CWE-610
DiscouragedExternally Controlled Reference to a Resource in Another Sphere
Abstraction: Class · Status: Draft
The product uses an externally controlled name or reference that resolves to a resource that is outside of the intended control sphere.
278 vulnerabilities reference this CWE, most recent first.
GHSA-8WH3-6776-4HGJ
Vulnerability from github – Published: 2022-01-15 00:01 – Updated: 2022-01-16 00:00In setLaunchIntent of BluetoothDevicePickerPreferenceController.java, there is a possible way to invoke an arbitrary broadcast receiver due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-12Android ID: A-195668284
{
"affected": [],
"aliases": [
"CVE-2021-1035"
],
"database_specific": {
"cwe_ids": [
"CWE-610"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-01-14T20:15:00Z",
"severity": "HIGH"
},
"details": "In setLaunchIntent of BluetoothDevicePickerPreferenceController.java, there is a possible way to invoke an arbitrary broadcast receiver due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-12Android ID: A-195668284",
"id": "GHSA-8wh3-6776-4hgj",
"modified": "2022-01-16T00:00:56Z",
"published": "2022-01-15T00:01:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-1035"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/aaos/2022-01-01"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-952C-48VM-QJ8V
Vulnerability from github – Published: 2024-08-06 06:30 – Updated: 2024-08-06 06:30Dell Command | Update, Dell Update, and Alienware Update UWP, versions prior to 5.4, contain an Exposed Dangerous Method or Function vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to denial of service.
{
"affected": [],
"aliases": [
"CVE-2024-28962"
],
"database_specific": {
"cwe_ids": [
"CWE-610"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-08-06T04:16:45Z",
"severity": "MODERATE"
},
"details": "Dell Command | Update, Dell Update, and Alienware Update UWP, versions prior to 5.4, contain an Exposed Dangerous Method or Function vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to denial of service.",
"id": "GHSA-952c-48vm-qj8v",
"modified": "2024-08-06T06:30:35Z",
"published": "2024-08-06T06:30:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-28962"
},
{
"type": "WEB",
"url": "https://www.dell.com/support/kbdoc/en-us/000227236/dsa-2024-169"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-9722-RR68-RFPG
Vulnerability from github – Published: 2020-06-03 21:58 – Updated: 2021-03-04 18:26Impact
An attacker can exploit this vulnerability to upload jpg, jpeg, bmp, png, webp, gif, ico, css, js, woff, woff2, svg, ttf, eot, json, md, less, sass, scss, xml files to any directory of an October CMS server. The vulnerability is only exploitable by an authenticated backend user with the cms.manage_assets permission.
Patches
Issue has been patched in Build 466 (v1.0.466).
Workarounds
Apply https://github.com/octobercms/october/commit/6711dae8ef70caf0e94cec434498012a2ccd86b8 to your installation manually if unable to upgrade to Build 466.
References
Reported by Sivanesh Ashok
For more information
If you have any questions or comments about this advisory: * Email us at hello@octobercms.com
Threat assessment:

{
"affected": [
{
"package": {
"ecosystem": "Packagist",
"name": "october/cms"
},
"ranges": [
{
"events": [
{
"introduced": "1.0.319"
},
{
"fixed": "1.0.466"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2020-5297"
],
"database_specific": {
"cwe_ids": [
"CWE-610",
"CWE-73"
],
"github_reviewed": true,
"github_reviewed_at": "2020-06-03T21:26:41Z",
"nvd_published_at": "2020-06-03T22:15:00Z",
"severity": "LOW"
},
"details": "### Impact\nAn attacker can exploit this vulnerability to upload jpg, jpeg, bmp, png, webp, gif, ico, css, js, woff, woff2, svg, ttf, eot, json, md, less, sass, scss, xml files to any directory of an October CMS server. The vulnerability is only exploitable by an authenticated backend user with the `cms.manage_assets` permission.\n\n### Patches\nIssue has been patched in Build 466 (v1.0.466).\n\n### Workarounds\nApply https://github.com/octobercms/october/commit/6711dae8ef70caf0e94cec434498012a2ccd86b8 to your installation manually if unable to upgrade to Build 466.\n\n### References\nReported by [Sivanesh Ashok](https://stazot.com/)\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Email us at [hello@octobercms.com](mailto:hello@octobercms.com)\n\n### Threat assessment:\n\u003cimg width=\"1241\" alt=\"Screen Shot 2020-03-31 at 12 21 10 PM\" src=\"https://user-images.githubusercontent.com/7253840/78061230-255f5400-734a-11ea-92b4-1120f6960505.png\"\u003e",
"id": "GHSA-9722-rr68-rfpg",
"modified": "2021-03-04T18:26:59Z",
"published": "2020-06-03T21:58:27Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/octobercms/october/security/advisories/GHSA-9722-rr68-rfpg"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-5297"
},
{
"type": "WEB",
"url": "https://github.com/octobercms/october/commit/6711dae8ef70caf0e94cec434498012a2ccd86b8"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/158730/October-CMS-Build-465-XSS-File-Read-File-Deletion-CSV-Injection.html"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2020/Aug/2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:N/I:L/A:N",
"type": "CVSS_V3"
}
],
"summary": "Upload whitelisted files to any directory in OctoberCMS"
}
GHSA-973J-JF94-FMWP
Vulnerability from github – Published: 2023-11-27 18:31 – Updated: 2025-11-04 21:30An arbitrary file creation vulnerability exists in the Javascript exportDataObject API of Foxit Reader 12.1.3.15356 due to mistreatment of whitespace characters. A specially crafted malicious file can create files at arbitrary locations, which can lead to arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled.
