![]() The Orders Tracking for WooCommerce WordPress plugin before 1.2.6 doesn't validate the file_url parameter when importing a CSV file, allowing high privilege users with the manage_woocommerce capability to access any file on the web server via a Traversal attack. The identifier VDB-238637 was assigned to this vulnerability. The exploit has been disclosed to the public and may be used. The manipulation of the argument filePath leads to path traversal. This issue affects some unknown processing of the file PrintTemplateFileServlet.java. Relative Path Traversal in GitHub repository mintplex-labs/anything-llm prior to 0.0.1.Ī vulnerability, which was classified as critical, has been found in Yongyou UFIDA-NC up to 20230807. Relative Path Traversal in GitHub repository cecilapp/cecil prior to 7.47.1. The associated identifier of this vulnerability is VDB-239863. ![]() The manipulation of the argument activepath leads to absolute path traversal. Affected by this vulnerability is an unknown functionality of the file /include/dialog/select_templets_post.php. A vulnerability has been found in DedeCMS up to 5.7.100 and classified as critical. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |