CVE-2024-5018

In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Path Traversal vulnerability exists Wug.UI.Areas.Wug.Controllers.SessionController.LoadNMScript. This allows allows reading of any file from the applications web-root directory...

CVE-2024-5018

Progress WhatsUp Gold contains a Path Traversal vulnerability (CVE-2024-5018) in the LoadNMScript path, affecting versions released before 2023.1.3. The issue resides in Wug.UI.Areas.Wug.Controllers.SessionController.LoadNMScript and allows reading files from the application's web-root without au...

BIT-OPENCART-2024-21518

This affects versions of the package opencart/opencart from 4.0.0-0. A Zip Slip issue was identified via the marketplace installer due to improper sanitization of the target path, allowing files within a malicious archive to traverse the filesystem and be extracted to arbitrary locations. An...

PT-2024-34013 · Ipswitch · Whatsup Gold

Name of the Vulnerable Software and Affected Versions: WhatsUp Gold versions prior to 2023.1.3 Description: The issue allows for an unauthenticated Path Traversal, enabling the reading of any file from the application's web-root directory. This is due to a vulnerability in the...

CVE-2024-21518

This affects versions of the package opencart/opencart from 4.0.0.0. A Zip Slip issue was identified via the marketplace installer due to improper sanitization of the target path, allowing files within a malicious archive to traverse the filesystem and be extracted to arbitrary locations. An...

CVE-2024-21518

This affects versions of the package opencart/opencart from 4.0.0.0. A Zip Slip issue was identified via the marketplace installer due to improper sanitization of the target path, allowing files within a malicious archive to traverse the filesystem and be extracted to arbitrary locations. An...

CVE-2024-21519

This affects versions of the package opencart/opencart from 4.0.0.0. An Arbitrary File Creation issue was identified via the database restoration functionality. By injecting PHP code into the database, an attacker with admin privileges can create a backup file with an arbitrary filename including...

CVE-2024-21518

This affects versions of the package opencart/opencart from 4.0.0.0. A Zip Slip issue was identified via the marketplace installer due to improper sanitization of the target path, allowing files within a malicious archive to traverse the filesystem and be extracted to arbitrary locations. An...

CVE-2024-21518

This affects versions of the package opencart/opencart from 4.0.0.0. A Zip Slip issue was identified via the marketplace installer due to improper sanitization of the target path, allowing files within a malicious archive to traverse the filesystem and be extracted to arbitrary locations. An...

CVE-2024-21518

CVE-2024-21518 affects opencart/opencart versions starting at 4.0.0.0 and is a Zip Slip vulnerability in the marketplace installer. The root cause is improper sanitization of the target path, enabling files contained in a malicious archive to traverse the filesystem and be extracted to arbitrary ...

OpenCart 安全漏洞

OpenCart is an open source online store management system for creating and managing e-commerce websites. It is known for its user-friendliness and flexibility for online stores of different sizes. OpenCart suffers from a file disclosure vulnerability due to an improperly cleaned destination path...

PT-2024-36213 · Campbell Scientific · Campbell Scientific Csi Web Server

Name of the Vulnerable Software and Affected Versions: Campbell Scientific CSI Web Server affected versions not specified Description: The issue allows anonymous, unauthenticated access to files and directories outside of the webserver root directory. This is achieved through a specially crafted...

General Electric Healthcare Ultrasound 路径遍历漏洞

GE General Electric Healthcare Ultrasound is a medical sonic detection device from General Electric GE. A path traversal vulnerability exists in General Electric Healthcare Ultrasound. An attacker could exploit this vulnerability to access files and directories stored outside of the web root fold...

General Electric Healthcare Ultrasound 路径遍历漏洞

GE General Electric Healthcare Ultrasound is a medical sonic detection device from General Electric GE. A path traversal vulnerability exists in General Electric Healthcare Ultrasound. An attacker could exploit this vulnerability to access files and directories stored outside of the web root fold...

CVE-2024-29196 phpMyFAQ Path Traversal in Attachments

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. There is a Path Traversal vulnerability in Attachments that allows attackers with admin rights to upload malicious files to other locations of the web root. This vulnerability is fixed in 3.2.6...

CVE-2024-29196 phpMyFAQ Path Traversal in Attachments

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. There is a Path Traversal vulnerability in Attachments that allows attackers with admin rights to upload malicious files to other locations of the web root. This vulnerability is fixed in 3.2.6...

CVE-2024-29196 phpMyFAQ Path Traversal in Attachments

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. There is a Path Traversal vulnerability in Attachments that allows attackers with admin rights to upload malicious files to other locations of the web root. This vulnerability is fixed in 3.2.6...

phpMyFAQ 安全漏洞

phpMyFAQ is a multilingual, fully database-driven Frequently Asked Questions FAQ system by the individual developer Thorsten Rinne. A security vulnerability exists in phpMyFAQ version 3.2.5, which stems from the presence of a path traversal vulnerability that allows an attacker with administrator...

GHSA-MMH6-5CPF-2C72 phpMyFAQ Path Traversal in Attachments

Summary There is a Path Traversal vulnerability in Attachments that allows attackers with admin rights to upload malicious files to other locations of the web root. PoC 1. In settings, the attachment location is vulnerable to path traversal and can be set to e.g ..\hacked 2. When the above is set...

Unitronics Unistream Unilogic Path Traversal Vulnerability

Unitronics Unistream Unilogic is an integrated controller software platform from Unitronics Corporation for developing and programming the Unistream family of programmable logic controllers PLCs. A security vulnerability exists in Unitronics Unistream Unilogic versions prior to 1.35.227. An...