Vulnerabilities > Files or Directories Accessible to External Parties

DATE CVE VULNERABILITY TITLE RISK
2022-05-05 CVE-2022-28462 Files or Directories Accessible to External Parties vulnerability in Xxyopen Novel-Plus 3.6.0
novel-plus 3.6.0 suffers from an Arbitrary file reading vulnerability.
network
low complexity
xxyopen CWE-552
7.5
7.5
2022-04-25 CVE-2022-0656 Files or Directories Accessible to External Parties vulnerability in Webtoprint web to Print Shop:Udraw
The Web To Print Shop : uDraw WordPress plugin before 3.3.3 does not validate the url parameter in its udraw_convert_url_to_base64 AJAX action (available to both unauthenticated and authenticated users) before using it in the file_get_contents function and returning its content base64 encoded in the response.
network
low complexity
webtoprint CWE-552
7.5
7.5
2022-04-21 CVE-2022-28445 Files or Directories Accessible to External Parties vulnerability in Kitesky Kitecms 1.1.1
KiteCMS v1.1.1 was discovered to contain an arbitrary file read vulnerability via the background management module.
network
low complexity
kitesky CWE-552
6.5
6.5
2022-04-11 CVE-2022-27837 Files or Directories Accessible to External Parties vulnerability in Samsung Accessibility 12.5.3.2
A vulnerability using PendingIntent in Accessibility prior to version 12.5.3.2 in Android R(11.0) and 13.0.1.1 in Android S(12.0) allows attacker to access the file with system privilege.
local
low complexity
samsung CWE-552
7.8
7.8
2022-04-09 CVE-2022-26877 Files or Directories Accessible to External Parties vulnerability in Asana Desktop
Asana Desktop before 1.6.0 allows remote attackers to exfiltrate local files if they can trick the Asana desktop app into loading a malicious web page.
network
low complexity
asana CWE-552
6.5
6.5
2022-04-08 CVE-2022-28002 Files or Directories Accessible to External Parties vulnerability in Movie Seat Reservation Project Movie Seat Reservation 1.0
Movie Seat Reservation v1 was discovered to contain an unauthenticated file disclosure vulnerability via /index.php?page=home.
network
low complexity
movie-seat-reservation-project CWE-552
7.5
7.5
2022-03-28 CVE-2022-26271 Files or Directories Accessible to External Parties vulnerability in 74Cms 3.4.1
74cmsSE v3.4.1 was discovered to contain an arbitrary file read vulnerability via the $url parameter at \index\controller\Download.php.
network
low complexity
74cms CWE-552
7.5
7.5
2022-03-17 CVE-2022-24075 Files or Directories Accessible to External Parties vulnerability in Navercorp Whale
Whale browser before 3.12.129.18 allowed extensions to replace JavaScript files of the HWP viewer website which could access to local HWP files.
network
low complexity
navercorp CWE-552
6.5
6.5
2022-03-15 CVE-2022-25497 Files or Directories Accessible to External Parties vulnerability in Cuppacms 1.0
CuppaCMS v1.0 was discovered to contain an arbitrary file read via the copy function.
network
low complexity
cuppacms CWE-552
5.3
5.3
2022-03-01 CVE-2022-23377 Files or Directories Accessible to External Parties vulnerability in Keep Archeevo
Archeevo below 5.0 is affected by local file inclusion through file=~/web.config to allow an attacker to retrieve local files.
network
low complexity
keep CWE-552
7.5
7.5