5 matches found
CVE-2024-3318
A file path traversal vulnerability was identified in the DelimitedFileConnector Cloud Connector that allowed an authenticated administrator to set arbitrary connector attributes, including the “file“ attribute, which in turn allowed the user to access files uploaded for other sources...
CVE-2024-10098
Summary of CVE-2024-10098 (ApplyOnline – WordPress) : The ApplyOnline WordPress plugin, prior to version 2.6.3, does not protect files uploaded during the application workflow. This allows unauthenticated users to access uploaded files and any private information they contain. Affected software: ...
PT-2022-15804 · Unknown · Tiny File Manager
Name of the Vulnerable Software and Affected Versions: Tiny File Manager version 2.4.8 Description: The issue allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application is vulnerable to CSRF, processes uploaded files...
SilverStripe Code Issues Vulnerabilities
SilverStripe is New Zealand SilverStripe company's set of open source programming framework and content management system CMS. The system has support for multiple languages , cross-platform and other features . SilverStripe 4.5 and previous versions of a security vulnerability . An attacker can...
Files uploaded by anonymous users into a private file system can be accessed by other anonymous users
More info at https://www.drupal.org/SA-CORE-2017-003...