The Devika v1 application is vulnerable to a path traversal exploit via the 'snapshot_path' parameter. By manipulating the parameter, an attacker can traverse directories and access sensitive files such as /etc/passwd. This vulnerability has been assigned the CVE ID CVE-2024-40422.
Craft CMS Logs Plugin version 3.0.3 allows an authenticated attacker to perform path traversal by exploiting a lack of proper validation in the log file reading functionality. This can lead to the unauthorized access of arbitrary files on the underlying file system with the permissions of the web service user. This has been assigned CVE-2022-23409.
Apache OFBiz version 18.12.12 and below is vulnerable to directory traversal. An attacker can exploit this vulnerability by sending a crafted XML request to the '/webtools/control/xmlrpc' endpoint, allowing them to access files outside of the web root directory, such as sensitive system files like '/etc/passwd' or executing commands on the server.
The CrushFTP server version below 10.7.1 and 11.1.0, including legacy 9.x, is vulnerable to directory traversal. An attacker can exploit this vulnerability to access sensitive files on the server by manipulating the file path in the URL.
The GL-iNet MT6000 4.5.5 device is vulnerable to an arbitrary file download exploit. By exploiting this vulnerability, an attacker can download sensitive information such as credentials and registered Device ID. This vulnerability has been assigned CVE-2024-27356.
In TYPO3 11.5.24, there exists a path traversal vulnerability in the filelist component. Attackers, with access to the administrator panel, can exploit this vulnerability to read arbitrary files by using directory traversal via the baseuri field. An authenticated attacker can manipulate the base URI by sending a crafted POST request to /typo3/record/edit with specific parameters, ultimately allowing them to access sensitive files on the server.
An authenticated path traversal vulnerability was found in OpenClinic GA version 5.247.01. By manipulating the 'Page' parameter in a GET request to 'main.do', an attacker can navigate to arbitrary directories and retrieve or execute files. This can lead to unauthorized access to sensitive information or facilitate more severe attacks.
The Simple Backup Plugin version 2.7.10 allows an attacker to download arbitrary files from the server through a path traversal vulnerability. By manipulating the 'download_backup_file' parameter in the 'tools.php' page, an attacker can traverse directories and access sensitive files on the server.
The exploit allows an attacker to traverse the directory structure and read sensitive files such as /etc/passwd on UPS Network Management Card 4 without authentication.
FoF Pretty Mail 1.1.2 extension for Flarum is vulnerable to Local File Inclusion (LFI) as it mishandles file paths in email templates. An attacker with administrative privileges can exploit this flaw to include sensitive server files in email content, potentially leading to information disclosure.