Vulnerabilities > Files or Directories Accessible to External Parties

DATE CVE VULNERABILITY TITLE RISK
2022-04-08 CVE-2022-28002 Files or Directories Accessible to External Parties vulnerability in Movie Seat Reservation Project Movie Seat Reservation 1.0
Movie Seat Reservation v1 was discovered to contain an unauthenticated file disclosure vulnerability via /index.php?page=home.
network
low complexity
movie-seat-reservation-project CWE-552
7.5
2022-03-28 CVE-2022-26271 Files or Directories Accessible to External Parties vulnerability in 74Cms 3.4.1
74cmsSE v3.4.1 was discovered to contain an arbitrary file read vulnerability via the $url parameter at \index\controller\Download.php.
network
low complexity
74cms CWE-552
7.5
2022-03-17 CVE-2022-24075 Files or Directories Accessible to External Parties vulnerability in Navercorp Whale
Whale browser before 3.12.129.18 allowed extensions to replace JavaScript files of the HWP viewer website which could access to local HWP files.
network
low complexity
navercorp CWE-552
6.5
2022-03-15 CVE-2022-25497 Files or Directories Accessible to External Parties vulnerability in Cuppacms 1.0
CuppaCMS v1.0 was discovered to contain an arbitrary file read via the copy function.
network
low complexity
cuppacms CWE-552
5.3
2022-03-01 CVE-2022-23377 Files or Directories Accessible to External Parties vulnerability in Keep Archeevo
Archeevo below 5.0 is affected by local file inclusion through file=~/web.config to allow an attacker to retrieve local files.
network
low complexity
keep CWE-552
7.5
2022-02-24 CVE-2022-25104 Files or Directories Accessible to External Parties vulnerability in Horizontcms Project Horizontcms 1.0.0
HorizontCMS v1.0.0-beta.2 was discovered to contain an arbitrary file download vulnerability via the component /admin/file-manager/.
network
low complexity
horizontcms-project CWE-552
7.5
2022-02-21 CVE-2022-25297 Files or Directories Accessible to External Parties vulnerability in Drogon
This affects the package drogonframework/drogon before 1.7.5.
network
low complexity
drogon CWE-552
8.8
2022-02-18 CVE-2022-25299 Files or Directories Accessible to External Parties vulnerability in Cesanta Mongoose
This affects the package cesanta/mongoose before 7.6.
network
low complexity
cesanta CWE-552
7.5
2022-02-09 CVE-2022-24694 Files or Directories Accessible to External Parties vulnerability in Mahara
In Mahara 20.10 before 20.10.4, 21.04 before 21.04.3, and 21.10 before 21.10.1, the names of folders in the Files area can be seen by a person not owning the folders.
network
low complexity
mahara CWE-552
4.3
2022-02-07 CVE-2021-25004 Files or Directories Accessible to External Parties vulnerability in Seur Oficial Project Seur Oficial
The SEUR Oficial WordPress plugin before 1.7.2 creates a PHP file with a random name when installed, even though it is used for support purposes, it allows to download any file from the web server without restriction after knowing the URL and a password than an administrator can see in the plugin settings page.
network
low complexity
seur-oficial-project CWE-552
4.9