Multisuns EasyLog web+ has a path traversal vulnerability within its parameter in a specific URL. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and download arbitrary system files.
Artica Proxy before 4.30.000000 Community Edition allows Directory Traversal via the fw.progrss.details.php popup parameter.
Blinko is an AI-powered card note-taking project. Prior to version 1.8.4, the file server endpoint does not perform permission checks on the temp/ path and does not filter path traversal sequences, allowing unauthorized attackers to read arbitrary files on the server. When scheduled backup tasks are enabled, attackers can read backup files to obtain all user notes and user TOKENS. This issue has been patched in version 1.8.4.
Directory Traversal vulnerability in fuwushe.org iFair versions 23.8_ad0 and before allows an attacker to obtain sensitive information via a crafted script.
Peppermint Ticket Management before 0.2.4 allows remote attackers to read arbitrary files via a /api/v1/users/file/download?filepath=./../ POST request.
This vulnerability allows remote attackers to disclose sensitive information on affected installations of LG LED Assistant. Authentication is not required to exploit this vulnerability. The specific flaw exists within the /api/thumbnail endpoint. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose information in the context of the current user.
Yamcs 5.8.6 is vulnerable to directory traversal (issue 1 of 2). The vulnerability is in the storage functionality of the API and allows one to escape the base directory of the buckets, freely navigate system directories, and read arbitrary files.
An attacker can read any file on the filesystem on the server hosting ModelDB through an LFI in the artifact_path URL parameter.
The GI-Media Library plugin for WordPress is vulnerable to Directory Traversal in versions before 3.0 via the 'fileid' parameter. This allows unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information.
The Log module in SECUDOS DOMOS before 5.6 allows local file inclusion.
The Simple Backup plugin for WordPress is vulnerable to Arbitrary File Download in versions up to, and including, 2.7.10. via the download_backup_file function. This is due to a lack of capability checks and file type validation. This makes it possible for attackers to download sensitive files such as the wp-config.php file from the affected site.
Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Directory Traversal via the Attachment/DownloadTempFile function.
Yearning versions 2.3.1 and 2.3.2 Interstellar GA and 2.3.4 - 2.3.6 Neptune is vulnerable to Directory Traversal.
EisBaer Scada - CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain an arbitrary file read via the function sub_177E0.
Soundminer ā CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Directory Traversal via the WSCView/Save function.
mee-admin 1.5 is vulnerable to Directory Traversal. The download method in the CommonFileController.java file does not verify the incoming data, resulting in arbitrary file reading.
A Directory Traversal vulnerability discovered in Chalet application in Extreme Networks Switch Engine (EXOS) before 32.5.1.5, before 22.7, and before 31.7.2 allows attackers to read arbitrary files.
Directory traversal vulnerability in the ReportDownloadServlet servlet in Lexmark MarkVision Enterprise before 2.1 allows remote attackers to read arbitrary files via unspecified vectors.
IBM License Metric Tool 9.2 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 266893.
Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Directory Traversal via Email/SaveAttachment function.
In Eclipse GlassFish versions 5.1.0 to 6.2.5, there is a vulnerability in relative path traversal because it does not filter request path starting with './'. Successful exploitation could allow an remote unauthenticated attacker to access critical data, such as configuration files and deployed application source code.
OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 7.3.0 are vulnerable to Directory Traversal in the Load Code feature. Version 7.3.0 contains a patch for the issue.
Arbitrary File Read vulnerability in WPvivid Team Migration, Backup, Staging ā WPvivid (WordPress plugin) versions <= 0.9.70
SolarView Compact < 6.00 is vulnerable to Directory Traversal.
upset-gal-web v7.1.0 /api/music/v1/cover.ts contains an arbitrary file read vulnerabilit
A directory traversal vulnerability in the Markdown engine of Gotenberg through 6.2.1 allows an attacker to read any container files.
Frauscher Sensortechnik GmbH FDS101 for FAdC/FAdCi v1.4.24 and all previous versions are vulnerable to a path traversal vulnerability of the web interface by a crafted URL without authentication. This enables an remote attacker to read all files on the filesystem of the FDS101 device.
Directory traversal vulnerability exists in A.K.I Software's PMailServer/PMailServer2 products' CGIs included in Internal Simple Webserver. If this vulnerability is exploited, a remote attacker may access arbitrary files outside DocumentRoot.
An issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the expandIfZip method in the extract function.
NCSIST ManageEngine Mobile Device Manager(MDM) APP's special function has a path traversal vulnerability. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and read arbitrary system files.
Directory Traversal vulnerability in WebLaudos 24.2 (04) allows a remote attacker to obtain sensitive information via the id parameter.
A vulnerability, which was classified as problematic, has been found in Chengdu Flash Flood Disaster Monitoring and Warning System 2.0. This issue affects some unknown processing of the file \Service\FileHandler.ashx. The manipulation of the argument FileDirectory leads to absolute path traversal. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-236207.
Woocommerce CSV Importer 3.3.6 contains a path traversal vulnerability that allows any registered user to delete arbitrary files by submitting unescaped filenames through the delete_export_file AJAX action. Attackers can craft POST requests with directory traversal sequences in the filename parameter to delete sensitive files like wp-config.php outside the intended export directory.
Google Drive for WordPress 2.2 contains a path traversal vulnerability that allows unauthenticated attackers to read arbitrary files by injecting directory traversal sequences in the file_name parameter. Attackers can send POST requests to gdrive-ajaxs.php with the ajaxstype parameter set to del_fl_bkp and file_name containing traversal sequences ../../wp-config.php to access sensitive configuration files.
PHPGurukul Pre-School Enrollment System is vulnerable to Directory Traversal in manage-teachers.php.
A vulnerability, which was classified as problematic, was found in ChestnutCMS up to 1.5.3. Affected is the function readFile of the file /dev-api/cms/file/read. The manipulation of the argument filePath leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
PerfreeBlog v4.0.11 has a directory traversal vulnerability in the getThemeFilesByName function.
aEnrich a+HRD has inadequate filtering for special characters in URLs. An unauthenticated remote attacker can bypass authentication and perform path traversal attacks to access arbitrary files under website root directory.
An issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the zippluginPath parameter.
Stakater Forecastle 1.0.139 and before allows %5C../ directory traversal in the website component.
A vulnerability in Apache Linkis. Problem Description When using the JDBC engine and da When using the JDBC engine and data source functionality, if the URL parameter configured on the frontend has undergone multiple rounds of URL encoding, it may bypass the system's checks. This bypass can trigger a vulnerability that allows unauthorized access to system files via JDBC parameters. Scope of Impact This issue affects Apache Linkis: from 1.3.0 through 1.7.0. Severity level moderate Solution Continuously check if the connection information contains the "%" character; if it does, perform URL decoding. Users are recommended to upgrade to version 1.8.0, which fixes the issue. More questions about this vulnerability can be discussed here:Ā https://lists.apache.org/list?dev@linkis.apache.org:2025-9:cve
An issue was discovered in OpenClinic GA 5.247.01. An attacker can perform a directory path traversal via the Page parameter in a GET request to popup.jsp.
Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are vulnerable to arbitrary file read in train.py's `export_index` function. This issue may lead to reading arbitrary files on the Applio server. It can also be used in conjunction with blind server-side request forgery to read files from servers on the internal network that the Applio server has access to. As of time of publication, no known patches are available.
Barco Control Room Management through Suite 2.9 Build 0275 was discovered to be vulnerable to directory traversal, allowing attackers to access sensitive information and components. Requests must begin with the "GET /..\.." substring.
An issue was discovered in zola 0.13.0 through 0.17.2. The custom implementation of a web server, available via the "zola serve" command, allows directory traversal. The handle_request function, used by the server to process HTTP requests, does not account for sequences of special path control characters (../) in the URL when serving a file, which allows one to escape the webroot of the server and read arbitrary files from the filesystem.
Versions of the package onnx before 1.13.0 are vulnerable to Directory Traversal as the external_data field of the tensor proto can have a path to the file which is outside the model current directory or user-provided directory, for example "../../../etc/passwd"
Zoho ManageEngine OpManager Stable build before 124196 and Released build before 125125 allows an unauthenticated attacker to read arbitrary files on the server by sending a crafted request.
LG Simple Editor copyTemplateAll Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. The specific flaw exists within the copyTemplateAll method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose information in the context of SYSTEM. . Was ZDI-CAN-19922.