Filtered by CWE-22
Total 6651 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-0980 2024-08-01 7.1 High
The Auto-update service for Okta Verify for Windows is vulnerable to two flaws which in combination could be used to execute arbitrary code.
CVE-2024-0989 1 Kuerp Project 1 Kuerp 2024-08-01 5.4 Medium
A vulnerability, which was classified as problematic, has been found in Sichuan Yougou Technology KuERP up to 1.0.4. Affected by this issue is the function del_sn_db of the file /application/index/controller/Service.php. The manipulation of the argument file leads to path traversal: '../filedir'. The exploit has been disclosed to the public and may be used. VDB-252254 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-0818 2024-08-01 N/A
Arbitrary File Overwrite Via Path Traversal in paddlepaddle/paddle before 2.6
CVE-2024-0844 1 Felixmoira 1 Popup More Popups\, Lightboxes\, And More Popup Modules 2024-08-01 4.7 Medium
The Popup More Popups, Lightboxes, and more popup modules plugin for WordPress is vulnerable to Local File Inclusion in version 2.1.6 via the ycfChangeElementData() function. This makes it possible for authenticated attackers, with administrator-level access and above, to include and execute arbitrary files ending with "Form.php" on the server , allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.
CVE-2024-0697 1 Softaculous 1 Backuply 2024-08-01 6.5 Medium
The Backuply – Backup, Restore, Migrate and Clone plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.2.3 via the node_id parameter in the backuply_get_jstree function. This makes it possible for attackers with administrator privileges or higher to read the contents of arbitrary files on the server, which can contain sensitive information.
CVE-2024-0380 1 Bootstrapped 1 Wp Recipe Maker 2024-08-01 5.4 Medium
The WP Recipe Maker plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 9.1.0 via the 'icon' attribute used in Shortcodes. This makes it possible for authenticated attackers, with contributor-level access and above, to include the contents of SVG files on the server, which can be leveraged for Cross-Site Scripting.
CVE-2024-0354 1 Unknown-o 1 Download-station 2024-08-01 5.3 Medium
A vulnerability, which was classified as critical, has been found in unknown-o download-station up to 1.1.8. This issue affects some unknown processing of the file index.php. The manipulation of the argument f leads to path traversal: '../filedir'. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250121 was assigned to this vulnerability.
CVE-2024-0341 1 Inis Project 1 Inis 2024-08-01 3.5 Low
A vulnerability was found in Inis up to 2.0.1. It has been rated as problematic. This issue affects some unknown processing of the file /app/api/controller/default/File.php of the component GET Request Handler. The manipulation of the argument path leads to path traversal: '../filedir'. The exploit has been disclosed to the public and may be used. The identifier VDB-250109 was assigned to this vulnerability.
CVE-2021-20095 1 Redhat 2 Enterprise Linux, Rhel Software Collections 2023-11-07 7.8 High
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none
CVE-2020-24741 2023-11-07 7.8 High
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2020-0570. Reason: This candidate is a duplicate of CVE-2020-0570. A typo caused the wrong ID to be used. Notes: All CVE users should reference CVE-2020-0570 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage
CVE-2017-7516 2023-11-07 N/A
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2015-1197. Reason: This candidate is a duplicate of CVE-2015-1197. Notes: All CVE users should reference CVE-2015-1197 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.