• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-22

CVE-2019-16990

February 26, 2023 by

In FusionPBX up to v4.5.7, the file app/music_on_hold/music_on_hold.php uses an unsanitized “file” variable coming from the URL, which takes any pathname (base64 encoded) and allows a download of it.

CVE-2019-16915

February 26, 2023 by

An issue was discovered in pfSense through 2.4.4-p3. widgets/widgets/picture.widget.php uses the widgetkey parameter directly without sanitization (e.g., a basename call) for a pathname to file_get_contents or file_put_contents.

CVE-2019-16867

February 26, 2023 by

HongCMS 3.0.0 allows arbitrary file deletion via a ../ in the file parameter to admin/index.php/database/ajax?action=delete, a similar issue to CVE-2018-16774. (If the attacker deletes config.php and visits install/index.php, they can reinstall the product.)

CVE-2019-16868

February 26, 2023 by

emlog through 6.0.0beta has an arbitrary file deletion vulnerability via an admin/data.php?action=dell_all_bak request with directory traversal sequences in the bak[] parameter.

CVE-2019-16876

February 26, 2023 by

Portainer before 1.22.1 allows Directory Traversal.

CVE-2019-16902

February 26, 2023 by

In the ARforms plugin 3.7.1 for WordPress, arf_delete_file in arformcontroller.php allows unauthenticated deletion of an arbitrary file by supplying the full pathname.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 289
  • Go to page 290
  • Go to page 291
  • Go to page 292
  • Go to page 293
  • Interim pages omitted …
  • Go to page 514
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE