Author Arbitrary File Download in Download Monitor <= 5.1.9 versions.
Subscriber Arbitrary File Download in Woocommerce Book Price <= 1.3 versions.
CP Client Arbitrary File Download in Client Portal (Pro) <= 5.6.2 versions.
Unauthenticated Arbitrary File Download in WP Media folder Addon <= 4.0.1 versions.
Subscriber Arbitrary File Upload in Ecommerce Zone <= 0.9.7 versions.
Unauthenticated Arbitrary File Deletion in BookPro <= 1.1.0 versions.
Contributor Arbitrary File Upload in Unlimited Elements for Elementor (Premium) <= 2.0.6 versions.
In query of DownloadManager.java, there is a possible read/write of arbitrary files due to a permissions bypass. This could lead to local information disclosure and file rewriting with no additional e
Unauthenticated Local File Inclusion in Aperitif <= 1.5 versions.
An arbitrary file download vulnerability in the component /Basics/DownloadInpFile of NUS-M9 ERP Management Software v3.0.0 allows attackers to download arbitrary files and access sensitive information
In CKSource CKFinder before 2.5.0.1 for ASP.NET, authenticated users could download any file from the server if the correct path to a file was provided.
There is an arbitrary file download vulnerability in GuoMinJim PersonManage thru commit 5a02b1ab208feacf3a34fc123c9381162afbaa95 (2020-11-23) in the document query function under the Download Center m
An arbitrary file download vulnerability in the component /Doc/DownloadFile of NUS-M9 ERP Management Software v3.0.0 allows attackers to download arbitrary files and access sensitive information via a
Subscriber Arbitrary File Deletion in WP User Manager <= 2.9.16 versions.
PerfreeBlog v4.0.11 has an arbitrary file read vulnerability in the validThemeFilePath function
Subscriber Arbitrary File Upload in Grip <= 1.0.9 versions.
CISA Thorium does not adequately validate the paths of downloaded files via 'download_ephemeral' and 'download_children'. A remote, authenticated attacker could access arbitrary files subject to file
Contributor Arbitrary File Deletion in Link Library <= 7.8.8 versions.
Subscriber Arbitrary File Upload in Kids Gift Shop <= 0.5.4 versions.
An arbitrary file upload vulnerability in Huly Platform v0.6.295 allows attackers to execute arbitrary code via uploading a crafted HTML file into the tracker comments page.
Page 1+ Next →