Total
2498 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-19126 | 1 Prestashop | 1 Prestashop | 2024-08-05 | N/A |
| PrestaShop 1.6.x before 1.6.1.23 and 1.7.x before 1.7.4.4 allows remote attackers to execute arbitrary code via a file upload. | ||||
| CVE-2018-18930 | 1 Trms | 1 Carousel Digital Signage | 2024-08-05 | 8.8 High |
| The Tightrope Media Carousel digital signage product 7.0.4.104 contains an arbitrary file upload vulnerability in the Manage Bulletins/Upload feature, which can be leveraged to gain remote code execution. An authenticated attacker can upload a crafted ZIP file (based on an exported backup of existing "Bulletins") containing a malicious file. When uploaded, the system only checks for the presence of the needed files within the ZIP and, as long as the malicious file is named properly, will extract all contained files to a new directory on the system, named with a random GUID. The attacker can determine this GUID by previewing an image from the uploaded Bulletin within the web UI. Once the GUID is determined, the attacker can navigate to the malicious file and execute it. In testing, an ASPX web shell was uploaded, allowing for remote-code execution in the context of a restricted IIS user. | ||||
| CVE-2018-18942 | 1 Basercms | 1 Basercms | 2024-08-05 | N/A |
| In baserCMS before 4.1.4, lib\Baser\Model\ThemeConfig.php allows remote attackers to execute arbitrary PHP code via the admin/theme_configs/form data[ThemeConfig][logo] parameter. | ||||
| CVE-2018-18934 | 1 Popojicms | 1 Popojicms | 2024-08-05 | N/A |
| An issue was discovered in PopojiCMS v2.0.1. admin_component.php is exploitable via the po-admin/route.php?mod=component&act=addnew URI by using the fupload parameter to upload a ZIP file containing arbitrary PHP code (that is extracted and can be executed). This can also be exploited via CSRF. | ||||
| CVE-2018-18830 | 1 Mingsoft | 1 Mcms | 2024-08-05 | N/A |
| An issue was discovered in com\mingsoft\basic\action\web\FileAction.java in MCMS 4.6.5. Since the upload interface does not verify the user login status, you can use this interface to upload files without setting a cookie. First, start an upload of JSP code with a .png filename, and then intercept the data packet. In the name parameter, change the suffix to jsp. In the response, the server returns the storage path of the file, which can be accessed to execute arbitrary JSP code. | ||||
| CVE-2018-18793 | 1 School Event Management System Project | 1 School Event Management System | 2024-08-05 | N/A |
| School Event Management System 1.0 allows Arbitrary File Upload via event/controller.php?action=photos. | ||||
| CVE-2018-18563 | 1 Roche | 10 Accu-chek Inform Ii, Accu-chek Inform Ii Firmware, Coaguchek Pro Ii and 7 more | 2024-08-05 | N/A |
| An issue was discovered in Roche Accu-Chek Inform II Instrument before 03.06.00 (Serial number below 14000) and 04.x before 04.03.00 (Serial Number above 14000), CoaguChek Pro II before 04.03.00, CoaguChek XS Plus before 03.01.06, CoaguChek XS Pro before 03.01.06, cobas h 232 before 03.01.03 (Serial Number below KQ0400000 or KS0400000) and cobas h 232 before 04.00.04 (Serial Number above KQ0400000 or KS0400000). Improper access control to a service command allows attackers in the adjacent network to execute arbitrary code on the system through a crafted Poct1-A message. | ||||
| CVE-2018-18572 | 1 Oscommerce | 1 Oscommerce | 2024-08-05 | N/A |
| osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filtering in the "product" page. Because of this filter, script files with certain PHP-related extensions (such as .phtml and .php5) didn't execute in the application. But this filter didn't prevent the '.pht' extension. Thus, remote authenticated administrators can upload '.pht' files for arbitrary PHP code execution via a /catalog/admin/categories.php?cPath=&action=new_product URI. | ||||
