Common Weakness Enumeration

CWE-610

Discouraged

Externally Controlled Reference to a Resource in Another Sphere

Abstraction: Class · Status: Draft

The product uses an externally controlled name or reference that resolves to a resource that is outside of the intended control sphere.

278 vulnerabilities reference this CWE, most recent first.

GHSA-8WH3-6776-4HGJ

Vulnerability from github – Published: 2022-01-15 00:01 – Updated: 2022-01-16 00:00
VLAI
Details

In setLaunchIntent of BluetoothDevicePickerPreferenceController.java, there is a possible way to invoke an arbitrary broadcast receiver due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-12Android ID: A-195668284

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-1035"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-610"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-01-14T20:15:00Z",
    "severity": "HIGH"
  },
  "details": "In setLaunchIntent of BluetoothDevicePickerPreferenceController.java, there is a possible way to invoke an arbitrary broadcast receiver due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-12Android ID: A-195668284",
  "id": "GHSA-8wh3-6776-4hgj",
  "modified": "2022-01-16T00:00:56Z",
  "published": "2022-01-15T00:01:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-1035"
    },
    {
      "type": "WEB",
      "url": "https://source.android.com/security/bulletin/aaos/2022-01-01"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-952C-48VM-QJ8V

Vulnerability from github – Published: 2024-08-06 06:30 – Updated: 2024-08-06 06:30
VLAI
Details

Dell Command | Update, Dell Update, and Alienware Update UWP, versions prior to 5.4, contain an Exposed Dangerous Method or Function vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to denial of service.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-28962"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-610"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-08-06T04:16:45Z",
    "severity": "MODERATE"
  },
  "details": "Dell Command | Update, Dell Update, and Alienware Update UWP, versions prior to 5.4, contain an Exposed Dangerous Method or Function vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to denial of service.",
  "id": "GHSA-952c-48vm-qj8v",
  "modified": "2024-08-06T06:30:35Z",
  "published": "2024-08-06T06:30:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-28962"
    },
    {
      "type": "WEB",
      "url": "https://www.dell.com/support/kbdoc/en-us/000227236/dsa-2024-169"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-9722-RR68-RFPG

Vulnerability from github – Published: 2020-06-03 21:58 – Updated: 2021-03-04 18:26
VLAI
Summary
Upload whitelisted files to any directory in OctoberCMS
Details

Impact

An attacker can exploit this vulnerability to upload jpg, jpeg, bmp, png, webp, gif, ico, css, js, woff, woff2, svg, ttf, eot, json, md, less, sass, scss, xml files to any directory of an October CMS server. The vulnerability is only exploitable by an authenticated backend user with the cms.manage_assets permission.

Patches

Issue has been patched in Build 466 (v1.0.466).

Workarounds

Apply https://github.com/octobercms/october/commit/6711dae8ef70caf0e94cec434498012a2ccd86b8 to your installation manually if unable to upgrade to Build 466.

References

Reported by Sivanesh Ashok

For more information

If you have any questions or comments about this advisory: * Email us at hello@octobercms.com

Threat assessment:

Screen Shot 2020-03-31 at 12 21 10 PM

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "october/cms"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.0.319"
            },
            {
              "fixed": "1.0.466"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2020-5297"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-610",
      "CWE-73"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2020-06-03T21:26:41Z",
    "nvd_published_at": "2020-06-03T22:15:00Z",
    "severity": "LOW"
  },
  "details": "### Impact\nAn attacker can exploit this vulnerability to upload jpg, jpeg, bmp, png, webp, gif, ico, css, js, woff, woff2, svg, ttf, eot, json, md, less, sass, scss, xml files to any directory of an October CMS server. The vulnerability is only exploitable by an authenticated backend user with the `cms.manage_assets` permission.\n\n### Patches\nIssue has been patched in Build 466 (v1.0.466).\n\n### Workarounds\nApply https://github.com/octobercms/october/commit/6711dae8ef70caf0e94cec434498012a2ccd86b8 to your installation manually if unable to upgrade to Build 466.\n\n### References\nReported by [Sivanesh Ashok](https://stazot.com/)\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Email us at [hello@octobercms.com](mailto:hello@octobercms.com)\n\n### Threat assessment:\n\u003cimg width=\"1241\" alt=\"Screen Shot 2020-03-31 at 12 21 10 PM\" src=\"https://user-images.githubusercontent.com/7253840/78061230-255f5400-734a-11ea-92b4-1120f6960505.png\"\u003e",
  "id": "GHSA-9722-rr68-rfpg",
  "modified": "2021-03-04T18:26:59Z",
  "published": "2020-06-03T21:58:27Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/octobercms/october/security/advisories/GHSA-9722-rr68-rfpg"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-5297"
    },
    {
      "type": "WEB",
      "url": "https://github.com/octobercms/october/commit/6711dae8ef70caf0e94cec434498012a2ccd86b8"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/158730/October-CMS-Build-465-XSS-File-Read-File-Deletion-CSV-Injection.html"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2020/Aug/2"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:N/I:L/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Upload whitelisted files to any directory in OctoberCMS"
}

