Total
16 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-4332 | 1 Posimyth | 1 The Plus Addons For Elementor | 2023-03-14 | N/A | 6.5 MEDIUM |
The Plus Addons for Elementor plugin for WordPress is vulnerable to arbitrary file reads in versions up to, and including 4.1.9 (pro) and 2.0.6 (free). The plugin has a feature to add an "Info Box" to an Elementor created page. This Info Box can include an SVG image for the box. Unfortunately, the plugin used file_get_contents with no verification that the file being supplied was an SVG file, so any user with access to the Elementor page builder, such as contributors, could read arbitrary files on the WordPress installation. | |||||
CVE-2023-1105 | 1 Flatpress | 1 Flatpress | 2023-03-09 | N/A | 8.1 HIGH |
External Control of File Name or Path in GitHub repository flatpressblog/flatpress prior to 1.3. | |||||
CVE-2023-1070 | 1 Teampass | 1 Teampass | 2023-03-07 | N/A | 7.1 HIGH |
External Control of File Name or Path in GitHub repository nilsteampassnet/teampass prior to 3.0.0.22. | |||||
CVE-2014-125059 | 1 Sternenblog Project | 1 Sternenblog | 2023-01-12 | N/A | 9.8 CRITICAL |
A vulnerability, which was classified as problematic, has been found in sternenseemann sternenblog. This issue affects the function blog_index of the file main.c. The manipulation of the argument post_path leads to file inclusion. The attack may be initiated remotely. Upgrading to version 0.1.0 is able to address this issue. The name of the patch is cf715d911d8ce17969a7926dea651e930c27e71a. It is recommended to upgrade the affected component. The identifier VDB-217613 was assigned to this vulnerability. NOTE: This case is rather theoretical and probably won't happen. Maybe only on obscure Web servers. | |||||
CVE-2021-3845 | 1 Ws Scrcpy Project | 1 Ws Scrcpy | 2022-09-29 | 5.0 MEDIUM | 7.5 HIGH |
ws-scrcpy is vulnerable to External Control of File Name or Path | |||||
CVE-2022-2400 | 1 Dompdf Project | 1 Dompdf | 2022-07-22 | N/A | 5.3 MEDIUM |
External Control of File Name or Path in GitHub repository dompdf/dompdf prior to 2.0.0. | |||||
CVE-2020-5297 | 1 Octobercms | 1 October | 2022-06-30 | 4.0 MEDIUM | 2.7 LOW |
In OctoberCMS (october/october composer package) versions from 1.0.319 and before 1.0.466, an attacker can exploit this vulnerability to upload jpg, jpeg, bmp, png, webp, gif, ico, css, js, woff, woff2, svg, ttf, eot, json, md, less, sass, scss, xml files to any directory of an October CMS server. The vulnerability is only exploitable by an authenticated backend user with the `cms.manage_assets` permission. Issue has been patched in Build 466 (v1.0.466). | |||||
CVE-2020-5296 | 1 Octobercms | 1 October | 2022-06-30 | 4.0 MEDIUM | 4.9 MEDIUM |
In OctoberCMS (october/october composer package) versions from 1.0.319 and before 1.0.466, an attacker can exploit this vulnerability to delete arbitrary local files of an October CMS server. The vulnerability is only exploitable by an authenticated backend user with the `cms.manage_assets` permission. Issue has been patched in Build 466 (v1.0.466). | |||||
CVE-2022-0246 | 1 Webence | 1 Iq Block Country | 2022-04-15 | 4.0 MEDIUM | 4.9 MEDIUM |
The settings of the iQ Block Country WordPress plugin before 1.2.13 can be exported or imported using its backup functionality. An authorized user can import preconfigured settings of the plugin by uploading a zip file. After the uploading process, files in the uploaded zip file are extracted one by one. During the extraction process, existence of a file is checked. If the file exists, it is deleted without any security control by only considering the name of the extracted file. This behavior leads to "Zip Slip" vulnerability. | |||||
CVE-2022-0593 | 1 Idehweb | 1 Login With Phone Number | 2022-03-21 | 6.4 MEDIUM | 6.5 MEDIUM |
The Login with phone number WordPress plugin before 1.3.7 includes a file delete.php with no form of authentication or authorization checks placed in the plugin directory, allowing unauthenticated user to remotely delete the plugin files leading to a potential Denial of Service situation. | |||||
CVE-2021-24966 | 1 Bestwebsoft | 1 Error Log Viewer | 2022-03-19 | 4.0 MEDIUM | 4.9 MEDIUM |
The Error Log Viewer WordPress plugin through 1.1.1 does not validate the path of the log file to clear, allowing high privilege users to clear arbitrary files on the web server, including those outside of the blog folder | |||||
CVE-2021-21343 | 4 Debian, Fedoraproject, Oracle and 1 more | 12 Debian Linux, Fedora, Banking Enterprise Default Management and 9 more | 2022-02-16 | 5.0 MEDIUM | 7.5 HIGH |
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability where the processed stream at unmarshalling time contains type information to recreate the formerly written objects. XStream creates therefore new instances based on these type information. An attacker can manipulate the processed input stream and replace or inject objects, that result in the deletion of a file on the local host. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16. | |||||
CVE-2021-38477 | 1 Auvesy | 1 Versiondog | 2021-10-27 | 6.4 MEDIUM | 9.8 CRITICAL |
There are multiple API function codes that permit reading and writing data to or from files and directories, which could lead to the manipulation and/or the deletion of files. | |||||
CVE-2021-27250 | 1 D-link | 2 Dap-2020, Dap-2020 Firmware | 2021-04-22 | 3.3 LOW | 6.5 MEDIUM |
This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of D-Link DAP-2020 v1.01rc001 Wi-Fi access points. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of CGI scripts. When parsing the errorpage request parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-11856. | |||||
CVE-2020-15264 | 1 Chocolatey | 1 Boxstarter | 2020-10-30 | 7.2 HIGH | 7.8 HIGH |
The Boxstarter installer before version 2.13.0 configures C:\ProgramData\Boxstarter to be in the system-wide PATH environment variable. However, this directory is writable by normal, unprivileged users. To exploit the vulnerability, place a DLL in this directory that a privileged service is looking for. For example, WptsExtensions.dll When Windows starts, it'll execute the code in DllMain() with SYSTEM privileges. Any unprivileged user can execute code with SYSTEM privileges. The issue is fixed in version 3.13.0 | |||||
CVE-2019-3681 | 2 Opensuse, Suse | 5 Factory, Leap, Osc and 2 more | 2020-07-09 | 6.4 MEDIUM | 9.8 CRITICAL |
A External Control of File Name or Path vulnerability in osc of SUSE Linux Enterprise Module for Development Tools 15, SUSE Linux Enterprise Software Development Kit 12-SP5, SUSE Linux Enterprise Software Development Kit 12-SP4; openSUSE Leap 15.1, openSUSE Factory allowed remote attackers that can change downloaded packages to overwrite arbitrary files. This issue affects: SUSE Linux Enterprise Module for Development Tools 15 osc versions prior to 0.169.1-3.20.1. SUSE Linux Enterprise Software Development Kit 12-SP5 osc versions prior to 0.162.1-15.9.1. SUSE Linux Enterprise Software Development Kit 12-SP4 osc versions prior to 0.162.1-15.9.1. openSUSE Leap 15.1 osc versions prior to 0.169.1-lp151.2.15.1. openSUSE Factory osc versions prior to 0.169.0 . |