header-logo
Suggest Exploit
explore-vulnerabilities

Explore Vulnerabilities

Version
Year

Explore all Exploits:

Devika v1 – Path Traversal via ‘snapshot_path’ Parameter

The Devika v1 application is vulnerable to a path traversal exploit via the 'snapshot_path' parameter. By manipulating the parameter, an attacker can traverse directories and access sensitive files such as /etc/passwd. This vulnerability has been assigned the CVE ID CVE-2024-40422.

Craft CMS Logs Plugin 3.0.3 – Path Traversal (Authenticated)

Craft CMS Logs Plugin version 3.0.3 allows an authenticated attacker to perform path traversal by exploiting a lack of proper validation in the log file reading functionality. This can lead to the unauthorized access of arbitrary files on the underlying file system with the permissions of the web service user. This has been assigned CVE-2022-23409.

Apache OFBiz 18.12.12 – Directory Traversal

Apache OFBiz version 18.12.12 and below is vulnerable to directory traversal. An attacker can exploit this vulnerability by sending a crafted XML request to the '/webtools/control/xmlrpc' endpoint, allowing them to access files outside of the web root directory, such as sensitive system files like '/etc/passwd' or executing commands on the server.

TYPO3 11.5.24 Path Traversal Vulnerability (Authenticated)

In TYPO3 11.5.24, there exists a path traversal vulnerability in the filelist component. Attackers, with access to the administrator panel, can exploit this vulnerability to read arbitrary files by using directory traversal via the baseuri field. An authenticated attacker can manipulate the base URI by sending a crafted POST request to /typo3/record/edit with specific parameters, ultimately allowing them to access sensitive files on the server.

OpenClinic GA 5.247.01 – Path Traversal Vulnerability (Authenticated)

An authenticated path traversal vulnerability was found in OpenClinic GA version 5.247.01. By manipulating the 'Page' parameter in a GET request to 'main.do', an attacker can navigate to arbitrary directories and retrieve or execute files. This can lead to unauthorized access to sensitive information or facilitate more severe attacks.

Arbitrary File Download via Path Traversal in Simple Backup Plugin < 2.7.10

The Simple Backup Plugin version 2.7.10 allows an attacker to download arbitrary files from the server through a path traversal vulnerability. By manipulating the 'download_backup_file' parameter in the 'tools.php' page, an attacker can traverse directories and access sensitive files on the server.

FoF Pretty Mail 1.1.2 – Local File Inclusion Vulnerability

FoF Pretty Mail 1.1.2 extension for Flarum is vulnerable to Local File Inclusion (LFI) as it mishandles file paths in email templates. An attacker with administrative privileges can exploit this flaw to include sensitive server files in email content, potentially leading to information disclosure.

Recent Exploits: