3 matches found
CVE-2025-57633
A command injection vulnerability in FTP-Flask-python through 5173b68 allows unauthenticated remote attackers to execute arbitrary OS commands. The /ftp.html endpoint's "Upload File" action constructs a shell command from the ftpfile parameter and executes it using os.system without sanitization ...
BloofoxCms 跨站脚本漏洞
BloofoxCms is a Php-based text content management system from alexlang24 personal developer. bloofoxCMS suffers from a cross-site scripting vulnerability that stems from the lack of user-supplied data and output data validation filtering in the file and type parameters in index.php. An attacker...
PT-2019-14912 · Fusionpbx · Fusionpbx
Name of the Vulnerable Software and Affected Versions: FusionPBX versions prior to 4.5.8 Description: The issue concerns an unsanitized file variable in the filedelete.php file, which is reflected in HTML. This leads to a potential XSS issue. Recommendations: For FusionPBX versions prior to 4.5.8...