EUVD-2026-10220

A vulnerability has been found in OpenCart 4.0.2.3. Affected by this issue is the function Save of the file admin/controller/design/template.php of the component Incomplete Fix CVE-2024-36694. Such manipulation leads to improper neutralization of special elements used in a template engine. The...

JeeWMS 路径遍历漏洞

JeeWMS is a JAVA-based warehouse management system from China Huayi JeeWMS. JeeWMS 20250504 and previous versions of path traversal vulnerability, the vulnerability stems from the file /cgformTemplateController.do?doAdd function doAdd there is a path traversal...

CVE-2024-48235

An issue in ofcms 1.1.2 allows a remote attacker to execute arbitrary code via the save method of the TemplateController.java file...

CVE-2025-4260

A vulnerability was found in zhangyanbo2007 youkefu up to 4.2.0 and classified as problematic. Affected by this issue is the function impsave of the file m\web\handler\admin\system\TemplateController.java. The manipulation of the argument dataFile leads to deserialization. The attack may be...

youkefu 代码问题漏洞

youkefu is a customer service support application by the individual developer zhangyanbo2007. A code issue vulnerability exists in youkefu version 4.2.0 and earlier, which stems from improper handling of the parameter dataFile in the file mwebhandleradminsystemTemplateController.java, which could...

CVE-2024-12350

A vulnerability was found in JFinalCMS 1.0. It has been rated as critical. Affected by this issue is the function update of the file \src\main\java\com\cms\controller\admin\TemplateController.java of the component Template Handler. The manipulation of the argument content leads to command...

CVE-2024-12350

The CVE-2024-12350 entry concerns JFinalCMS 1.0, specifically the Template Handler’s update function in TemplateController.java. The vulnerability stems from manipulation of the content argument, enabling a command injection that can be triggered remotely, with exploits disclosed publicly. Remedi...

JFinalCMS 安全漏洞

JFinalCMS is a content management system by heyewei individual developer. A security vulnerability exists in JFinalCMS version 1.0, which originates from a command injection vulnerability in the content parameter of the srcmainjavacomcmscontrolleradminTemplateController.java file of the Template...

JeeWMS Security Vulnerabilities

JeeWMS is JeeWMS open source a JAVA-based warehouse management system . JeeWMS v.3.7 and earlier versions of a security vulnerability , the vulnerability stems from allowing remote attackers to obtain sensitive information through the cgformTemplateController component...

ZrLog 路径遍历漏洞

ZrLog is a blogging system developed using the Java language. A directory traversal vulnerability exists in ZrLog version 2.1.15, which stems from a lack of validity checking of paths in the admin.api.TemplateController deletion function when processing directory requests, and can be exploited by...

PT-2023-22228 · Jizhicms · Jizhicms

Name of the Vulnerable Software and Affected Versions: JIZHICMS version 2.4.5 Description: A critical issue has been found, affecting the index function of the TemplateController.php file. The manipulation of the webapi argument leads to server-side request forgery, allowing for remote attacks...

PT-2023-16811 · Fastcms · Fastcms

Name of the Vulnerable Software and Affected Versions: fastcms affected versions not specified Description: A problematic vulnerability has been found in fastcms, affecting an unknown part of the file admin/TemplateController.java of the component ZIP File Handler. The manipulation leads to path...

CVE-2022-31390

Jizhicms v2.2.5 was discovered to contain a Server-Side Request Forgery SSRF vulnerability via the Update function in app/admin/c/TemplateController.php...

JIZHICMS 代码问题漏洞

Extreme Networks Technology JIZHICMS Extreme CMS is an open source content management system CMS from China's Extreme Networks Technology Company. A security vulnerability exists in JIZHICMS version v2.2.5, which originated from a server-side request forgery SSRF vulnerability discovered through...

CVE-2021-27272

This vulnerability allows remote attackers to delete arbitrary files on affected installations of NETGEAR ProSAFE Network Management System 1.6.0.26. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists...

CVE-2019-9611

An issue was discovered in OFCMS before 1.1.3. It allows admin/cms/template/getTemplates.html?respath=res directory traversal, with ../ in the dir parameter, to write arbitrary content in the filecontent parameter into an arbitrary file specified by the filename parameter. This is related to the...