CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

5 matches found

Metasploit•added 2026/05/15 7:1 p.m.•95 views

HUSTOJ Admin users can zip-slip problem_import_qduoj.php, planting PHP files in webroot for RCE

A user with administrative privileges can abuse the problemimportqduoj.php CGI script using a crafted zip file zip-slip to traverse backwards through the filesystem, then to the webroot, where they can extract a PHP file that spawns a shell to get full RCE in the context of the webserver. Module...

9.8CVSS5.8AI score0.58917EPSS

Exploits4

Snyk•added 2026/02/26 6:18 a.m.•5 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the fullPath function in the builtinbackupengine.go file. An attacker can write files to arbitrary locations on the file system by manipulating backup manifest files if they have read/write access to the backup...

9.3CVSS7.7AI score0.00075EPSS

Exploits0References2