Vulnerabilities > External Control of File Name or Path
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-11 | CVE-2022-0246 | External Control of File Name or Path vulnerability in Webence IQ Block Country The settings of the iQ Block Country WordPress plugin before 1.2.13 can be exported or imported using its backup functionality. | 4.0 |
| 2022-03-14 | CVE-2021-24966 | External Control of File Name or Path vulnerability in Bestwebsoft Error LOG Viewer The Error Log Viewer WordPress plugin through 1.1.1 does not validate the path of the log file to clear, allowing high privilege users to clear arbitrary files on the web server, including those outside of the blog folder | 4.0 |
| 2022-03-14 | CVE-2022-0593 | External Control of File Name or Path vulnerability in Idehweb Login With Phone Number The Login with phone number WordPress plugin before 1.3.7 includes a file delete.php with no form of authentication or authorization checks placed in the plugin directory, allowing unauthenticated user to remotely delete the plugin files leading to a potential Denial of Service situation. | 6.4 |
| 2022-01-04 | CVE-2021-3845 | External Control of File Name or Path vulnerability in WS Scrcpy Project WS Scrcpy ws-scrcpy is vulnerable to External Control of File Name or Path | 7.5 |
| 2021-10-22 | CVE-2021-38477 | External Control of File Name or Path vulnerability in Auvesy Versiondog There are multiple API function codes that permit reading and writing data to or from files and directories, which could lead to the manipulation and/or the deletion of files. | 6.4 |
| 2021-04-14 | CVE-2021-27250 | External Control of File Name or Path vulnerability in Dlink Dap-2020 Firmware 1.01 This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of D-Link DAP-2020 v1.01rc001 Wi-Fi access points. | 6.5 |
| 2021-03-23 | CVE-2021-21343 | External Control of File Name or Path vulnerability in multiple products XStream is a Java library to serialize objects to XML and back again. | 7.5 |
| 2020-10-20 | CVE-2020-15264 | External Control of File Name or Path vulnerability in Chocolatey Boxstarter The Boxstarter installer before version 2.13.0 configures C:\ProgramData\Boxstarter to be in the system-wide PATH environment variable. | 7.2 |
| 2020-06-29 | CVE-2019-3681 | External Control of File Name or Path vulnerability in Opensuse OSC A External Control of File Name or Path vulnerability in osc of SUSE Linux Enterprise Module for Development Tools 15, SUSE Linux Enterprise Software Development Kit 12-SP5, SUSE Linux Enterprise Software Development Kit 12-SP4; openSUSE Leap 15.1, openSUSE Factory allowed remote attackers that can change downloaded packages to overwrite arbitrary files. | 6.4 |
| 2020-06-03 | CVE-2020-5297 | External Control of File Name or Path vulnerability in Octobercms October In OctoberCMS (october/october composer package) versions from 1.0.319 and before 1.0.466, an attacker can exploit this vulnerability to upload jpg, jpeg, bmp, png, webp, gif, ico, css, js, woff, woff2, svg, ttf, eot, json, md, less, sass, scss, xml files to any directory of an October CMS server. | 4.0 |