Total
2498 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-8463 | 1 Phpgurukul | 1 Job Portal | 2024-09-12 | 9.9 Critical |
| File upload restriction bypass vulnerability in PHPGurukul Job Portal 1.0, the exploitation of which could allow an authenticated user to execute an RCE via webshell. | ||||
| CVE-2024-6311 | 1 Funnelforms | 1 Funnelforms Free | 2024-09-12 | 7.2 High |
| The Funnelforms Free plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'af2_add_font' function in all versions up to, and including, 3.7.3.2. This makes it possible for authenticated attackers, with administrator-level and above permissions, to upload arbitrary files on the affected site's server which may make remote code execution possible. | ||||
| CVE-2020-36706 | 1 Simple-press | 1 Simple\ | 2024-09-12 | 9.8 Critical |
| The Simple:Press – WordPress Forum Plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ~/admin/resources/jscript/ajaxupload/sf-uploader.php file in versions up to, and including, 6.6.0. This makes it possible for attackers to upload arbitrary files on the affected sites server which may make remote code execution possible. | ||||
| CVE-2024-42375 | 1 Sap | 1 Business Objects Business Intelligence Platform | 2024-09-12 | 4.3 Medium |
| SAP BusinessObjects Business Intelligence Platform allows an authenticated attacker to upload malicious code over the network, that could be executed by the application. On successful exploitation, the attacker can cause a low impact on the Integrity of the application. | ||||
| CVE-2024-8232 | 1 Spidercontrol | 1 Scada Webserver | 2024-09-12 | 7.5 High |
| SpiderControl SCADA Web Server has a vulnerability that could allow an attacker to upload specially crafted malicious files without authentication. | ||||
| CVE-2024-7500 | 2 Angeljudesuarez, Itsourcecode | 2 Airline Reservation System, Airline Reservation System | 2024-09-11 | 6.3 Medium |
| A vulnerability was found in itsourcecode Airline Reservation System 1.0. It has been rated as critical. Affected by this issue is the function save_settings of the file admin/admin_class.php. The manipulation of the argument img leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-273626 is the identifier assigned to this vulnerability. | ||||
| CVE-2024-7506 | 2 Angeljudesuarez, Itsourcecode | 2 Tailoring Management System, Tailoring Management System | 2024-09-11 | 6.3 Medium |
| A vulnerability has been found in itsourcecode Tailoring Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /setlogo.php. The manipulation of the argument bgimg leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-273649 was assigned to this vulnerability. | ||||
| CVE-2023-45554 | 1 Zzzcms | 1 Zzzcms | 2024-09-11 | 9.8 Critical |
| File Upload vulnerability in zzzCMS v.2.1.9 allows a remote attacker to execute arbitrary code via modification of the imageext parameter from jpg, jpeg,gif, and png to jpg, jpeg,gif, png, pphphp. | ||||
| CVE-2023-45555 | 1 Zzzcms | 1 Zzzcms | 2024-09-11 | 7.8 High |
| File Upload vulnerability in zzzCMS v.2.1.9 allows a remote attacker to execute arbitrary code via a crafted file to the down_url function in zzz.php file. | ||||
| CVE-2024-41731 | 1 Sap | 1 Business Objects Business Intelligence Platform | 2024-09-11 | 3.1 Low |
| SAP BusinessObjects Business Intelligence Platform allows an authenticated attacker to upload malicious code over the network, that could be executed by the application. On successful exploitation, the attacker can cause a low impact on the Integrity of the application. | ||||
| CVE-2023-26578 | 1 Idattend | 1 Idweb | 2024-09-10 | 8.8 High |
| Arbitrary file upload to web root in the IDAttend’s IDWeb application 3.1.013 allows authenticated attackers to upload dangerous files to web root such as ASP or ASPX, gaining command execution on the affected server. | ||||
| CVE-2022-30216 | 1 Microsoft | 9 Windows 10, Windows 10 20h2, Windows 10 21h1 and 6 more | 2024-09-10 | 8.8 High |
| Windows Server Service Tampering Vulnerability | ||||
| CVE-2024-7770 | 1 Bitpressadmin | 1 Bit File Manager Wordpress | 2024-09-10 | 8.8 High |
| The Bit File Manager – 100% Free & Open Source File Manager and Code Editor for WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'upload' function in all versions up to, and including, 6.5.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, and granted upload permissions by an administrator, to upload arbitrary files on the affected site's server which may make remote code execution possible. | ||||
| CVE-2023-51034 | 1 Totolink | 2 Ex1200l, Ex1200l Firmware | 2024-09-09 | 9.8 Critical |
| TOTOlink EX1200L V9.3.5u.6146_B20201023 is vulnerable to arbitrary command execution via the cstecgi.cgi UploadFirmwareFile interface. | ||||
| CVE-2024-34021 | 1 Elecom | 4 Wrc-2533gs2-b Firmware, Wrc-2533gs2-w Firmware, Wrc-2533gs2v-b Firmware and 1 more | 2024-09-09 | 6.8 Medium |
| Unrestricted upload of file with dangerous type vulnerability exists in ELECOM wireless LAN routers. A specially crafted file may be uploaded to the affected product by a logged-in user with an administrative privilege, resulting in an arbitrary OS command execution. | ||||
| CVE-2024-44849 | 1 Qualitor | 1 Qalitor | 2024-09-09 | 9.8 Critical |
| Qualitor up to 8.24 is vulnerable to Remote Code Execution (RCE) via Arbitrary File Upload in checkAcesso.php. | ||||
| CVE-2023-5795 | 1 Martmbithi | 1 Pos System | 2024-09-09 | 6.3 Medium |
| A vulnerability was found in CodeAstro POS System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /profil of the component Profile Picture Handler. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-243601 was assigned to this vulnerability. | ||||
| CVE-2023-5796 | 1 Martmbithi | 1 Pos System | 2024-09-09 | 6.3 Medium |
| A vulnerability was found in CodeAstro POS System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /setting of the component Logo Handler. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-243602 is the identifier assigned to this vulnerability. | ||||
| CVE-2023-46815 | 1 Sugarcrm | 1 Sugarcrm | 2024-09-09 | 8.8 High |
| An issue was discovered in SugarCRM 12 before 12.0.4 and 13 before 13.0.2. An Unrestricted File Upload vulnerability has been identified in the Notes module. By using a crafted request, custom PHP code can be injected via the Notes module because of missing input validation. An attacker with regular user privileges can exploit this. | ||||
| CVE-2024-34692 | 1 Sap | 1 Enable Now | 2024-09-09 | 3.3 Low |
| Due to missing verification of file type or content, SAP Enable Now allows an authenticated attacker to upload arbitrary files. These files include executables which might be downloaded and executed by the user which could host malware. On successful exploitation an attacker can cause limited impact on confidentiality and Integrity of the application. | ||||