Vulnerabilities > Files or Directories Accessible to External Parties
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-04-08 | CVE-2022-28002 | Files or Directories Accessible to External Parties vulnerability in Movie Seat Reservation Project Movie Seat Reservation 1.0 Movie Seat Reservation v1 was discovered to contain an unauthenticated file disclosure vulnerability via /index.php?page=home. | 7.5 |
2022-03-28 | CVE-2022-26271 | Files or Directories Accessible to External Parties vulnerability in 74Cms 3.4.1 74cmsSE v3.4.1 was discovered to contain an arbitrary file read vulnerability via the $url parameter at \index\controller\Download.php. | 7.5 |
2022-03-17 | CVE-2022-24075 | Files or Directories Accessible to External Parties vulnerability in Navercorp Whale Whale browser before 3.12.129.18 allowed extensions to replace JavaScript files of the HWP viewer website which could access to local HWP files. | 6.5 |
2022-03-15 | CVE-2022-25497 | Files or Directories Accessible to External Parties vulnerability in Cuppacms 1.0 CuppaCMS v1.0 was discovered to contain an arbitrary file read via the copy function. | 5.3 |
2022-03-01 | CVE-2022-23377 | Files or Directories Accessible to External Parties vulnerability in Keep Archeevo Archeevo below 5.0 is affected by local file inclusion through file=~/web.config to allow an attacker to retrieve local files. | 7.5 |
2022-02-24 | CVE-2022-25104 | Files or Directories Accessible to External Parties vulnerability in Horizontcms Project Horizontcms 1.0.0 HorizontCMS v1.0.0-beta.2 was discovered to contain an arbitrary file download vulnerability via the component /admin/file-manager/. | 7.5 |
2022-02-21 | CVE-2022-25297 | Files or Directories Accessible to External Parties vulnerability in Drogon This affects the package drogonframework/drogon before 1.7.5. | 8.8 |
2022-02-18 | CVE-2022-25299 | Files or Directories Accessible to External Parties vulnerability in Cesanta Mongoose This affects the package cesanta/mongoose before 7.6. | 7.5 |
2022-02-09 | CVE-2022-24694 | Files or Directories Accessible to External Parties vulnerability in Mahara In Mahara 20.10 before 20.10.4, 21.04 before 21.04.3, and 21.10 before 21.10.1, the names of folders in the Files area can be seen by a person not owning the folders. | 4.3 |
2022-02-07 | CVE-2021-25004 | Files or Directories Accessible to External Parties vulnerability in Seur Oficial Project Seur Oficial The SEUR Oficial WordPress plugin before 1.7.2 creates a PHP file with a random name when installed, even though it is used for support purposes, it allows to download any file from the web server without restriction after knowing the URL and a password than an administrator can see in the plugin settings page. | 4.9 |