CVE-2025-1791 Zorlan SkyCaiji Tool.php fileAction unrestricted upload

A vulnerability has been found in Zorlan SkyCaiji 2.9 and classified as critical. This vulnerability affects the function fileAction of the file vendor/skycaiji/app/admin/controller/Tool.php. The manipulation of the argument savedata leads to unrestricted upload. The attack can be initiated...

CVE-2025-1791 Zorlan SkyCaiji Tool.php fileAction unrestricted upload

A vulnerability has been found in Zorlan SkyCaiji 2.9 and classified as critical. This vulnerability affects the function fileAction of the file vendor/skycaiji/app/admin/controller/Tool.php. The manipulation of the argument savedata leads to unrestricted upload. The attack can be initiated...

PT-2025-9182 · Unknown · Zorlan Skycaiji

Name of the Vulnerable Software and Affected Versions: Zorlan SkyCaiji version 2.9 Description: A critical vulnerability was found in Zorlan SkyCaiji, affecting the previewAction function of the file vendor/skycaiji/app/admin/controller/Tool.php. The manipulation of the data argument leads to...

CVE-2017-16514

Multiple persistent stored Cross-Site-Scripting XSS vulnerabilities in the files /wb/admin/admintools/tool.php Droplet Description and /install/index.php Site Title in WebsiteBaker 2.10.0 allow attackers to insert persistent JavaScript code that gets reflected back to users in multiple areas in t...

Cross site scripting

WBCE v1.1.11 is vulnerable to reflected XSS via the "begriff" POST parameter in /admin/admintools/tool.php?tool=usersearch...