• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-552

CVE-2022-26271

February 23, 2023 by godfreyd94

74cmsSE v3.4.1 was discovered to contain an arbitrary file read vulnerability via the $url parameter at indexcontrollerDownload.php.

CVE-2022-25497

February 23, 2023 by godfreyd94

CuppaCMS v1.0 was discovered to contain an arbitrary file read via the copy function.

CVE-2022-25297

February 23, 2023 by godfreyd94

This affects the package drogonframework/drogon before 1.7.5. The unsafe handling of file names during upload using HttpFile::save() method may enable attackers to write files to arbitrary locations outside the designated target folder.

CVE-2022-25299

February 23, 2023 by godfreyd94

This affects the package cesanta/mongoose before 7.6. The unsafe handling of file names during upload using mg_http_upload() method may enable attackers to write files to arbitrary locations outside the designated target folder.

CVE-2022-25104

February 23, 2023 by godfreyd94

HorizontCMS v1.0.0-beta.2 was discovered to contain an arbitrary file download vulnerability via the component /admin/file-manager/.

CVE-2022-24694

February 23, 2023 by godfreyd94

In Mahara 20.10 before 20.10.4, 21.04 before 21.04.3, and 21.10 before 21.10.1, the names of folders in the Files area can be seen by a person not owning the folders. (Only folder names are affected. Neither file names nor file contents are affected.)

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 23
  • Go to page 24
  • Go to page 25
  • Go to page 26
  • Go to page 27
  • Interim pages omitted …
  • Go to page 29
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE