2 matches found
CVE-2026-48944
The K2 frontend article-save handler accepts an attachmentNexisting POST field that is concatenated with JPATHSITE/ and passed to JFile::copy. JPath::clean does NOT strip .., and there is no allow-list of source paths. An Author can therefore copy configuration.php or any other file readable by t...
PT-2024-17026 · 115Cms · 115Cms
Name of the Vulnerable Software and Affected Versions: 115cms versions up to 20240807 Description: A vulnerability was found in the processing of the file /app/admin/view/web user.html, where the manipulation of the argument ks leads to cross-site scripting. The attack may be initiated remotely...