Total
2510 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-5488 | 1 Byzoro | 2 Smart S45f, Smart S45f Firmware | 2024-08-02 | 6.3 Medium |
| A vulnerability was found in Byzoro Smart S45F Multi-Service Secure Gateway Intelligent Management Platform up to 20230928. It has been rated as critical. Affected by this issue is some unknown functionality of the file /sysmanage/updatelib.php. The manipulation of the argument file_upload leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-241640. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-5492 | 1 Byzoro | 2 Smart S45f, Smart S45f Firmware | 2024-08-02 | 6.3 Medium |
| A vulnerability, which was classified as critical, was found in Byzoro Smart S45F Multi-Service Secure Gateway Intelligent Management Platform up to 20230928. Affected is an unknown function of the file /sysmanage/licence.php. The manipulation of the argument file_upload leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-241644. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-5491 | 1 Byzoro | 2 Smart S45f, Smart S45f Firmware | 2024-08-02 | 6.3 Medium |
| A vulnerability, which was classified as critical, has been found in Byzoro Smart S45F Multi-Service Secure Gateway Intelligent Management Platform up to 20230928. This issue affects some unknown processing of the file /sysmanage/updatelib.php. The manipulation of the argument file_upload leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-241643. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-5360 | 1 Royal-elementor-addons | 1 Royal Elementor Addons | 2024-08-02 | 9.8 Critical |
| The Royal Elementor Addons and Templates WordPress plugin before 1.3.79 does not properly validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as PHP and achieve RCE. | ||||
| CVE-2023-5262 | 1 Openrapid | 1 Rapidcms | 2024-08-02 | 6.3 Medium |
| A vulnerability has been found in OpenRapid RapidCMS 1.3.1 and classified as critical. Affected by this vulnerability is the function isImg of the file /admin/config/uploadicon.php. The manipulation of the argument fileName leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-240871. | ||||
| CVE-2023-5277 | 1 Engineers Online Portal Project | 1 Engineers Online Portal | 2024-08-02 | 6.3 Medium |
| A vulnerability, which was classified as critical, has been found in SourceCodester Engineers Online Portal 1.0. This issue affects some unknown processing of the file student_avatar.php. The manipulation of the argument change leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-240905 was assigned to this vulnerability. | ||||
| CVE-2023-5284 | 1 Engineers Online Portal Project | 1 Engineers Online Portal | 2024-08-02 | 6.3 Medium |
| A vulnerability classified as critical has been found in SourceCodester Engineers Online Portal 1.0. Affected is an unknown function of the file upload_save_student.php. The manipulation of the argument uploaded_file leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-240912. | ||||
| CVE-2023-5034 | 1 My Food Recipe Project | 1 My Food Recipe | 2024-08-02 | 6.3 Medium |
| A vulnerability classified as problematic was found in SourceCodester My Food Recipe 1.0. This vulnerability affects unknown code of the file index.php of the component Image Upload Handler. The manipulation leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-239878 is the identifier assigned to this vulnerability. | ||||
| CVE-2023-4739 | 1 Byzoro | 2 Smart S85f, Smart S85f Firmware | 2024-08-02 | 6.3 Medium |
| A vulnerability, which was classified as critical, has been found in Byzoro Smart S85F Management Platform up to 20230820. Affected by this issue is some unknown functionality of the file /sysmanage/updateos.php. The manipulation of the argument 1_file_upload leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-238628. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-4536 | 1 Koalaapps | 1 My Account Page Editor | 2024-08-02 | 8.8 High |
| The My Account Page Editor WordPress plugin before 1.3.2 does not validate the profile picture to be uploaded, allowing any authenticated users, such as subscriber to upload arbitrary files to the server, leading to RCE | ||||
| CVE-2023-4559 | 1 Laiketui | 1 Laiketui | 2024-08-02 | 6.3 Medium |
| A vulnerability, which was classified as critical, has been found in Bettershop LaikeTui. Affected by this issue is some unknown functionality of the file index.php?module=api&action=user&m=upload of the component POST Request Handler. The manipulation leads to unrestricted upload. The attack may be launched remotely. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The identifier of this vulnerability is VDB-238160. | ||||
| CVE-2023-4311 | 1 Maurice | 1 Vrm360 | 2024-08-02 | 8.8 High |
| The Vrm 360 3D Model Viewer WordPress plugin through 1.2.1 is vulnerable to arbitrary file upload due to insufficient checks in a plugin shortcode. | ||||
| CVE-2023-4409 | 1 Happysoft | 1 Nbs\&happysoftwechat | 2024-08-02 | 6.3 Medium |
| A vulnerability, which was classified as critical, has been found in NBS&HappySoftWeChat 1.1.6. Affected by this issue is some unknown functionality. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-237512. | ||||
| CVE-2023-4243 | 1 Full | 1 Full - Customer | 2024-08-02 | 8.8 High |
| The FULL - Customer plugin for WordPress is vulnerable to Arbitrary File Upload via the /install-plugin REST route in versions up to, and including, 2.2.3 due to improper authorization. This allows authenticated attackers with subscriber-level permissions and above to execute code by installing plugins from arbitrary remote locations including non-repository sources onto the site, granted they are packaged as a valid WordPress plugin. | ||||
| CVE-2023-4226 | 1 Chamilo | 1 Chamilo Lms | 2024-08-02 | 8.8 High |
| Unrestricted file upload in `/main/inc/ajax/work.ajax.php` in Chamilo LMS <= v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP files. | ||||
| CVE-2023-4223 | 1 Chamilo | 1 Chamilo Lms | 2024-08-02 | 8.8 High |
| Unrestricted file upload in `/main/inc/ajax/document.ajax.php` in Chamilo LMS <= v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP files. | ||||
| CVE-2023-4224 | 1 Chamilo | 1 Chamilo Lms | 2024-08-02 | 8.8 High |
| Unrestricted file upload in `/main/inc/ajax/dropbox.ajax.php` in Chamilo LMS <= v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP files. | ||||
| CVE-2023-4186 | 1 Pharmacy Management System Project | 1 Pharmacy Management System | 2024-08-02 | 6.3 Medium |
| A vulnerability was found in SourceCodester Pharmacy Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file manage_website.php. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-236221 was assigned to this vulnerability. | ||||
| CVE-2023-4220 | 1 Chamilo | 1 Chamilo Lms | 2024-08-02 | 8.1 High |
| Unrestricted file upload in big file upload functionality in `/main/inc/lib/javascript/bigupload/inc/bigUpload.php` in Chamilo LMS <= v1.11.24 allows unauthenticated attackers to perform stored cross-site scripting attacks and obtain remote code execution via uploading of web shell. | ||||
| CVE-2023-4225 | 1 Chamilo | 1 Chamilo Lms | 2024-08-02 | 8.8 High |
| Unrestricted file upload in `/main/inc/ajax/exercise.ajax.php` in Chamilo LMS <= v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP files. | ||||