📦 Hfly

This CVE describes a path traversal vulnerability in baowzh hfly's admin interface that allows remote attackers to delete arbitrary files by manipulating the filename parameter. The vulnerability affe...

This CVE describes a path traversal vulnerability in baowzh hfly's admin interface that allows attackers to read arbitrary files on the server. The vulnerability exists in the /admin/index.php/datafil...

This CVE describes an unrestricted file upload vulnerability in baowzh hfly's upload_json.php component. Attackers can remotely upload malicious files by manipulating the imgFile parameter, potentiall...

This CVE describes a stored cross-site scripting (XSS) vulnerability in the baowzh hfly travel website CMS. Attackers can inject malicious scripts into the advtext module's add functionality, which ar...