CVE-2026-4350 Perfmatters <= 2.5.9.1 - Authenticated (Subscriber+) Arbitrary File Deletion via 'delete' Parameter

The Perfmatters plugin for WordPress is vulnerable to arbitrary file deletion via path traversal in all versions up to, and including, 2.5.9.1. This is due to the PMCS::actionhandler method processing the $GET'delete' parameter without any sanitization, authorization check, or nonce verification...

CVE-2005-1917

kpopper 1.0 and earlier allows local users to create and overwrite arbitrary files via a symlink attack on the .popper-new temporary file...

CVE-2005-1576

The file download dialog in Mozilla Firefox 0.10.1 and 1.0 for Windows uses the Content-Type HTTP header to determine the file type, but saves the original file extension when "Save to Disk" is selected, which allows remote attackers to hide the real file types of downloaded files...

CVE-2018-18626

An issue was discovered in PHPYun V4.6. There is a vulnerability that can delete any file or directory via the "admin/index.php?m=database=del" sql parameter because delaction in admin/model/database.class.php mishandles this parameter...

CVE-2016-10775

cPanel before 60.0.25 allows arbitrary file-chown operations via reassignpostterminatecruft SEC-173...

CVE-2016-10829

cPanel before 55.9999.141 allows arbitrary file-read operations because of a multipart form processing error SEC-99...

CVE-2016-10785

cPanel before 60.0.25 allows attackers to discover file contents during file copy operations SEC-185...

CVE-2016-10794

cPanel before 59.9999.145 allows arbitrary file-read operations because of a multipart form processing error SEC-154...

CVE-2016-10798

cPanel before 58.0.4 allows a file-ownership change to nobody via rearrangeacct SEC-134...

CVE-2022-23700

A local unauthorized read access to files vulnerability was discovered in HPE OneView versions: Prior to 6.6. HPE has provided a software update to resolve this vulnerability in HPE OneView...

CVE-2017-18405

cPanel before 68.0.15 allows arbitrary file-read operations because of the backup .htaccess modification logic SEC-345...

CVE-2019-11624

doorGets 7.0 has an arbitrary file deletion vulnerability in /doorgets/app/requests/user/configurationRequest.php. A remote background administrator privilege user can exploit this vulnerability to delete arbitrary files...

CVE-2020-7478

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory exists in IGSS Versions 14 and prior using the service: IGSSupdate, which could allow a remote unauthenticated attacker to read arbitrary files from the IGSS server PC on an unrestricted or shared network when the IGSS Update...

CVE-2020-12443

BigBlueButton before 2.2.6 allows remote attackers to read arbitrary files because the presfilename lowercase value can be a .pdf filename while the presFilename mixed case value has a ../ sequence. This can be leveraged for privilege escalation via a directory traversal to...

CVE-2024-39036

SeaCMS v12.9 is vulnerable to Arbitrary File Read via adminsafe.php...

CVE-2023-25606

An improper limitation of a pathname to a restricted directory 'Path Traversal' vulnerability CWE-23 in FortiAnalyzer and FortiManager management interface 7.2.0 through 7.2.1, 7.0.0 through 7.0.5, 6.4 all versions may allow a remote and authenticated attacker to retrieve arbitrary files from the...

CVE-2021-41151

Backstage is an open platform for building developer portals. In affected versions A malicious actor could read sensitive files from the environment where Scaffolder Tasks are run. The attack is executed by crafting a custom Scaffolder template with a github:publish:pull-request action and a...

CVE-2024-39688

Bert-VITS2 is the VITS2 Backbone with multilingual bert. User input supplied to the datadir variable is concatenated with other folders and used to open a new file in the generateconfig function, which leads to a limited file write. The issue allows for writing /config/config.json file in arbitra...

CVE-2021-41152

OpenOlat is a web-based e-learning platform for teaching, learning, assessment and communication, an LMS, a learning management system. In affected versions by manipulating the HTTP request an attacker can modify the path of a requested file download in the folder component to point to anywhere o...

CVE-2022-33166

IBM Security Directory Suite VA 8.0.1 through 8.0.1.19 could allow a privileged user to upload malicious files of dangerous types that can be automatically processed within the product's environment. IBM X-Force ID: 228586...