Total
2498 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2018-15139 | 1 Open-emr | 1 Openemr | 2024-08-05 | 8.8 High |
Unrestricted file upload in interface/super/manage_site_files.php in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary PHP code by uploading a file with a PHP extension via the images upload form and accessing it in the images directory. | ||||
CVE-2018-14857 | 1 Ocsinventory-ng | 1 Ocs Inventory Server | 2024-08-05 | N/A |
Unrestricted file upload (with remote code execution) in require/mail/NotificationMail.php in Webconsole in OCS Inventory NG OCS Inventory Server through 2.5 allows a privileged user to gain access to the server via a template file containing PHP code, because file extensions other than .html are permitted. | ||||
CVE-2018-14570 | 1 Niushop | 1 B2b2c Multi-business | 2024-08-05 | N/A |
A file upload vulnerability in application/shop/controller/member.php in Niushop B2B2C Multi-business basic version V1.11 allows any remote member to upload a .php file to the web server via a profile avatar field, by using an image Content-Type (e.g., image/jpeg) with a modified filename and file content. This results in arbitrary code execution by requesting that .php file. | ||||
CVE-2018-14334 | 1 Joyplus-cms Project | 1 Joyplus-cms | 2024-08-05 | N/A |
manager/editor/upload.php in joyplus-cms 1.6.0 allows arbitrary file upload because detection of a prohibited file extension simply sets the $errm value, and does not otherwise alter the flow of control. Consequently, one can upload and execute a .php file, a similar issue to CVE-2018-8766. | ||||
CVE-2018-13981 | 1 Zeta-producer | 1 Zeta Producer Desktop Cms | 2024-08-05 | N/A |
The websites that were built from Zeta Producer Desktop CMS before 14.2.1 are vulnerable to unauthenticated remote code execution due to a default component that permits arbitrary upload of PHP files, because the formmailer widget blocks .php files but not .php5 or .phtml files. This is related to /assets/php/formmailer/SendEmail.php and /assets/php/formmailer/functions.php. | ||||
CVE-2018-14028 | 1 Wordpress | 1 Wordpress | 2024-08-05 | N/A |
In WordPress 4.9.7, plugins uploaded via the admin area are not verified as being ZIP files. This allows for PHP files to be uploaded. Once a PHP file is uploaded, the plugin extraction fails, but the PHP file remains in a predictable wp-content/uploads location, allowing for an attacker to then execute the file. This represents a security risk in limited scenarios where an attacker (who does have the required capabilities for plugin uploads) cannot simply place arbitrary PHP code into a valid plugin ZIP file and upload that plugin, because a machine's wp-content/plugins directory permissions were set up to block all new plugins. | ||||
CVE-2018-13038 | 1 Opendesa | 1 Opensid | 2024-08-05 | N/A |
OpenSID 18.06-pasca has an Unrestricted File Upload vulnerability via an Attachment Document in the article feature. This vulnerability leads to uploading arbitrary PHP code via a .php filename with the application/pdf Content-Type. | ||||
CVE-2018-13021 | 1 Hongcms Project | 1 Hongcms | 2024-08-05 | N/A |
An issue was discovered in HongCMS 3.0.0. There is an Arbitrary Script File Upload issue that can result in PHP code execution via the admin/index.php/template/upload URI. | ||||
CVE-2018-12980 | 1 Wago | 8 762-3000, 762-3000 Firmware, 762-3001 and 5 more | 2024-08-05 | 8.8 High |
An issue was discovered on WAGO e!DISPLAY 762-3000 through 762-3003 devices with firmware before FW 02. The vulnerability allows an authenticated user to upload arbitrary files to the file system with the permissions of the web server. | ||||
CVE-2018-12940 | 1 Seeddms | 1 Seeddms | 2024-08-05 | N/A |
Unrestricted file upload vulnerability in "op/op.UploadChunks.php" in SeedDMS (formerly LetoDMS and MyDMS) before 5.1.8 allows remote attackers to execute arbitrary code by uploading a file with an executable extension specified by the "qqfile" parameter. This allows an authenticated attacker to upload a malicious file containing PHP code to execute operating system commands to the web root of the application. | ||||
CVE-2018-12914 | 1 Publiccms | 1 Publiccms | 2024-08-05 | N/A |
A remote code execution issue was discovered in PublicCMS V4.0.20180210. An attacker can upload a ZIP archive that contains a .jsp file with a directory traversal pathname. After an unzip operation, the attacker can execute arbitrary code by visiting a .jsp URI. | ||||
CVE-2018-12528 | 1 Intex | 2 N150, N150 Firmware | 2024-08-05 | N/A |
An issue was discovered on Intex N150 devices. The backup/restore option does not check the file extension uploaded for importing a configuration files backup, which can lead to corrupting the router firmware settings or even the uploading of malicious files. In order to exploit the vulnerability, an attacker can upload any malicious file and force reboot the router with it. | ||||
CVE-2018-12519 | 1 Codenx | 1 Shopnx | 2024-08-05 | N/A |
An issue was discovered in ShopNx through 2017-11-17. The vulnerability allows a remote attacker to upload any malicious file to a Node.js application. An attacker can upload a malicious HTML file that contains a JavaScript payload to steal a user's credentials. | ||||
CVE-2018-12426 | 1 3cx | 1 Live Chat | 2024-08-05 | N/A |
The WP Live Chat Support Pro plugin before 8.0.07 for WordPress is vulnerable to unauthenticated Remote Code Execution due to client-side validation of allowed file types, as demonstrated by a v1/remote_upload request with a .php filename and the image/jpeg content type. | ||||
CVE-2018-12256 | 1 Litecart | 1 Litecart | 2024-08-05 | N/A |
admin/vqmods.app/vqmods.inc.php in LiteCart before 2.1.3 allows remote authenticated attackers to upload a malicious file (resulting in remote code execution) by using the text/xml or application/xml Content-Type in a public_html/admin/?app=vqmods&doc=vqmods request. | ||||
CVE-2018-12263 | 1 Portfoliocms Project | 1 Portfoliocms | 2024-08-05 | N/A |
portfolioCMS 1.0.5 allows upload of arbitrary .php files via the admin/portfolio.php?newpage=true URI. | ||||
CVE-2018-12045 | 1 Dedecms | 1 Dedecms | 2024-08-05 | N/A |
DedeCMS through V5.7SP2 allows arbitrary file upload in dede/file_manage_control.php via a dede/file_manage_view.php?fmdo=upload request with an upfile1 parameter, as demonstrated by uploading a .php file. | ||||
CVE-2018-11638 | 1 Dialogic | 1 Powermedia Xms | 2024-08-05 | N/A |
Unrestricted Upload of a File with a Dangerous Type in the administrative console in Dialogic PowerMedia XMS through 3.5 allows remote authenticated users to upload malicious code to the web root to gain code execution. | ||||
CVE-2018-9157 | 1 Axis | 2 M1033-w, M1033-w Firmware | 2024-08-05 | N/A |
An issue was discovered on AXIS M1033-W (IP camera) Firmware version 5.40.5.1 devices. The upload web page doesn't verify the file type, and an attacker can upload a webshell by making a fileUpload.shtml request for a custom .shtml file, which is interpreted by the Apache HTTP Server mod_include module with "<!--#exec cmd=" support. The file needs to include a specific string to meet the internal system architecture. After the webshell upload, an attacker can use the webshell to perform remote code execution such as running a system command (ls, ping, cat /etc/passwd, etc.). NOTE: the vendor reportedly indicates that this is an intended feature or functionality | ||||
CVE-2018-9156 | 1 Axis | 2 P1354, P1354 Firmware | 2024-08-05 | N/A |
An issue was discovered on AXIS P1354 (IP camera) Firmware version 5.90.1.1 devices. The upload web page doesn't verify the file type, and an attacker can upload a webshell by making a fileUpload.shtml request for a custom .shtml file, which is interpreted by the Apache HTTP Server mod_include module with "<!--#exec cmd=" support. The file needs to include a specific string to meet the internal system architecture. After the webshell upload, an attacker can use the webshell to perform remote code execution such as running a system command (ls, ping, cat /etc/passwd, etc.). NOTE: the vendor reportedly indicates that this is an intended feature or functionality |