CVE-2024-46101

GDidees CMS = v3.9.1 has a file upload vulnerability...

CVE-2023-27179

GDidees CMS v3.9.1 and lower was discovered to contain an arbitrary file download vulenrability via the filename parameter at /admin/imgdownload.php...

CVE-2023-27179

GDidees CMS v3.9.1 and earlier exposes an arbitrary file download via the filename parameter on /_admin/imgdownload.php. Affected component is the imgdownload logic; the vulnerability occurs from unsanitized filename input and lack of proper admin session checks, enabling potential retrieval of a...

CVE-2019-12215

A full path disclosure vulnerability was discovered in Matomo v3.9.1 where a user can trigger a particular error to discover the full path of Matomo on the disk, because lastError.file is used in plugins/CorePluginsAdmin/templates/safemode.twig. NOTE: the vendor disputes the significance of this...

CVE-2018-15716

NUUO NVRMini2 version 3.9.1 is vulnerable to authenticated remote command injection. An attacker can send crafted requests to upgradehandle.php to execute OS commands as root...

CVE-2018-15716

NUUO NVRMini2 version 3.9.1 is vulnerable to an authenticated command injection via upgrade_handle.php, allowing OS command execution as root. Exploitation details and PoCs are present in multiple sources (PacketStorm, Exploit-DB; authenticated flow shown). The advisory recommends upgrading to ve...