GHSA-973J-JF94-FMWP

Vulnerability from github – Published: 2023-11-27 18:31 – Updated: 2025-11-04 21:30
VLAI
Details

An arbitrary file creation vulnerability exists in the Javascript exportDataObject API of Foxit Reader 12.1.3.15356 due to mistreatment of whitespace characters. A specially crafted malicious file can create files at arbitrary locations, which can lead to arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-40194"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-610",
      "CWE-73"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-11-27T16:15:10Z",
    "severity": "HIGH"
  },
  "details": "An arbitrary file creation vulnerability exists in the Javascript exportDataObject API of Foxit Reader 12.1.3.15356 due to mistreatment of whitespace characters. A specially crafted malicious file can create files at arbitrary locations, which can lead to arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled.",
  "id": "GHSA-973j-jf94-fmwp",
  "modified": "2025-11-04T21:30:48Z",
  "published": "2023-11-27T18:31:13Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40194"
    },
    {
      "type": "WEB",
      "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1833"
    },
    {
      "type": "WEB",
      "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1833"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-9GJ5-Q54R-HCPR

Vulnerability from github – Published: 2023-11-27 18:31 – Updated: 2025-11-04 21:30
VLAI
Details

An arbitrary file creation vulnerability exists in the Javascript exportDataObject API of Foxit Reader 12.1.3.15356 due to a failure to properly validate a dangerous extension. A specially crafted malicious file can create files at arbitrary locations, which can lead to arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially-crafted malicious site if the browser plugin extension is enabled.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-35985"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-610",
      "CWE-73"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-11-27T16:15:09Z",
    "severity": "HIGH"
  },
  "details": "An arbitrary file creation vulnerability exists in the Javascript exportDataObject API of Foxit Reader 12.1.3.15356 due to a failure to properly validate a dangerous extension. A specially crafted malicious file can create files at arbitrary locations, which can lead to arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially-crafted malicious site if the browser plugin extension is enabled.",
  "id": "GHSA-9gj5-q54r-hcpr",
  "modified": "2025-11-04T21:30:48Z",
  "published": "2023-11-27T18:31:13Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-35985"
    },
    {
      "type": "WEB",
      "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1834"
    },
    {
      "type": "WEB",
      "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1834"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-9J36-XV3G-RVH5

Vulnerability from github – Published: 2025-09-08 12:30 – Updated: 2025-09-08 12:30
VLAI
Details

A vulnerability has been found in Jinher OA up to 1.2. This affects an unknown function of the file /c6/Jhsoft.Web.projectmanage/ProjectManage/XmlHttp.aspx/?Type=add of the component XML Handler. The manipulation leads to xml external entity reference. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-10091"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-610",
      "CWE-611"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-08T11:15:30Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability has been found in Jinher OA up to 1.2. This affects an unknown function of the file /c6/Jhsoft.Web.projectmanage/ProjectManage/XmlHttp.aspx/?Type=add of the component XML Handler. The manipulation leads to xml external entity reference. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used.",
  "id": "GHSA-9j36-xv3g-rvh5",
  "modified": "2025-09-08T12:30:33Z",
  "published": "2025-09-08T12:30:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-10091"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Cstarplus/CVE/issues/2"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.323046"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.323046"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.644864"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-9RVG-H3PH-F3V3

