The OpenPanel File Manager version 0.3.4 is vulnerable to a directory traversal exploit. By sending a crafted GET request to view_file with the filename parameter set to 'shadow' and path_param set to '/etc', an attacker can access sensitive system files outside the intended directory. This vulnerability has been assigned CVE-2024-53582.
The WordPress Core version 6.2 is vulnerable to a directory traversal attack. An attacker can manipulate input in a way that allows them to access files outside of the intended directory, such as sensitive system files like /etc/passwd. This vulnerability is identified as CVE-2023-2745.
The OpenPanel version 0.3.4 is vulnerable to directory traversal. By exploiting this vulnerability, an attacker can traverse the directories outside the intended location and gain unauthorized access to sensitive files. This vulnerability has been assigned CVE-2024-53537.
WebFileSys 2.31.0 is prone to a directory traversal vulnerability in the 'relPath' parameter. An attacker can exploit this issue by sending a crafted HTTP request to the affected server, allowing them to traverse directories and access sensitive files outside the intended directory structure. This vulnerability has been assigned CVE-2024-53586.
Apache OFBiz version 18.12.12 and below is vulnerable to directory traversal. An attacker can exploit this vulnerability by sending a crafted XML request to the '/webtools/control/xmlrpc' endpoint, allowing them to access files outside of the web root directory, such as sensitive system files like '/etc/passwd' or executing commands on the server.
The CrushFTP server version below 10.7.1 and 11.1.0, including legacy 9.x, is vulnerable to directory traversal. An attacker can exploit this vulnerability to access sensitive files on the server by manipulating the file path in the URL.
The Automatic-Systems SOC FL9600 FastLine V06 allows Directory Traversal via a specially crafted HTTP request. An attacker can exploit this vulnerability to read arbitrary files on the server, such as sensitive system files like 'passwd'. This vulnerability has been assigned CVE-2023-37607.
The exploit allows an attacker to access sensitive files like /etc/shadow on TP-Link TL-WR740N routers with firmware version 3.12.11 Build 110915 Rel.40896n. This can lead to unauthorized access and potential compromise of the device. This vulnerability has not been assigned a CVE yet.
The Automatic-Systems SOC FL9600 FastLine V06 allows an attacker to traverse directories by manipulating the 'dir' parameter in the 'csvServer.php' script, leading to unauthorized access to sensitive files such as '/etc/passwd'. This vulnerability has been assigned CVE-2023-37607.
The exploit allows an unauthenticated user to traverse directories and access sensitive system files like /etc/shadow on TP-Link TL-WR740N version 3.12.11 Build 110915 Rel.40896n. This vulnerability could lead to unauthorized access to critical system information.
Services By CQR