{
"affected": [],
"aliases": [
"CVE-2023-40194"
],
"database_specific": {
"cwe_ids": [
"CWE-610",
"CWE-73"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-11-27T16:15:10Z",
"severity": "HIGH"
},
"details": "An arbitrary file creation vulnerability exists in the Javascript exportDataObject API of Foxit Reader 12.1.3.15356 due to mistreatment of whitespace characters. A specially crafted malicious file can create files at arbitrary locations, which can lead to arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled.",
"id": "GHSA-973j-jf94-fmwp",
"modified": "2025-11-04T21:30:48Z",
"published": "2023-11-27T18:31:13Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40194"
},
{
"type": "WEB",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1833"
},
{
"type": "WEB",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1833"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-9GJ5-Q54R-HCPR
Vulnerability from github – Published: 2023-11-27 18:31 – Updated: 2025-11-04 21:30An arbitrary file creation vulnerability exists in the Javascript exportDataObject API of Foxit Reader 12.1.3.15356 due to a failure to properly validate a dangerous extension. A specially crafted malicious file can create files at arbitrary locations, which can lead to arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially-crafted malicious site if the browser plugin extension is enabled.
{
"affected": [],
"aliases": [
"CVE-2023-35985"
],
"database_specific": {
"cwe_ids": [
"CWE-610",
"CWE-73"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-11-27T16:15:09Z",
"severity": "HIGH"
},
"details": "An arbitrary file creation vulnerability exists in the Javascript exportDataObject API of Foxit Reader 12.1.3.15356 due to a failure to properly validate a dangerous extension. A specially crafted malicious file can create files at arbitrary locations, which can lead to arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially-crafted malicious site if the browser plugin extension is enabled.",
"id": "GHSA-9gj5-q54r-hcpr",
"modified": "2025-11-04T21:30:48Z",
"published": "2023-11-27T18:31:13Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-35985"
},
{
"type": "WEB",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1834"
},
{
"type": "WEB",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1834"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-9J36-XV3G-RVH5
Vulnerability from github – Published: 2025-09-08 12:30 – Updated: 2025-09-08 12:30A vulnerability has been found in Jinher OA up to 1.2. This affects an unknown function of the file /c6/Jhsoft.Web.projectmanage/ProjectManage/XmlHttp.aspx/?Type=add of the component XML Handler. The manipulation leads to xml external entity reference. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used.
{
"affected": [],
"aliases": [
"CVE-2025-10091"
],
"database_specific": {
"cwe_ids": [
"CWE-610",
"CWE-611"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-08T11:15:30Z",
"severity": "MODERATE"
},
"details": "A vulnerability has been found in Jinher OA up to 1.2. This affects an unknown function of the file /c6/Jhsoft.Web.projectmanage/ProjectManage/XmlHttp.aspx/?Type=add of the component XML Handler. The manipulation leads to xml external entity reference. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used.",
"id": "GHSA-9j36-xv3g-rvh5",
"modified": "2025-09-08T12:30:33Z",
"published": "2025-09-08T12:30:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-10091"
},
{
"type": "WEB",
"url": "https://github.com/Cstarplus/CVE/issues/2"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.323046"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.323046"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.644864"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-9RVG-H3PH-F3V3
Vulnerability from github – Published: 2023-08-31 21:32 – Updated: 2023-08-31 21:32Local privilege escalation during installation due to improper soft link handling. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40278.
