GHSA-X628-457G-2PW9 Admidio has IDOR in `documents-files.php` `mode=move_save` that lets any folder-uploader exfiltrate files from private folders

Summary modules/documents-files.php gates state-changing modes by checking that the actor has hasUploadRight on the URL parameter folderuuid. The movesave handler then operates on a separate URL parameter fileuuid and calls File::moveToFolder$destFolderUUID. File::moveToFolder checks the upload...

Admidio has IDOR in `documents-files.php` `mode=move_save` that lets any folder-uploader exfiltrate files from private folders

Summary modules/documents-files.php gates state-changing modes by checking that the actor has hasUploadRight on the URL parameter folderuuid. The movesave handler then operates on a separate URL parameter fileuuid and calls File::moveToFolder$destFolderUUID. File::moveToFolder checks the upload...

PT-2026-45041

Summary modules/documents-files.php gates state-changing modes by checking that the actor has hasUploadRight on the URL parameter folder uuid. The move save handler then operates on a separate URL parameter file uuid and calls File::moveToFolder$destFolderUUID. File::moveToFolder checks the uploa...

CVE-2023-29586

Code Sector TeraCopy 3.9.7 does not perform proper access validation on the source folder during a copy operation. This leads to Arbitrary File Read by allowing any user to copy any directory in the system to a directory they control. NOTE: the Supplier disputes this because only admin users can...

PT-2023-22325 · Codesector · Teracopy

Name of the Vulnerable Software and Affected Versions: Code Sector TeraCopy version 3.9.7 Description: The issue arises from improper access validation on the source folder during a copy operation, leading to Arbitrary File Read. This allows any user to copy any directory in the system to a...

Code Sector TeraCopy 安全漏洞

Code Sector TeraCopy is Code Sector's free file transfer program designed to replace the built-in Windows Explorer file transfer feature. A security vulnerability exists in Code Sector TeraCopy version 3.9.7, which originates from the fact that proper access validation is not performed on the...

Pragyan CMS 2.6.2 (sourceFolder) Remote File Inclusion Vulnerability

No description provided by source. In The Name Of GOD ------------------------------------------------------------- - Persian Boys Hacking Team -:- 2008 - - discovered by N3TR00T3R at Y! dot com - pragyan 2.6.2 Remote File Includion - download...