Vulnerability from github – Published: 2023-08-31 21:32 – Updated: 2023-08-31 21:32
VLAI
Details

Local privilege escalation during installation due to improper soft link handling. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40278.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-46869"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269",
      "CWE-59",
      "CWE-610"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-08-31T20:15:08Z",
    "severity": "HIGH"
  },
  "details": "Local privilege escalation during installation due to improper soft link handling. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40278.",
  "id": "GHSA-9rvg-h3ph-f3v3",
  "modified": "2023-08-31T21:32:40Z",
  "published": "2023-08-31T21:32:40Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-46869"
    },
    {
      "type": "WEB",
      "url": "https://security-advisory.acronis.com/advisories/SEC-3835"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-9VVV-8533-53P6

Vulnerability from github – Published: 2022-05-13 01:39 – Updated: 2025-04-20 03:35
VLAI
Details

An elevation of privilege vulnerability exists in Windows 10, Windows 8.1, Windows RT 8.1, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 versions of Microsoft Windows OLE when it fails an integrity-level check, aka "Windows OLE Elevation of Privilege Vulnerability."

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-0211"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-610"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-04-12T14:59:00Z",
    "severity": "MODERATE"
  },
  "details": "An elevation of privilege vulnerability exists in Windows 10, Windows 8.1, Windows RT 8.1, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 versions of Microsoft Windows OLE when it fails an integrity-level check, aka \"Windows OLE Elevation of Privilege Vulnerability.\"",
  "id": "GHSA-9vvv-8533-53p6",
  "modified": "2025-04-20T03:35:51Z",
  "published": "2022-05-13T01:39:50Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-0211"
    },
    {
      "type": "WEB",
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0211"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/41902"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/97514"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1038240"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-9W63-3R8G-CXH8

Vulnerability from github – Published: 2022-12-07 03:30 – Updated: 2022-12-08 18:30
VLAI
Details

ILIAS before 7.16 allows External Control of File Name or Path.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-45918"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-610"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-12-07T01:15:00Z",
    "severity": "MODERATE"
  },
  "details": "ILIAS before 7.16 allows External Control of File Name or Path.",
  "id": "GHSA-9w63-3r8g-cxh8",
  "modified": "2022-12-08T18:30:50Z",
  "published": "2022-12-07T03:30:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-45918"
    },
    {
      "type": "WEB",
      "url": "https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-ilias-elearning-platform"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/170181/ILIAS-eLearning-7.15-Command-Injection-XSS-LFI-Open-Redirect.html"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2022/Dec/7"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-9XHG-4CW3-P79R

Vulnerability from github – Published: 2023-07-06 19:24 – Updated: 2024-04-04 05:30
VLAI
Details

A vulnerability has been identified in syngo Dynamics (All versions < VA40G HF01). syngo Dynamics application server hosts a web service using an operation with improper write access control that could allow to write data in any folder accessible to the account assigned to the website’s application pool.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-42891"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-610",
      "CWE-73"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-11-17T17:15:00Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability has been identified in syngo Dynamics (All versions \u003c VA40G HF01). syngo Dynamics application server hosts a web service using an operation with improper write access control that could allow to write data in any folder accessible to the account assigned to the website\u2019s application pool.",
  "id": "GHSA-9xhg-4cw3-p79r",
  "modified": "2024-04-04T05:30:25Z",
  "published": "2023-07-06T19:24:04Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42891"
    },
    {
      "type": "WEB",
      "url": "https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/shsa-741697"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

No mitigation information available for this CWE.

CAPEC-219: XML Routing Detour Attacks

An attacker subverts an intermediate system used to process XML content and forces the intermediate to modify and/or re-route the processing of the content. XML Routing Detour Attacks are Adversary in the Middle type attacks (CAPEC-94). The attacker compromises or inserts an intermediate system in the processing of the XML message. For example, WS-Routing can be used to specify a series of nodes or intermediaries through which content is passed. If any of the intermediate nodes in this route are compromised by an attacker they could be used for a routing detour attack. From the compromised system the attacker is able to route the XML process to other nodes of their choice and modify the responses so that the normal chain of processing is unaware of the interception. This system can forward the message to an outside entity and hide the forwarding and processing from the legitimate processing systems by altering the header information.