CVE-2024-8581 Path Traversal in parisneo/lollms-webui

A vulnerability in the uploadapp function of parisneo/lollms-webui V12 Strawberry allows an attacker to delete any file or directory on the system. The function does not implement user input filtering with the filename value, causing a Path Traversal error...

CVE-2024-8581 Path Traversal in parisneo/lollms-webui

A vulnerability in the uploadapp function of parisneo/lollms-webui V12 Strawberry allows an attacker to delete any file or directory on the system. The function does not implement user input filtering with the filename value, causing a Path Traversal error...

WordPress File Away plugin <= 3.9.9.0.1 - Missing Authorization to Unauthenticated File Upload via upload Function vulnerability

Missing Authorization to Unauthenticated File Upload via upload Function vulnerability discovered by Sélim Lanouar whattheslime in WordPress Plugin File Away versions = 3.9.9.0.1...

CVE-2025-2196

A vulnerability was found in MRCMS 3.1.2. It has been declared as problematic. Affected by this vulnerability is the function upload of the file /admin/file/upload.do of the component org.marker.mushroom.controller.FileController. The manipulation of the argument path leads to cross site scriptin...

CVE-2025-2196 MRCMS org.marker.mushroom.controller.FileController upload.do upload cross site scripting

A vulnerability was found in MRCMS 3.1.2. It has been declared as problematic. Affected by this vulnerability is the function upload of the file /admin/file/upload.do of the component org.marker.mushroom.controller.FileController. The manipulation of the argument path leads to cross site scriptin...

PT-2025-10757 · Mrcms · Mrcms

Name of the Vulnerable Software and Affected Versions: MRCMS version 3.1.2 Description: A vulnerability was found in the function upload of the file "/admin/file/upload.do" of the component org.marker.mushroom.controller.FileController. The manipulation of the argument path leads to cross-site...

Keysight Ixia Vision 路径遍历漏洞

Keysight Ixia Vision is a series of network packet proxies from Keysight, Inc. A path traversal vulnerability exists in Keysight Ixia Vision version 6.3.1, which stems from the fact that path traversal in combination with the upload function could lead to remote code execution...

CVE-2024-46226

A stored cross site scripting XSS vulnerability in HelpDeskZ v2.0.2 allows remote attackers to execute arbitrary JavaScript in the administration panel by including a malicious payload into the file name and upload file function when creating a new ticket...

CVE-2022-25037

An issue in wanEditor v4.7.11 and fixed in v.4.7.12 and v.5 was discovered to contain a cross-site scripting XSS vulnerability via the image upload function...

CVE-2022-25038

wanEditor v4.7.11 was discovered to contain a cross-site scripting XSS vulnerability via the video upload function...

CVE-2025-1113 taisan tarzan-cms Add Theme admin#themes upload deserialization

A vulnerability was found in taisan tarzan-cms up to 1.0.0. It has been rated as critical. This issue affects the function upload of the file /adminthemes of the component Add Theme Handler. The manipulation leads to deserialization. The attack may be initiated remotely. The exploit has been...

PT-2025-6008 · Unknown · Taisan Tarzan-Cms

Name of the Vulnerable Software and Affected Versions: taisan tarzan-cms versions up to 1.0.0 Description: This issue affects the function upload of the file "/adminthemes" of the component Add Theme Handler. The manipulation leads to deserialization. The attack may be initiated remotely...

CVE-2024-40513

An issue in themesebrand Chatvia v.5.3.2 allows a remote attacker to execute arbitrary code via the User profile Upload image function...

CVE-2024-54687

Vtiger CRM v.6.1 and before is vulnerable to Cross Site Scripting XSS via the Documents module and function uploadAndSaveFile in CRMEntity.php...

SpringBoot-Blog 代码问题漏洞

SpringBoot-Blog is a Java blog system for wand individual developers. A code issue vulnerability exists in SpringBoot-Blog version 1.0, which stems from the upload function in file src/main/java/com/my/blog/website/controller/admin/AttachtController.java that can lead to unrestricted uploads...

PT-2024-17611 · Unknown · Invoiceplane

Name of the Vulnerable Software and Affected Versions: InvoicePlane versions up to 1.6.1 Description: A critical vulnerability affects the upload file function of the file "/index.php/upload/upload file/1/1". The manipulation of the file argument leads to unrestricted upload. The attack can be...

CVE-2024-52958 iota C.ai Conversational Platform - Improper Verification of Cryptographic Signature

A improper verification of cryptographic signature vulnerability in plugin management in iota C.ai Conversational Platform from 1.0.0 through 2.1.3 allows remote authenticated users to load a malicious DLL via upload plugin function...

InstantCMS Cross-Site Scripting Vulnerability

InstantCMS is a free and open source CMS. A cross-site scripting vulnerability exists in InstantCMS before version 2.16.3, which stems from the lack of effective filtering and escaping of user-supplied data in the photo upload function of the album page, and can be exploited by an attacker to...

PT-2024-33023 · Icecms · Icecms

Name of the Vulnerable Software and Affected Versions: icecms versions 3.4.7 and earlier Description: The issue is related to a File Upload vulnerability. It affects the uploadFile function in FileUtils.java. Recommendations: For versions 3.4.7 and earlier, update to a version later than 3.4.7 to...

PT-2024-7552 · Unknown · Gaizhenbiao/Chuanhuchatgpt

Name of the Vulnerable Software and Affected Versions: gaizhenbiao/chuanhuchatgpt affected versions not specified Description: A path traversal vulnerability exists due to unsanitized input handling in multiple features, including user upload, directory creation, and template loading. Specificall...