A path traversal vulnerability exists in the campaign import feature of Mautic 7. When extracting uploaded ZIP files during campaign imports, a flaw in the validation logic allows file paths to escape
This advisory addresses two critical security vulnerabilities present in Mautic versions before 5.2.3. These vulnerabilities could be exploited by authenticated users.
* Remote Code Execution (RCE
A path traversal vulnerability was discovered in the Import Arc data archive functionality due to insufficient validation of the input file. An authenticated user with limited privileges, by uploading
Discuz! X5.0 releases 20260320 through 20260610 contain a local file inclusion vulnerability that allows authenticated administrators to execute arbitrary code by importing a specially crafted plugin
The importFile SOAP method is vulnerable to a directory traversal attack. An unauthenticated remote attacker bypass the path restriction and upload files to arbitrary locations.
A vulnerability was found in code-projects Document Management System 1.0 and classified as critical. This issue affects the function unlink of the file /dell.php. The manipulation of the argument ID
Directory Traversal vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to run arbitrary code via crafted zip file when installing a new add-on.
A vulnerability was detected in projectsend up to r1945. This affects the function realpath of the file /import-orphans.php of the component Delete Handler. Performing a manipulation of the argument f
A stored Cross-Site Scripting (XSS) vulnerability exists in the Projects component of Mautic 7. When displaying project tags and popovers on administrative detail views (such as campaigns, emails, or
A directory traversal vulnerability exists in the Mavenir SCE Application Provisioning Portal, version PORTAL-LBS-R_1_0_24_0, which allows an administrative user to access system files with the file p
Xerte Online Toolkits versions 3.14 and earlier contain an unauthenticated arbitrary file upload vulnerability in the template import functionality that allows remote attackers to execute arbitrary co
A vulnerability was found in CMS Made Simple up to 2.2.22. This impacts the function _copyFilesToFolder in the library modules/UserGuide/lib/class.UserGuideImporterExporter.php of the component UserGu
A vulnerability was found in code-projects Online Lot Reservation System up to 1.0. This affects the function readfile of the file /download.php. The manipulation of the argument File results in path
Barracuda products, confirmed in Spam & Virus Firewall, SSL VPN, and Web Application Firewall versions prior to October 2010, contain a path traversal vulnerability in the view_help.cgi endpoint. The
A vulnerability, which was classified as critical, has been found in code-projects Document Management System 1.0. This issue affects some unknown processing of the file /insert.php. The manipulation
A vulnerability was found in 1000 Projects Campaign Management System Platform for Women 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /Code/logi
A path traversal vulnerability exists in the Altium Enterprise Server ComparisonService due to missing filename sanitization in the Gerber file upload APIs. A regular authenticated workspace user can
A stored Cross-Site Scripting (XSS) vulnerability exists in the project selector component of Mautic 7. When rendering selection menus for associating projects with system entities, the application fa
Craft is a content management system (CMS). A vulnerability in CraftCMS allows an attacker to bypass local file system validation by utilizing a double file:// scheme (e.g., file://file:////). This en
A vulnerability was determined in SourceCodester Student Result Management System 1.0. The impacted element is an unknown function of the file /admin/core/import_users.php of the component Bulk Import
Page 1+ Next →