• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-22

CVE-2022-30117

February 23, 2023 by godfreyd94

Concrete 8.5.7 and below as well as Concrete 9.0 through 9.0.2 allow traversal in /index.php/ccm/system/file/upload which could result in an Arbitrary File Delete exploit. This was remediated by sanitizing /index.php/ccm/system/file/upload to ensure Concrete doesn’t allow traversal and by changing isFullChunkFilePresent to have an early false return when input doesn’t match expectations.Concrete CMS Security team ranked this 5.8 with CVSS v3.1 vector AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H. Credit to Siebene for reporting.

CVE-2022-30058

February 23, 2023 by godfreyd94

Shopwind <=v3.4.2 was discovered to contain a Arbitrary File Download vulnerability via the neirong parameter at backendcontrollersDbController.php.

CVE-2022-30059

February 23, 2023 by godfreyd94

Shopwind <=v3.4.2 was discovered to contain a Arbitrary File Delete vulnerability via the neirong parameter at backendcontrollersDbController.php.

CVE-2022-30061

February 23, 2023 by godfreyd94

ftcms <=2.1 was discovered to be vulnerable to directory traversal attacks via the parameter tp.

CVE-2022-30062

February 23, 2023 by godfreyd94

ftcms <=2.1 was discovered to be vulnerable to Arbitrary File Read via tp.php

CVE-2022-29967

February 23, 2023 by godfreyd94

static_compressed_inmemory_website_callback.c in Glewlwyd through 2.6.2 allows directory traversal.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 468
  • Go to page 469
  • Go to page 470
  • Go to page 471
  • Go to page 472
  • Interim pages omitted …
  • Go to page 514
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE