Total
2632 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-27179 | 1 Gdidees | 1 Gdidees Cms | 2024-08-02 | 7.5 High |
| GDidees CMS v3.9.1 and lower was discovered to contain an arbitrary file download vulenrability via the filename parameter at /_admin/imgdownload.php. | ||||
| CVE-2023-27033 | 1 Cdesigner Project | 1 Cdesigner | 2024-08-02 | 9.8 Critical |
| Prestashop cdesigner v3.1.3 to v3.1.8 was discovered to contain a code injection vulnerability via the component CdesignerSaverotateModuleFrontController::initContent(). | ||||
| CVE-2023-26968 | 1 Atrocore | 1 Atrocore | 2024-08-02 | 9.8 Critical |
| In Atrocore 1.5.25, the Create Import Feed option with glyphicon-glyphicon-paperclip function is vulnerable to Unauthenticated File upload. | ||||
| CVE-2023-26949 | 1 Onekeyadmin | 1 Onekeyadmin | 2024-08-02 | 9.8 Critical |
| An arbitrary file upload vulnerability in the component /admin1/config/update of onekeyadmin v1.3.9 allows attackers to execute arbitrary code via a crafted PHP file. | ||||
| CVE-2023-26857 | 1 Dynamic Transaction Queuing System Project | 1 Dynamic Transaction Queuing System | 2024-08-02 | 7.2 High |
| An arbitrary file upload vulnerability in /admin/ajax.php?action=save_uploads of Dynamic Transaction Queuing System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. | ||||
| CVE-2023-26852 | 1 Textpattern | 1 Textpattern | 2024-08-02 | 7.2 High |
| An arbitrary file upload vulnerability in the upload plugin of Textpattern v4.8.8 and below allows attackers to execute arbitrary code by uploading a crafted PHP file. | ||||
| CVE-2023-26762 | 1 Smeup | 1 Erp | 2024-08-02 | 8.8 High |
| Sme.UP ERP TOKYO V6R1M220406 was discovered to contain an arbitrary file upload vulnerability. | ||||
| CVE-2023-26830 | 1 Gladinet | 1 Centrestack | 2024-08-02 | 7.2 High |
| An unrestricted file upload vulnerability in the administrative portal branding component of Gladinet CentreStack before 13.5.9808 allows authenticated attackers to execute arbitrary code by uploading malicious files to the server. | ||||
| CVE-2023-26775 | 1 Monitorr | 1 Monitorr | 2024-08-02 | 7.8 High |
| File Upload vulnerability found in Monitorr v.1.7.6 allows a remote attacker t oexecute arbitrary code via a crafted file upload to the assets/php/upload.php endpoint. | ||||
| CVE-2023-26262 | 1 Sitecore | 2 Experience Manager, Experience Platform | 2024-08-02 | 7.2 High |
| An issue was discovered in Sitecore XP/XM 10.3. As an authenticated Sitecore user, a unrestricted language file upload vulnerability exists the can lead to direct code execution on the content management (CM) server. | ||||
| CVE-2023-26098 | 1 Telindus | 1 Apsal | 2024-08-02 | 8.2 High |
| An issue was discovered in the Open Document feature in Telindus Apsal 3.14.2022.235 b. An attacker may upload a crafted file to execute arbitrary code. | ||||
| CVE-2023-25970 | 1 Zendrop | 1 Zendrop | 2024-08-02 | 10 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in Zendrop Zendrop – Global Dropshipping.This issue affects Zendrop – Global Dropshipping: from n/a through 1.0.0. | ||||
| CVE-2023-25922 | 2024-08-02 | 4.3 Medium | ||
| IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment. IBM X-Force ID: 247621. | ||||
| CVE-2023-25909 | 1 Hgiga | 1 Oaklouds Portal | 2024-08-02 | 9.8 Critical |
| HGiga OAKlouds file uploading function does not restrict upload of file with dangerous type. An unauthenticated remote attacker can exploit this vulnerability to upload and run arbitrary executable files to perform arbitrary command or disrupt service. | ||||
| CVE-2023-25828 | 1 Pluck-cms | 1 Pluck | 2024-08-02 | 7.2 High |
| Pluck CMS is vulnerable to an authenticated remote code execution (RCE) vulnerability through its “albums” module. Albums are used to create collections of images that can be inserted into web pages across the site. Albums allow the upload of various filetypes, which undergo a normalization process before being available on the site. Due to lack of file extension validation, it is possible to upload a crafted JPEG payload containing an embedded PHP web-shell. An attacker may navigate to it directly to achieve RCE on the underlying web server. Administrator credentials for the Pluck CMS web interface are required to access the albums module feature, and are thus required to exploit this vulnerability. CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C (8.2 High) | ||||
| CVE-2023-25655 | 1 Basercms | 1 Basercms | 2024-08-02 | 9.8 Critical |
| baserCMS is a Content Management system. Prior to version 4.7.5, any file may be uploaded on the management system of baserCMS. Version 4.7.5 contains a patch. | ||||
| CVE-2023-25654 | 1 Basercms | 1 Basercms | 2024-08-02 | 9.8 Critical |
| baserCMS is a Content Management system. Prior to version 4.7.5, there is a Remote Code Execution (RCE) Vulnerability in the management system of baserCMS. Version 4.7.5 contains a patch. | ||||
| CVE-2023-25444 | 2024-08-02 | 9.1 Critical | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in JS Help Desk JS Help Desk – Best Help Desk & Support Plugin allows Using Malicious Files.This issue affects JS Help Desk – Best Help Desk & Support Plugin: from n/a through 2.7.7. | ||||
| CVE-2023-25365 | 1 Octobercms | 1 October | 2024-08-02 | 7.8 High |
| Cross Site Scripting vulnerability found in October CMS v.3.2.0 allows local attacker to execute arbitrary code via the file type .mp3 | ||||
| CVE-2023-25402 | 1 Yf-exam Project | 1 Yf-exam | 2024-08-02 | 7.5 High |
| CleverStupidDog yf-exam 1.8.0 is vulnerable to File Upload. There is no restriction on the suffix of the uploaded file, resulting in any file upload. | ||||