CWE-22

CVE-2021-45043

February 23, 2023 by

HD-Network Real-time Monitoring System 2.0 allows ../ directory traversal to read /etc/shadow via the /language/lang s_Language parameter.

Directory traversal vulnerability in /admin/includes/* directory for PHPGURUKUL Employee Record Management System 1.2 The attacker can retrieve and download sensitive information from the vulnerable server.

CVE-2021-44977

February 23, 2023 by

In iCMS <=8.0.0, a directory traversal vulnerability allows an attacker to read arbitrary files.

CVE-2021-45010

February 23, 2023 by

A path traversal vulnerability in the file upload functionality in tinyfilemanager.php in Tiny File Manager before 2.4.7 allows remote attackers (with valid user accounts) to upload malicious PHP files to the webroot, leading to code execution.

CVE-2021-45015

February 23, 2023 by

taocms 3.0.2 is vulnerable to arbitrary file deletion via taocmsincludeModelfile.php from line 60 to line 72.

CVE-2021-44737

February 23, 2023 by

PJL directory traversal vulnerability in Lexmark devices through 2021-12-07 that can be leveraged to overwrite internal configuration files.