WordPress Plugin Simple File List before 4.2.8 is prone to a vulnerability that lets attackers delete arbitrary files because the application fails to properly verify user-supplied input.
CWE-22
CVE-2020-12764
Gnuteca 3.8 allows file.php?folder=/&file= Directory Traversal.
CVE-2020-12765
Solis Miolo 2.0 allows index.php?module=install&action=view&item= Directory Traversal.
CVE-2020-12737
An issue was discovered in Maxum Rumpus before 8.2.12 on macOS. Authenticated users can perform a path traversal using double escaped characters, enabling read access to arbitrary files on the server.
CVE-2020-12640
Roundcube Webmail before 1.4.4 allows attackers to include local files and execute code via directory traversal in a plugin name to rcube_plugin_api.php.
CVE-2020-12649
Gurbalib through 2020-04-30 allows lib/cmds/player/help.c directory traversal for reading administrative paths.