affects the WordPress plugin Image Source Control Lite – Show Image Credits and Captions . Public records indicate vulnerability is an Exposure of Sensitive Information to an Unauthorized Actor affecting versions from unknown through 2.17.0 . The data sources also indicate this vul...

CVE-2023-52187 WordPress Image Source Control Plugin <= 2.17.0 is vulnerable to Sensitive Data Exposure

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Thomas Maier Image Source Control Lite – Show Image Credits and Captions.This issue affects Image Source Control Lite – Show Image Credits and Captions: from n/a through 2.17.0...

WordPress Slider Revolution Plugin Directory Traversal Vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports personal blog sites set up on servers with PHP and MySQL.Slider Revolution revslider is one of the slideshow plugin. A directory traversal vulnerability exists in...

WordPress Theme Marble Arbitrary File Download Vulnerability

Exploit for php platform in category web applications Exploit Title : WordPress Theme Marble Arbitrary File Download Vulnerability Exploit Author : NULLPointer Date : 17/09/2014 Vendor Homepage : http://themeforest.net/item/marble-flat-responsive-creative-wordpress-theme/5896650 Version: 1.1.2...

WordPress Plugin Wordfence Security - Multiple Vulnerabilities

source: https://www.securityfocus.com/bid/69815/info The Wordfence Security Plugin for WordPress is prone to following vulnerabilities: 1. Multiple HTML-Injection vulnerabilities 2. Multiple Security Bypass vulnerabilities Successful exploits of these issues allow the attacker-supplied HTML and...

Mulitple WordPress Themes (admin-ajax.php, img param) - Arbitrary File Download

No description provided by source. WordPress CuckooTap Theme & eShop Arbitrary File Download Risk: High CWE number: CWE-200 Author: Hugo Santiago Contact: [email protected] Date: 31/08/2014 Vendor Homepage: http://themeforest.net/item/cuckootap-one-page-parallax-wp-theme-plus-eshop/3512405...

VulnCheck KEV: CVE-2014-9734

Directory traversal vulnerability in the Slider Revolution revslider plugin before 4.2 for WordPress allows remote attackers to read arbitrary files via a .. dot dot in the img parameter in a revslidershowimage action to wp-admin/admin-ajax.php...

VulnCheck KEV: CVE-2015-1579

Directory traversal vulnerability in the Elegant Themes Divi theme for WordPress allows remote attackers to read arbitrary files via a .. dot dot in the img parameter in a revslidershowimage action to wp-admin/admin-ajax.php. NOTE: this vulnerability may be a duplicate of CVE-2014-9734...

Mulitple WordPress Themes - admin-ajax.php?img Arbitrary File Download

Mulitple WordPress Themes - admin-ajax.php?img Arbitrary File Download WordPress CuckooTap Theme & eShop Arbitrary File Download Risk: High CWE number: CWE-200 Author: Hugo Santiago Contact: [email protected] Date: 31/08/2014 Vendor Homepage:...