Total
2498 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-7705 | 2 Fujian, Mainwww | 2 Mwcms, Mwcms | 2024-09-16 | 4.7 Medium |
A vulnerability was found in Fujian mwcms 1.0.0. It has been declared as critical. Affected by this vulnerability is the function uploadeditor of the file /uploadeditor.html?action=uploadimage of the component Image Upload. The manipulation of the argument upfile leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
CVE-2018-19562 | 1 Phpok | 1 Phpok | 2024-09-16 | N/A |
An issue was discovered in PHPok 4.9.015. admin.php?c=update&f=unzip allows remote attackers to execute arbitrary code via a "Login Background > Program Upgrade > Compressed Packet Upgrade" action in which a .php file is inside a ZIP archive. | ||||
CVE-2011-10004 | 1 Reciply Project | 1 Reciply | 2024-09-16 | 6.3 Medium |
A vulnerability was found in reciply Plugin up to 1.1.7 on WordPress. It has been rated as critical. This issue affects some unknown processing of the file uploadImage.php. The manipulation leads to unrestricted upload. The attack may be initiated remotely. Upgrading to version 1.1.8 is able to address this issue. The identifier of the patch is e3ff616dc08d3aadff9253f1085e13f677d0c676. It is recommended to upgrade the affected component. The identifier VDB-242189 was assigned to this vulnerability. | ||||
CVE-2023-44824 | 1 Oretnom23 | 1 Expense Management System | 2024-09-16 | 7.8 High |
An issue in Expense Management System v.1.0 allows a local attacker to execute arbitrary code via a crafted file uploaded to the sign-up.php component. | ||||
CVE-2024-6083 | 1 Phpvibe | 1 Phpvibe | 2024-09-16 | 6.3 Medium |
A vulnerability, which was classified as critical, was found in PHPVibe 11.0.46. Affected is an unknown function of the file /app/uploading/upload-mp3.php of the component Media Upload Page. The manipulation of the argument file leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-268824. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
CVE-2024-39397 | 1 Adobe | 2 Commerce, Magento | 2024-09-16 | 9 Critical |
Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in arbitrary code execution by an attacker. An attacker could exploit this vulnerability by uploading a malicious file which can then be executed on the server. Exploitation of this issue does not require user interaction, but attack complexity is high and scope is changed. | ||||
CVE-2022-22375 | 3 Apple, Ibm, Microsoft | 3 Macos, Security Verify Privilege On-premises, Windows | 2024-09-13 | 7.2 High |
IBM Security Verify Privilege On-Premises 11.5 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 221681. | ||||
CVE-2023-34207 | 1 Easyuse | 1 Mailhunter Ultimate | 2024-09-13 | 9.9 Critical |
Unrestricted upload of file with dangerous type vulnerability in create template function in EasyUse MailHunter Ultimate 2023 and earlier allows remote authenticated users to perform arbitrary system commands with ‘NT Authority\SYSTEM‘ privilege via a crafted ZIP archive. | ||||
CVE-2024-31411 | 2 Apache, Apache Software Foundation | 2 Streampipes, Apache Streampipes | 2024-09-13 | 6 Medium |
Unrestricted Upload of File with dangerous type vulnerability in Apache StreamPipes. Such a dangerous type might be an executable file that may lead to a remote code execution (RCE). The unrestricted upload is only possible for authenticated and authorized users. This issue affects Apache StreamPipes: through 0.93.0. Users are recommended to upgrade to version 0.95.0, which fixes the issue. | ||||
CVE-2023-45952 | 1 Lylme | 1 Lylme Spage | 2024-09-13 | 9.8 Critical |
An arbitrary file upload vulnerability in the component ajax_link.php of lylme_spage v1.7.0 allows attackers to execute arbitrary code via uploading a crafted file. | ||||
CVE-2024-44871 | 1 Mozilo | 1 Mozilocms | 2024-09-13 | 7.2 High |
An arbitrary file upload vulnerability in the component /admin/index.php of moziloCMS v3.0 allows attackers to execute arbitrary code via uploading a crafted file. | ||||
CVE-2023-46004 | 1 Mayurik | 1 Best Courier Management System | 2024-09-13 | 7.2 High |
Sourcecodester Best Courier Management System 1.0 is vulnerable to Arbitrary file upload in the update_user function. | ||||
CVE-2024-31680 | 2024-09-13 | 8.8 High | ||
File Upload vulnerability in Shibang Communications Co., Ltd. IP network intercom broadcasting system v.1.0 allows a local attacker to execute arbitrary code via the my_parser.php component. | ||||
CVE-2023-37502 | 1 Hcltech | 1 Hcl Compass | 2024-09-13 | 9 Critical |
HCL Compass is vulnerable to lack of file upload security. An attacker could upload files containing active code that can be executed by the server or by a user's web browser. | ||||
CVE-2022-1206 | 1 Adrotate Banner Manager Project | 1 Adrotate Banner Manager | 2024-09-13 | 7.2 High |
The AdRotate Banner Manager – The only ad manager you'll need plugin for WordPress is vulnerable to arbitrary file uploads due to missing file extension sanitization in the adrotate_insert_media() function in all versions up to, and including, 5.13.2. This makes it possible for authenticated attackers, with administrator-level access and above, to upload arbitrary files with double extensions on the affected site's server which may make remote code execution possible. This is only exploitable on select instances where the configuration will execute the first extension present. | ||||
CVE-2023-0651 | 1 Fastcms Project | 1 Fastcms | 2024-09-12 | 6.3 Medium |
A vulnerability was found in FastCMS 0.1.0. It has been classified as critical. Affected is an unknown function of the component Template Management. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
CVE-2023-46428 | 1 Hadsky | 1 Hadsky | 2024-09-12 | 8.8 High |
An arbitrary file upload vulnerability in HadSky v7.12.10 allows attackers to execute arbitrary code via a crafted file. | ||||
CVE-2023-45384 | 1 Knowband | 1 Supercheckout | 2024-09-12 | 9.8 Critical |
KnowBand supercheckout > 5.0.7 and < 6.0.7 is vulnerable to Unrestricted Upload of File with Dangerous Type. In the module "Module One Page Checkout, Social Login & Mailchimp" (supercheckout), a guest can upload files with extensions .php | ||||
CVE-2023-47784 | 1 Themepunch | 1 Slider Revolution | 2024-09-12 | 8.4 High |
Unrestricted Upload of File with Dangerous Type vulnerability in ThemePunch OHG Slider Revolution.This issue affects Slider Revolution: from n/a through 6.6.15. | ||||
CVE-2023-51928 | 1 Yonyou | 1 Yonbip | 2024-09-12 | 9.8 Critical |
An arbitrary file upload vulnerability in the nccloud.web.arcp.taskmonitor.action.ArcpUploadAction.doAction() method of YonBIP v3_23.05 allows attackers to execute arbitrary code via uploading a crafted file. |