| CVE-2018-18565 | 1 Roche | 10 Accu-chek Inform Ii, Accu-chek Inform Ii Firmware, Coaguchek Pro Ii and 7 more | 2024-08-05 | N/A |
| An issue was discovered in Roche Accu-Chek Inform II Instrument before 03.06.00 (Serial number below 14000) and 04.x before 04.03.00 (Serial Number above 14000), CoaguChek Pro II before 04.03.00, CoaguChek XS Plus before 03.01.06, CoaguChek XS Pro before 03.01.06, cobas h 232 before 03.01.03 (Serial number below KQ0400000 or KS0400000), and cobas h 232 before 04.00.04 (Serial number above KQ0400000 or KS0400000). A vulnerability in the software update mechanism allows authenticated attackers in the adjacent network to overwrite arbitrary files on the system through a crafted update package. | ||||
| CVE-2018-18475 | 1 Zohocorp | 1 Manageengine Opmanager | 2024-08-05 | N/A |
| Zoho ManageEngine OpManager before 12.3 build 123214 allows Unrestricted Arbitrary File Upload. | ||||
| CVE-2018-18382 | 1 Coderpixel | 1 Advanced Hrm | 2024-08-05 | N/A |
| Advanced HRM 1.6 allows Remote Code Execution via PHP code in a .php file to the user/update-user-avatar URI, which can be accessed through an "Update Profile" "Change Picture" (aka user/edit-profile) action. | ||||
| CVE-2018-18315 | 1 Mossle | 1 Lemon | 2024-08-05 | N/A |
| com/mossle/cdn/CdnController.java in lemon 1.9.0 allows attackers to upload arbitrary files because the copyMultipartFileToFile method in CdnUtils only checks for a ../ substring, and does not validate the file type and spaceName parameter. | ||||
| CVE-2018-18086 | 1 Phome | 1 Empirecms | 2024-08-05 | N/A |
| EmpireCMS v7.5 has an arbitrary file upload vulnerability in the LoadInMod function in e/class/moddofun.php, exploitable by logged-in users. | ||||
| CVE-2018-17936 | 1 Nuuo | 1 Nuuo Cms | 2024-08-05 | N/A |
| NUUO CMS All versions 3.3 and prior the application allows the upload of arbitrary files that can modify or overwrite configuration files to the server, which could allow remote code execution. | ||||
| CVE-2018-17573 | 1 Smartlogix | 1 Wp-insert | 2024-08-05 | N/A |
| The Wp-Insert plugin through 2.4.2 for WordPress allows upload of arbitrary PHP code because of the exposure and configuration of FCKeditor under fckeditor/editor/filemanager/browser/default/browser.html, fckeditor/editor/filemanager/connectors/test.html, and fckeditor/editor/filemanager/connectors/uploadtest.html. | ||||
| CVE-2018-17553 | 1 Naviwebs | 1 Navigate Cms | 2024-08-05 | N/A |
| An "Unrestricted Upload of File with Dangerous Type" issue with directory traversal in navigate_upload.php in Naviwebs Navigate CMS 2.8 allows authenticated attackers to achieve remote code execution via a POST request with engine=picnik and id=../../../navigate_info.php. | ||||
| CVE-2018-17442 | 1 Dlink | 1 Central Wifimanager | 2024-08-05 | N/A |
| An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. An unrestricted file upload vulnerability in the onUploadLogPic endpoint allows remote authenticated users to execute arbitrary PHP code. | ||||
| CVE-2018-17440 | 1 Dlink | 1 Central Wifimanager | 2024-08-05 | N/A |
| An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. They expose an FTP server that serves by default on port 9000 and has hardcoded credentials (admin, admin). Taking advantage of this, a remote unauthenticated attacker could execute arbitrary PHP code by uploading any file in the web root directory and then accessing it via a request. | ||||
| CVE-2018-17418 | 1 Monstra | 1 Monstra | 2024-08-05 | N/A |
| Monstra CMS 3.0.4 allows remote attackers to execute arbitrary PHP code via a mixed-case file extension, as demonstrated by the 123.PhP filename, because plugins\box\filesmanager\filesmanager.admin.php mishandles the forbidden_types variable. | ||||
| CVE-2018-17139 | 1 Ultimatefosters | 1 Ultimatepos | 2024-08-05 | N/A |
| UltimatePOS 2.5 allows users to upload arbitrary files, which leads to remote command execution by posting to a /products URI with PHP code in a .php file with the image/jpeg content type. | ||||