A vulnerability was found in douinc mkdocs-mcp-plugin up to 0.4.1. This affects the function read_document/list_documents of the file server.py. Performing a manipulation of the argument docs_dir/file
An attacker with authenticated and privileged access could modify the contents of a non-sensitive file by traversing the path in the limited shell of the CLI. This security issue has been fixed in the
The Code Explorer plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.4.6 via the 'file' parameter. This makes it possible for authenticated attackers, with Ad
Absolute path traversal vulnerability in Quick.CMS, version 6.7, the exploitation of which could allow remote users to bypass the intended restrictions and download any file if it has the appropriate
An arbitrary file upload vulnerability in the component /jquery-file-upload/server/php/index.php of Hospital Management System v4.0 allows an unauthenticated attacker to upload any file to the server
A path traversal vulnerability exists in A10 Networks AX Loadbalancer versions 2.6.1-GR1-P5, 2.7.0, and earlier. The vulnerability resides in the handling of the filename parameter in the /xml/downloa
Coppermine Photo Gallery in versions 1.6.09 through 1.6.27 is vulnerable to path traversal. Unauthenticated remote attacker is able to exploit a vulnerable endpoint and construct payloads that allow t
XBMC version 11.0 contains a path traversal vulnerability in its embedded HTTP server. When accessed via HTTP Basic Authentication, the server fails to properly sanitize URI input, allowing authentica
A vulnerability was found in 云课网络科技有限公司 Yunke Online School System up to 3.0.6. It has been declared as problematic. This vulnerability affects the function downfile of the file application/admin/cont
Evil-WinRM through 3.9, fixed in commit 6ecd570, contains a path traversal vulnerability in the download_dir() function that allows a rogue or compromised remote Windows server to write files outside
e107 CMS version 3.2.1 contains a critical file upload vulnerability that allows authenticated administrators to override arbitrary server files through path traversal. The vulnerability exists in the
OpenCTI 3.3.1 is vulnerable to a directory traversal attack via the static/css endpoint. An unauthenticated attacker can read arbitrary files from the filesystem by sending crafted GET requests with p
Absolute path traversal (incorrect restriction of a path to a restricted directory) vulnerability in the EasyPHP web server, affecting version 14.1. This vulnerability could allow remote users to bypa
Path Traversal in My Files prior to SMR Sep-2024 Release 1 allows physical attackers to access directories with My Files' privilege.
Directory traversal vulnerability in Omnispace Agora Project before 25.10 allowing unauthenticated attackers to read files on the system via the misc controller and the ExternalGetFile action. Only fi
A security vulnerability has been identified that allows remote attackers to perform unauthorized file system access through a path traversal issue. The vulnerability may lead to remote code execution
Webile 1.0.1 contains a directory traversal vulnerability that allows remote attackers to manipulate file system paths without authentication. Attackers can exploit path manipulation to access sensiti
phpMyFAQ before 4.1.2 contains a path traversal vulnerability in Client::deleteClientFolder that allows admins with INSTANCE_DELETE permission to delete arbitrary directories. Attackers can submit tra
Administrative Management System from Wellchoose has a Path Traversal vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to download arbitrary files on the server.
YouPHPTube <= 7.8 contains a local file inclusion vulnerability that allows unauthenticated attackers to access arbitrary files by manipulating the 'lang' parameter in GET requests. Attackers can expl
← Previous Page 5