Total
2510 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2023-31215 | 1 Amadercode | 1 Dropshipping \& Affiliation With Amazon | 2024-08-02 | 9.9 Critical |
Unrestricted Upload of File with Dangerous Type vulnerability in AmaderCode Lab Dropshipping & Affiliation with Amazon.This issue affects Dropshipping & Affiliation with Amazon: from n/a through 2.1.2. | ||||
CVE-2023-31090 | 2024-08-02 | 9.9 Critical | ||
Unrestricted Upload of File with Dangerous Type vulnerability in Unlimited Elements Unlimited Elements For Elementor (Free Widgets, Addons, Templates) allows Upload a Web Shell to a Web Server.This issue affects Unlimited Elements For Elementor (Free Widgets, Addons, Templates): from n/a through 1.5.60. | ||||
CVE-2023-30791 | 1 Plane | 1 Plane | 2024-08-02 | 7.1 High |
Plane version 0.7.1-dev allows an attacker to change the avatar of his profile, which allows uploading files with HTML extension that interprets both HTML and JavaScript. | ||||
CVE-2023-30613 | 1 Kiwitcms | 1 Kiwi Tcms | 2024-08-02 | 8.1 High |
Kiwi TCMS, an open source test management system, allows users to upload attachments to test plans, test cases, etc. In versions of Kiwi TCMS prior to 12.2, there is no control over what kinds of files can be uploaded. Thus, a malicious actor may upload an `.exe` file or a file containing embedded JavaScript and trick others into clicking on these files, causing vulnerable browsers to execute malicious code on another computer. Kiwi TCMS v12.2 comes with functionality that allows administrators to configure additional upload validator functions which give them more control over what file types are accepted for upload. By default `.exe` are denied. Other files containing the `<script>` tag, regardless of their type are also denied b/c they are a path to XSS attacks. There are no known workarounds aside from upgrading. | ||||
CVE-2023-30333 | 1 Perfree | 1 Perfreeblog | 2024-08-02 | 9.8 Critical |
An arbitrary file upload vulnerability in the component /admin/ThemeController.java of PerfreeBlog v3.1.2 allows attackers to execute arbitrary code via a crafted file. | ||||
CVE-2023-30185 | 1 Crmeb | 1 Crmeb | 2024-08-02 | 9.8 Critical |
CRMEB v4.4 to v4.6 was discovered to contain an arbitrary file upload vulnerability via the component \attachment\SystemAttachmentServices.php. | ||||
CVE-2023-30264 | 1 Cltphp | 1 Cltphp | 2024-08-02 | 9.8 Critical |
CLTPHP <=6.0 is vulnerable to Unrestricted Upload of File with Dangerous Type via application/admin/controller/Template.php:update. | ||||
CVE-2023-30247 | 1 Storage Unit Rental Management System Project | 1 Storage Unit Rental Management System | 2024-08-02 | 9.8 Critical |
File Upload vulnerability found in Oretnom23 Storage Unit Rental Management System v.1.0 allows a remote attacker to execute arbitrary code via the update_settings parameter. | ||||
CVE-2023-30122 | 1 Online Food Ordering System Project | 1 Online Food Ordering System | 2024-08-02 | 9.8 Critical |
An arbitrary file upload vulnerability in the component /admin/ajax.php?action=save_menu of Online Food Ordering System v2.0 allows attackers to execute arbitrary code via uploading a crafted PHP file. | ||||
CVE-2023-30266 | 1 Cltphp | 1 Cltphp | 2024-08-02 | 8.8 High |
CLTPHP <=6.0 is vulnerable to Unrestricted Upload of File with Dangerous Type. | ||||
CVE-2023-30090 | 1 Sem-cms | 1 Semcms | 2024-08-02 | 9.8 Critical |
Semcms Shop v4.2 was discovered to contain an arbitrary file uplaod vulnerability via the component SEMCMS_Upfile.php. This vulnerability allows attackers to execute arbitrary code via uploading a crafted PHP file. | ||||
CVE-2023-29930 | 1 Genesys | 1 Tftp Server | 2024-08-02 | 8.8 High |
An issue was found in Genesys CIC Polycom phone provisioning TFTP Server all version allows a remote attacker to execute arbitrary code via the login crednetials to the TFTP server configuration page. | ||||
CVE-2023-29721 | 1 Sofawiki Project | 1 Sofawiki | 2024-08-02 | 9.8 Critical |
SofaWiki <= 3.8.9 has a file upload vulnerability that leads to command execution. | ||||
CVE-2023-29631 | 1 Joommasters | 1 Jms Slider | 2024-08-02 | 9.8 Critical |
PrestaShop jmsslider 1.6.0 is vulnerable to Incorrect Access Control via ajax_jmsslider.php. | ||||
CVE-2023-29657 | 1 Extplorer | 1 Extplorer | 2024-08-02 | 8.8 High |
eXtplorer 2.1.15 is vulnerable to Insecure Permissions. File upload in file manager allows uploading zip file containing php pages with arbitrary code executions. | ||||
CVE-2023-29770 | 1 Sapplica | 1 Sentrifugo | 2024-08-02 | 8.8 High |
In Sentrifugo 3.5, the AssetsController::uploadsaveAction function allows an authenticated attacker to upload any file without extension filtering. | ||||
CVE-2023-29635 | 1 Antabot White-jotter Project | 1 Antabot White-jotter | 2024-08-02 | 9.8 Critical |
File upload vulnerability in Antabot White-Jotter v0.2.2, allows remote attackers to execute malicious code via the file parameter to function coversUpload. | ||||
CVE-2023-29625 | 1 Employee Performance Evaluation System Project | 1 Employee Performance Evaluation System | 2024-08-02 | 8.8 High |
Employee Performance Evaluation System v1.0 was discovered to contain an arbitrary file upload vulnerability which allows attackers to execute arbitrary code via a crafted file uploaded to the server. | ||||
CVE-2023-29621 | 1 Purchase Order Management Project | 1 Purchase Order Management | 2024-08-02 | 8.8 High |
Purchase Order Management v1.0 was discovered to contain an arbitrary file upload vulnerability which allows attackers to execute arbitrary code via a crafted file uploaded to the server. | ||||
CVE-2023-29627 | 1 Online Pizza Ordering Project | 1 Online Pizza Ordering | 2024-08-02 | 8.8 High |
Online Pizza Ordering v1.0 was discovered to contain an arbitrary file upload vulnerability which allows attackers to execute arbitrary code via a crafted file uploaded to the server. |