Total
2500 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2020-24948 | 1 Autoptimize | 1 Autoptimize | 2024-08-04 | 7.2 High |
The ao_ccss_import AJAX call in Autoptimize Wordpress Plugin 2.7.6 does not ensure that the file provided is a legitimate Zip file, allowing high privilege users to upload arbitrary files, such as PHP, leading to remote command execution. | ||||
CVE-2020-24549 | 1 Openmaint | 1 Openmaint | 2024-08-04 | 8.8 High |
openMAINT before 1.1-2.4.2 allows remote authenticated users to run arbitrary JSP code on the underlying web server. | ||||
CVE-2020-24202 | 1 Projectworlds | 1 House Rental And Property Listing Project | 2024-08-04 | 9.8 Critical |
File Upload component in Projects World House Rental v1.0 suffers from an arbitrary file upload vulnerability with regular users, which allows remote attackers to conduct code execution. | ||||
CVE-2020-24203 | 1 Projectworlds | 1 Travel Management System | 2024-08-04 | 9.8 Critical |
Insecure File Permissions and Arbitrary File Upload in the upload pic function in updatesubcategory.php in Projects World Travel Management System v1.0 allows remote unauthenticated attackers to gain remote code execution. | ||||
CVE-2020-24199 | 1 Projectworlds | 1 Car Rental Project | 2024-08-04 | 9.8 Critical |
Arbitrary File Upload in the Vehicle Image Upload component in Project Worlds Car Rental Management System v1.0 allows attackers to conduct remote code execution. | ||||
CVE-2020-24195 | 1 Online Bike Rental Project | 1 Online Bike Rental | 2024-08-04 | 9.1 Critical |
An Arbitrary File Upload in the Upload Image component in Sourcecodester Online Bike Rental v1.0 allows authenticated administrator to conduct remote code execution. | ||||
CVE-2020-24196 | 1 Online Bike Rental Project | 1 Online Bike Rental | 2024-08-04 | 7.2 High |
An Arbitrary File Upload in Vehicle Image Upload in Online Bike Rental v1.0 allows authenticated admin to conduct remote code execution. | ||||
CVE-2020-24186 | 1 Gvectors | 1 Wpdiscuz | 2024-08-04 | 10 Critical |
A Remote Code Execution vulnerability exists in the gVectors wpDiscuz plugin 7.0 through 7.0.4 for WordPress, which allows unauthenticated users to upload any type of file, including PHP files via the wmuUploadFiles AJAX action. | ||||
CVE-2020-23972 | 1 Gmapfp | 1 Gmapfp | 2024-08-04 | 7.5 High |
In Joomla Component GMapFP Version J3.5 and J3.5free, an attacker can access the upload function without authenticating to the application and can also upload files which due to issues of unrestricted file uploads which can be bypassed by changing the content-type and name file too double extensions. | ||||
CVE-2020-23765 | 1 Bludit | 1 Bludit | 2024-08-04 | 7.2 High |
A file upload vulnerability was discovered in the file path /bl-plugins/backup/plugin.php on Bludit version 3.12.0. If an attacker is able to gain Administrator rights they will be able to use unsafe plugins to upload a backup file and control the server. | ||||
CVE-2020-23828 | 1 Online Course Registration Project | 1 Online Course Registration | 2024-08-04 | 9.8 Critical |
A File Upload vulnerability in SourceCodester Online Course Registration v1.0 allows remote attackers to achieve Remote Code Execution (RCE) on the hosting webserver by uploading a crafted PHP web-shell that bypasses the image upload filters. An attack uses /Online%20Course%20Registration/my-profile.php with the POST parameter photo. | ||||
CVE-2020-23829 | 1 Librehealth | 1 Librehealth Ehr | 2024-08-04 | 8.8 High |
interface/new/new_comprehensive_save.php in LibreHealth EHR 2.0.0 suffers from an authenticated file upload vulnerability, allowing remote attackers to achieve remote code execution (RCE) on the hosting webserver by uploading a maliciously crafted image. | ||||
CVE-2020-23790 | 1 Uxper | 1 Golo | 2024-08-04 | 9.8 Critical |
An Arbitrary File Upload vulnerability was discovered in the Golo Laravel theme v 1.1.5. | ||||
CVE-2020-23520 | 1 Txjia | 1 Imcat | 2024-08-04 | 7.2 High |
imcat 5.2 allows an authenticated file upload and consequently remote code execution via the picture functionality. | ||||
CVE-2020-23564 | 1 Sem-cms | 1 Semcms | 2024-08-04 | 7.2 High |
File Upload vulnerability in SEMCMS 3.9 allows remote attackers to run arbitrary code via SEMCMS_Upfile.php. | ||||
CVE-2020-23591 | 1 Optilinknetwork | 2 Op-xt71000n, Op-xt71000n Firmware | 2024-08-04 | 9.8 Critical |
A vulnerability in OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OP_V3.3.1-191028 allows an attacker to upload arbitrary files through " /mgm_dev_upgrade.asp " which can "delete every file for Denial of Service (using 'rm -rf *.*' in the code), reverse connection (using '.asp' webshell), backdoor. | ||||
CVE-2020-23572 | 1 Beescms | 1 Beescms | 2024-08-04 | 8.8 High |
BEESCMS v4.0 was discovered to contain an arbitrary file upload vulnerability via the component /admin/upload.php. This vulnerability allows attackers to execute arbitrary code via a crafted image file. | ||||
CVE-2020-23138 | 1 Microweber | 1 Microweber | 2024-08-04 | 9.8 Critical |
An unrestricted file upload vulnerability was discovered in the Microweber 1.1.18 admin account page. An attacker can upload PHP code or any extension (eg- .exe) to the web server by providing image data and the image/jpeg content type with a .php extension. | ||||
CVE-2020-23083 | 1 Guojusoft | 1 Jeecg | 2024-08-04 | 9.8 Critical |
Unrestricted File Upload in JEECG v4.0 and earlier allows remote attackers to execute arbitrary code or gain privileges by uploading a crafted file to the component "jeecgFormDemoController.do?commonUpload". | ||||
CVE-2020-23043 | 1 Air Sender Project | 1 Air Sender | 2024-08-04 | 8.8 High |
Tran Tu Air Sender v1.0.2 was discovered to contain an arbitrary file upload vulnerability in the upload module. This vulnerability allows attackers to execute arbitrary code via a crafted file. |