Total
2510 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2023-26262 | 1 Sitecore | 2 Experience Manager, Experience Platform | 2024-08-02 | 7.2 High |
An issue was discovered in Sitecore XP/XM 10.3. As an authenticated Sitecore user, a unrestricted language file upload vulnerability exists the can lead to direct code execution on the content management (CM) server. | ||||
CVE-2023-26098 | 1 Telindus | 1 Apsal | 2024-08-02 | 8.2 High |
An issue was discovered in the Open Document feature in Telindus Apsal 3.14.2022.235 b. An attacker may upload a crafted file to execute arbitrary code. | ||||
CVE-2023-25970 | 1 Zendrop | 1 Zendrop | 2024-08-02 | 10 Critical |
Unrestricted Upload of File with Dangerous Type vulnerability in Zendrop Zendrop – Global Dropshipping.This issue affects Zendrop – Global Dropshipping: from n/a through 1.0.0. | ||||
CVE-2023-25922 | 2024-08-02 | 4.3 Medium | ||
IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment. IBM X-Force ID: 247621. | ||||
CVE-2023-25909 | 1 Hgiga | 1 Oaklouds Portal | 2024-08-02 | 9.8 Critical |
HGiga OAKlouds file uploading function does not restrict upload of file with dangerous type. An unauthenticated remote attacker can exploit this vulnerability to upload and run arbitrary executable files to perform arbitrary command or disrupt service. | ||||
CVE-2023-25828 | 1 Pluck-cms | 1 Pluck | 2024-08-02 | 7.2 High |
Pluck CMS is vulnerable to an authenticated remote code execution (RCE) vulnerability through its “albums” module. Albums are used to create collections of images that can be inserted into web pages across the site. Albums allow the upload of various filetypes, which undergo a normalization process before being available on the site. Due to lack of file extension validation, it is possible to upload a crafted JPEG payload containing an embedded PHP web-shell. An attacker may navigate to it directly to achieve RCE on the underlying web server. Administrator credentials for the Pluck CMS web interface are required to access the albums module feature, and are thus required to exploit this vulnerability. CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C (8.2 High) | ||||
CVE-2023-25655 | 1 Basercms | 1 Basercms | 2024-08-02 | 9.8 Critical |
baserCMS is a Content Management system. Prior to version 4.7.5, any file may be uploaded on the management system of baserCMS. Version 4.7.5 contains a patch. | ||||
CVE-2023-25654 | 1 Basercms | 1 Basercms | 2024-08-02 | 9.8 Critical |
baserCMS is a Content Management system. Prior to version 4.7.5, there is a Remote Code Execution (RCE) Vulnerability in the management system of baserCMS. Version 4.7.5 contains a patch. | ||||
CVE-2023-25444 | 2024-08-02 | 9.1 Critical | ||
Unrestricted Upload of File with Dangerous Type vulnerability in JS Help Desk JS Help Desk – Best Help Desk & Support Plugin allows Using Malicious Files.This issue affects JS Help Desk – Best Help Desk & Support Plugin: from n/a through 2.7.7. | ||||
CVE-2023-25365 | 1 Octobercms | 1 October | 2024-08-02 | 7.8 High |
Cross Site Scripting vulnerability found in October CMS v.3.2.0 allows local attacker to execute arbitrary code via the file type .mp3 | ||||
CVE-2023-25402 | 1 Yf-exam Project | 1 Yf-exam | 2024-08-02 | 7.5 High |
CleverStupidDog yf-exam 1.8.0 is vulnerable to File Upload. There is no restriction on the suffix of the uploaded file, resulting in any file upload. | ||||
CVE-2023-25132 | 1 Cyberpower | 1 Powerpanel | 2024-08-02 | 9.1 Critical |
Unrestricted upload of file with dangerous type vulnerability in default.cmd file in PowerPanel Business Local/Remote for Windows v4.8.6 and earlier, PowerPanel Business Management for Windows v4.8.6 and earlier, PowerPanel Business Local/Remote for Linux 32bit v4.8.6 and earlier, PowerPanel Business Local/Remote for Linux 64bit v4.8.6 and earlier, PowerPanel Business Management for Linux 32bit v4.8.6 and earlier, PowerPanel Business Management for Linux 64bit v4.8.6 and earlier, PowerPanel Business Local/Remote for MacOS v4.8.6 and earlier, and PowerPanel Business Management for MacOS v4.8.6 and earlier allows remote attackers to execute operation system commands via unspecified vectors. | ||||
CVE-2023-24610 | 1 Nosh Chartingsystem Project | 1 Nosh Chartingsystem | 2024-08-02 | 8.8 High |
NOSH 4a5cfdb allows remote authenticated users to execute PHP arbitrary code via the "practice logo" upload feature. The client-side checks can be bypassed. This may allow attackers to steal Protected Health Information because the product is for health charting. | ||||
CVE-2023-24720 | 1 Readium | 1 Readium-js | 2024-08-02 | 9.8 Critical |
An arbitrary file upload vulnerability in readium-js v0.32.0 allows attackers to execute arbitrary code via uploading a crafted EPUB file. | ||||
CVE-2023-24646 | 1 Online Food Ordering System Project | 1 Online Food Ordering System | 2024-08-02 | 9.8 Critical |
An arbitrary file upload vulnerability in the component /fos/admin/ajax.php of Food Ordering System v2.0 allows attackers to execute arbitrary code via a crafted PHP file. | ||||
CVE-2023-24530 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2024-08-02 | 8.4 High |
SAP BusinessObjects Business Intelligence Platform (CMC) - versions 420, 430, allows an authenticated admin user to upload malicious code that can be executed by the application over the network. On successful exploitation, attacker can perform operations that may completely compromise the application causing high impact on confidentiality, integrity and availability of the application. | ||||
CVE-2023-24507 | 1 Agilepoint | 1 Agilepoint Nx | 2024-08-02 | 8.8 High |
AgilePoint NX v8.0 SU2.2 & SU2.3 – Insecure File Upload - Vulnerability allows insecure file upload, by an unspecified request. | ||||
CVE-2023-24517 | 1 Pandorafms | 1 Pandora Fms | 2024-08-02 | 6.4 Medium |
Unrestricted Upload of File with Dangerous Type vulnerability in the Pandora FMS File Manager component, allows an attacker to make make use of this issue ( unrestricted file upload ) to execute arbitrary system commands. This issue affects Pandora FMS v767 version and prior versions on all platforms. | ||||
CVE-2023-24269 | 1 Textpattern | 1 Textpattern | 2024-08-02 | 8.8 High |
An arbitrary file upload vulnerability in the plugin upload function of Textpattern v4.8.8 allows attackers to execute arbitrary code via a crafted Zip file. | ||||
CVE-2023-24317 | 1 Judging Management System Project | 1 Judging Management System | 2024-08-02 | 8.1 High |
Judging Management System 1.0 was discovered to contain an arbitrary file upload vulnerability via the component edit_organizer.php. |