{
"affected": [],
"aliases": [
"CVE-2022-46869"
],
"database_specific": {
"cwe_ids": [
"CWE-269",
"CWE-59",
"CWE-610"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-08-31T20:15:08Z",
"severity": "HIGH"
},
"details": "Local privilege escalation during installation due to improper soft link handling. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40278.",
"id": "GHSA-9rvg-h3ph-f3v3",
"modified": "2023-08-31T21:32:40Z",
"published": "2023-08-31T21:32:40Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-46869"
},
{
"type": "WEB",
"url": "https://security-advisory.acronis.com/advisories/SEC-3835"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-9VVV-8533-53P6
Vulnerability from github – Published: 2022-05-13 01:39 – Updated: 2025-04-20 03:35An elevation of privilege vulnerability exists in Windows 10, Windows 8.1, Windows RT 8.1, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 versions of Microsoft Windows OLE when it fails an integrity-level check, aka "Windows OLE Elevation of Privilege Vulnerability."
{
"affected": [],
"aliases": [
"CVE-2017-0211"
],
"database_specific": {
"cwe_ids": [
"CWE-610"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-04-12T14:59:00Z",
"severity": "MODERATE"
},
"details": "An elevation of privilege vulnerability exists in Windows 10, Windows 8.1, Windows RT 8.1, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 versions of Microsoft Windows OLE when it fails an integrity-level check, aka \"Windows OLE Elevation of Privilege Vulnerability.\"",
"id": "GHSA-9vvv-8533-53p6",
"modified": "2025-04-20T03:35:51Z",
"published": "2022-05-13T01:39:50Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-0211"
},
{
"type": "WEB",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0211"
},
{
"type": "WEB",
"url": "https://www.exploit-db.com/exploits/41902"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/97514"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1038240"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-9W63-3R8G-CXH8
Vulnerability from github – Published: 2022-12-07 03:30 – Updated: 2022-12-08 18:30ILIAS before 7.16 allows External Control of File Name or Path.
{
"affected": [],
"aliases": [
"CVE-2022-45918"
],
"database_specific": {
"cwe_ids": [
"CWE-610"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-12-07T01:15:00Z",
"severity": "MODERATE"
},
"details": "ILIAS before 7.16 allows External Control of File Name or Path.",
"id": "GHSA-9w63-3r8g-cxh8",
"modified": "2022-12-08T18:30:50Z",
"published": "2022-12-07T03:30:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-45918"
},
{
"type": "WEB",
"url": "https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-ilias-elearning-platform"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/170181/ILIAS-eLearning-7.15-Command-Injection-XSS-LFI-Open-Redirect.html"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2022/Dec/7"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-9XHG-4CW3-P79R
Vulnerability from github – Published: 2023-07-06 19:24 – Updated: 2024-04-04 05:30A vulnerability has been identified in syngo Dynamics (All versions < VA40G HF01). syngo Dynamics application server hosts a web service using an operation with improper write access control that could allow to write data in any folder accessible to the account assigned to the website’s application pool.
{
"affected": [],
"aliases": [
"CVE-2022-42891"
],
"database_specific": {
"cwe_ids": [
"CWE-610",
"CWE-73"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-11-17T17:15:00Z",
"severity": "HIGH"
},
"details": "A vulnerability has been identified in syngo Dynamics (All versions \u003c VA40G HF01). syngo Dynamics application server hosts a web service using an operation with improper write access control that could allow to write data in any folder accessible to the account assigned to the website\u2019s application pool.",
"id": "GHSA-9xhg-4cw3-p79r",
"modified": "2024-04-04T05:30:25Z",
"published": "2023-07-06T19:24:04Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42891"
},
{
"type": "WEB",
"url": "https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/shsa-741697"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
CAPEC-219: XML Routing Detour Attacks
An attacker subverts an intermediate system used to process XML content and forces the intermediate to modify and/or re-route the processing of the content. XML Routing Detour Attacks are Adversary in the Middle type attacks (CAPEC-94). The attacker compromises or inserts an intermediate system in the processing of the XML message. For example, WS-Routing can be used to specify a series of nodes or intermediaries through which content is passed. If any of the intermediate nodes in this route are compromised by an attacker they could be used for a routing detour attack. From the compromised system the attacker is able to route the XML process to other nodes of their choice and modify the responses so that the normal chain of processing is unaware of the interception. This system can forward the message to an outside entity and hide the forwarding and processing from the legitimate processing systems by altering the header information.