Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal in validatefilepath in viewcomponentssystemtestcontroller.rb, which is accessible via the system test entrypoint. An attacker with access to this endpoint, which is mounted in Rails.env.test?, can read files in a...

CVE-2025-70758

chetans9 core-php-admin-panel through commit a94a780d6 contains an authentication bypass vulnerability in includes/authvalidate.php. The application sends an HTTP redirect via headerLocation:login.php when a user is not authenticated but fails to call exit afterward. This allows remote...

WordPress Product Import Export for WooCommerce plugin <= 2.5.0 - Authenticated (Administrator+) Server-Side Request Forgery via validate_file Function vulnerability

Authenticated Administrator+ Server-Side Request Forgery via validatefile Function vulnerability discovered by HayMiz in WordPress Plugin Product Import Export for WooCommerce versions = 2.5.0...

CVE-2025-1912 Product Import Export for WooCommerce <= 2.5.0 - Authenticated (Administrator+) Server-Side Request Forgery via validate_file Function

The Product Import Export for WooCommerce – Import Export Product CSV Suite plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.5.0 via the validatefile Function. This makes it possible for authenticated attackers, with Administrator-level...

WordPress plugin Product Import Export for WooCommerce 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code issue vulnerability exists in WordPress...

CVE-2024-13923

The Order Export & Order Import for WooCommerce plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.6.0 via the validatefile function. This makes it possible for authenticated attackers, with Administrator-level access and above, to make web...

CVE-2024-13923 Order Export & Order Import for WooCommerce <= 2.6.0 - Authenticated (Administrator+) Server-Side Request Forgery via validate_file Function

The Order Export & Order Import for WooCommerce plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.6.0 via the validatefile function. This makes it possible for authenticated attackers, with Administrator-level access and above, to make web...

CVE-2024-13923

CVE-2024-13923 : The Order Export & Order Import for WooCommerce WordPress plugin is vulnerable to Server-Side Request Forgery via the validate_file() function in all versions up to and including 2.6.0. Exploitation requires authenticated Administrator-level access or higher and allows web reques...

Eventum Cross-Site Scripting Vulnerability (CNVD-2019-39386)

Eventum is a defect tracking system. The system is used to track inbound technical support, organizational tasks, bugs, etc. A cross-site scripting vulnerability exists in the /htdocs/validate.php file in Eventum version 3.5.0. The vulnerability stems from a lack of proper validation of client-si...

UBUNTU-CVE-2011-3825

Zend Framework 1.11.3 in Zend Server CE 5.1.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by Validate.php and certain other files...