• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-22

CVE-2022-1166

February 23, 2023 by

The JobMonster Theme was vulnerable to Directory Listing in the /wp-content/uploads/jobmonster/ folder, as it did not include a default PHP file, or .htaccess file. This could expose personal data such as people’s resumes. Although Directory Listing can be prevented by securely configuring the web server, vendors can also take measures to make it less likely to happen.

CVE-2022-1000

February 23, 2023 by

Path Traversal in GitHub repository prasathmani/tinyfilemanager prior to 2.4.7.

CVE-2022-0902

February 23, 2023 by

Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’), Improper Neutralization of Special Elements used in a Command (‘Command Injection’) vulnerability in flow computer and remote controller products of ABB ( RMC-100 (Standard), RMC-100-LITE, XIO, XFCG5 , XRCG5 , uFLOG5 , UDC) allows an attacker who successfully exploited this vulnerability could insert and run arbitrary code in an affected system node.

CVE-2022-0779

February 23, 2023 by

The User Meta WordPress plugin before 2.4.4 does not validate the filepath parameter of its um_show_uploaded_file AJAX action, which could allow low privileged users such as subscriber to enumerate the local files on the web server via path traversal payloads

CVE-2022-0673

February 23, 2023 by

A flaw was found in LemMinX in versions prior to 0.19.0. Cache poisoning of external schema files due to directory traversal.

CVE-2022-0679

February 23, 2023 by

The Narnoo Distributor WordPress plugin through 2.5.1 fails to validate and sanitize the lib_path parameter before it is passed into a call to require() via the narnoo_distributor_lib_request AJAX action (available to both unauthenticated and authenticated users) which results in the disclosure of arbitrary files as the content of the file is then displayed in the response as JSON data. This could also lead to RCE with various tricks but depends on the underlying system and it’s configuration.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 507
  • Go to page 508
  • Go to page 509
  • Go to page 510
  • Go to page 511
  • Interim pages omitted …
  • Go to page 514
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE