Total
2503 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2021-42669 | 1 Engineers Online Portal Project | 1 Engineers Online Portal | 2024-08-04 | 9.8 Critical |
A file upload vulnerability exists in Sourcecodester Engineers Online Portal in PHP via dashboard_teacher.php, which allows changing the avatar through teacher_avatar.php. Once an avatar gets uploaded it is getting uploaded to the /admin/uploads/ directory, and is accessible by all users. By uploading a php webshell containing "<?php system($_GET["cmd"]); ?>" the attacker can execute commands on the web server with - /admin/uploads/php-webshell?cmd=id. | ||||
CVE-2021-42342 | 1 Embedthis | 1 Goahead | 2024-08-04 | 9.8 Critical |
An issue was discovered in GoAhead 4.x and 5.x before 5.1.5. In the file upload filter, user form variables can be passed to CGI scripts without being prefixed with the CGI prefix. This permits tunneling untrusted environment variables into vulnerable CGI scripts. | ||||
CVE-2021-42171 | 1 Tribalsystems | 1 Zenario | 2024-08-04 | 7.2 High |
Zenario CMS 9.0.54156 is vulnerable to File Upload. The web server can be compromised by uploading and executing a web-shell which can run commands, browse system files, browse local resources, attack other servers, and exploit the local vulnerabilities, and so forth. | ||||
CVE-2021-42123 | 1 Businessdnasolutions | 1 Topease | 2024-08-04 | 7.3 High |
Unrestricted File Upload in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 in the File Upload Functions allows an authenticated remote attacker with Upload privileges to upload files with any file type, enabling client-side attacks. | ||||
CVE-2021-42133 | 1 Ivanti | 1 Avalanche | 2024-08-04 | 8.1 High |
An exposed dangerous function vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform an arbitrary file write. | ||||
CVE-2021-42125 | 1 Ivanti | 1 Avalanche | 2024-08-04 | 8.8 High |
An unrestricted file upload vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to write dangerous files. | ||||
CVE-2021-42099 | 1 Zohocorp | 1 Manageengine M365 Manager Plus | 2024-08-04 | 9.8 Critical |
Zoho ManageEngine M365 Manager Plus before 4421 is vulnerable to file-upload remote code execution. | ||||
CVE-2021-41938 | 1 Shopxo | 1 Shopxo | 2024-08-04 | 7.2 High |
An issue was discovered in ShopXO CMS 2.2.0. After entering the management page, there is an arbitrary file upload vulnerability in three locations. | ||||
CVE-2021-41921 | 1 Xxyopen | 1 Novel-plus | 2024-08-04 | 9.8 Critical |
novel-plus V3.6.1 allows unrestricted file uploads. Unrestricted file suffixes and contents can lead to server attacks and arbitrary code execution. | ||||
CVE-2021-41870 | 1 Socomec | 2 Remote View Pro, Remote View Pro Firmware | 2024-08-04 | 8.8 High |
An issue was discovered in the firmware update form in Socomec REMOTE VIEW PRO 2.0.41.4. An authenticated attacker can bypass a client-side file-type check and upload arbitrary .php files. | ||||
CVE-2021-41919 | 1 Webtareas Project | 1 Webtareas | 2024-08-04 | 8.8 High |
webTareas version 2.4 and earlier allows an authenticated user to arbitrarily upload potentially dangerous files without restrictions. This is working by adding or replacing a personal profile picture. The affected endpoint is /includes/upload.php on the HTTP POST data. This allows an attacker to exploit the platform by injecting code or malware and, under certain conditions, to execute code on remote user browsers. | ||||
CVE-2021-41833 | 1 Zohocorp | 1 Manageengine Patch Connect Plus | 2024-08-04 | 9.8 Critical |
Zoho ManageEngine Patch Connect Plus before 90099 is vulnerable to unauthenticated remote code execution. | ||||
CVE-2021-40905 | 2 Checkmk, Tribe29 | 2 Checkmk, Checkmk | 2024-08-04 | 8.8 High |
The web management console of CheckMK Enterprise Edition (versions 1.5.0 to 2.0.0p9) does not properly sanitise the uploading of ".mkp" files, which are Extension Packages, making remote code execution possible. Successful exploitation requires access to the web management interface, either with valid credentials or with a hijacked session of a user with administrator role. NOTE: the vendor states that this is the intended behavior: admins are supposed to be able to execute code in this manner | ||||
CVE-2021-41645 | 1 Oretnom23 | 1 Budget And Expense Tracker System | 2024-08-04 | 8.8 High |
Remote Code Execution (RCE) vulnerability exists in Sourcecodester Budget and Expense Tracker System 1.0 that allows a remote malicious user to inject arbitrary code via the image upload field. . | ||||
CVE-2021-41646 | 1 Online Reviewer System Project | 1 Online Reviewer System | 2024-08-04 | 9.8 Critical |
Remote Code Execution (RCE) vulnerability exists in Sourcecodester Online Reviewer System 1.0 by uploading a maliciously crafted PHP file that bypasses the image upload filters.. | ||||
CVE-2021-41745 | 1 Showdoc | 1 Showdoc | 2024-08-04 | 9.8 Critical |
ShowDoc 2.8.3 ihas a file upload vulnerability, where attackers can use the vulnerability to obtain server permissions. | ||||
CVE-2021-41675 | 1 E-negosyo System Project | 1 E-negosyo System | 2024-08-04 | 7.2 High |
A Remote Code Execution (RCE) vulnerabilty exists in Sourcecodester E-Negosyo System 1.0 in /admin/produts/controller.php via the doInsert function, which validates images with getImageSizei. . | ||||
CVE-2021-41644 | 1 Online Food Ordering System Project | 1 Online Food Ordering System | 2024-08-04 | 9.8 Critical |
Remote Code Exection (RCE) vulnerability exists in Sourcecodester Online Food Ordering System 2.0 via a maliciously crafted PHP file that bypasses the image upload filters. | ||||
CVE-2021-41643 | 1 Church Management System Project | 1 Church Management System | 2024-08-04 | 9.8 Critical |
Remote Code Execution (RCE) vulnerability exists in Sourcecodester Church Management System 1.0 via the image upload field. | ||||
CVE-2021-41550 | 1 Leostream | 1 Connection Broker | 2024-08-04 | 7.2 High |
Leostream Connection Broker 9.0.40.17 allows administrator to upload and execute Perl code. |