Total
2509 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2021-4096 | 1 Radykal | 1 Fancy Product Designer | 2024-08-03 | 8.8 High |
The Fancy Product Designer plugin for WordPress is vulnerable to Cross-Site Request Forgery via the FPD_Admin_Import class that makes it possible for attackers to upload malicious files that could be used to gain webshell access to a server in versions up to, and including, 4.7.5. | ||||
CVE-2021-4080 | 1 Craterapp | 1 Crater | 2024-08-03 | 8.8 High |
crater is vulnerable to Unrestricted Upload of File with Dangerous Type | ||||
CVE-2021-3906 | 1 Bookstackapp | 1 Bookstack | 2024-08-03 | 6.5 Medium |
bookstack is vulnerable to Unrestricted Upload of File with Dangerous Type | ||||
CVE-2021-3915 | 1 Bookstackapp | 1 Bookstack | 2024-08-03 | 5.7 Medium |
bookstack is vulnerable to Unrestricted Upload of File with Dangerous Type | ||||
CVE-2021-3846 | 1 Firefly-iii | 1 Firefly Iii | 2024-08-03 | 8.8 High |
firefly-iii is vulnerable to Unrestricted Upload of File with Dangerous Type | ||||
CVE-2021-3745 | 1 Flatcore | 1 Flatcore-cms | 2024-08-03 | 6.6 Medium |
flatcore-cms is vulnerable to Unrestricted Upload of File with Dangerous Type | ||||
CVE-2021-3378 | 1 Fortilogger | 1 Fortilogger | 2024-08-03 | 9.8 Critical |
FortiLogger 4.4.2.2 is affected by Arbitrary File Upload by sending a "Content-Type: image/png" header to Config/SaveUploadedHotspotLogoFile and then visiting Assets/temp/hotspot/img/logohotspot.asp. | ||||
CVE-2021-3277 | 1 Nagios | 1 Nagios Xi | 2024-08-03 | 7.2 High |
Nagios XI 5.7.5 and earlier allows authenticated admins to upload arbitrary files due to improper validation of the rename functionality in custom-includes component, which leads to remote code execution by uploading php files. | ||||
CVE-2021-3267 | 1 Kitesky | 1 Kitecms | 2024-08-03 | 7.2 High |
File Upload vulnerability found in KiteCMS v.1.1 allows a remote attacker to execute arbitrary code via the uploadFile function. | ||||
CVE-2021-3164 | 1 Churchdesk | 1 Churchrota | 2024-08-03 | 8.8 High |
ChurchRota 2.6.4 is vulnerable to authenticated remote code execution. The user does not need to have file upload permission in order to upload and execute an arbitrary file via a POST request to resources.php. | ||||
CVE-2021-3166 | 1 Asus | 2 Dsl-n14u B1, Dsl-n14u B1 Firmware | 2024-08-03 | 7.5 High |
An issue was discovered on ASUS DSL-N14U-B1 1.1.2.3_805 devices. An attacker can upload arbitrary file content as a firmware update when the filename Settings_DSL-N14U-B1.trx is used. Once this file is loaded, shutdown measures on a wide range of services are triggered as if it were a real update, resulting in a persistent outage of those services. | ||||
CVE-2021-3120 | 1 Yithemes | 1 Yith Woocommerce Gift Cards | 2024-08-03 | 9.8 Critical |
An arbitrary file upload vulnerability in the YITH WooCommerce Gift Cards Premium plugin before 3.3.1 for WordPress allows remote attackers to achieve remote code execution on the operating system in the security context of the web server. In order to exploit this vulnerability, an attacker must be able to place a valid Gift Card product into the shopping cart. An uploaded file is placed at a predetermined path on the web server with a user-specified filename and extension. This occurs because the ywgc-upload-picture parameter can have a .php value even though the intention was to only allow uploads of Gift Card images. | ||||
CVE-2022-48194 | 1 Tp-link | 2 Tl-wr902ac, Tl-wr902ac Firmware | 2024-08-03 | 8.8 High |
TP-Link TL-WR902AC devices through V3 0.9.1 allow remote authenticated attackers to execute arbitrary code or cause a Denial of Service (DoS) by uploading a crafted firmware update because the signature check is inadequate. | ||||
CVE-2022-48006 | 1 Taogogo | 1 Taocms | 2024-08-03 | 9.8 Critical |
An arbitrary file upload vulnerability in taocms v3.0.2 allows attackers to execute arbitrary code via a crafted PHP file. This vulnerability is exploited via manipulation of the upext variable at /include/Model/Upload.php. | ||||
CVE-2022-48008 | 1 Limesurvey | 1 Limesurvey | 2024-08-03 | 9.8 Critical |
An arbitrary file upload vulnerability in the plugin manager of LimeSurvey v5.4.15 allows attackers to execute arbitrary code via a crafted PHP file. | ||||
CVE-2022-47878 | 1 Jedox | 1 Jedox | 2024-08-03 | 8.8 High |
Incorrect input validation for the default-storage-path in the settings page in Jedox 2020.2.5 allows remote, authenticated users to specify the location as Webroot directory. Consecutive file uploads can lead to the execution of arbitrary code. | ||||
CVE-2022-47854 | 1 I-librarian | 1 I-librarian | 2024-08-03 | 9.8 Critical |
i-librarian 4.10 is vulnerable to Arbitrary file upload in ajaxsupplement.php. | ||||
CVE-2022-47769 | 1 Serinf | 1 Fast Checkin | 2024-08-03 | 9.8 Critical |
An arbitrary file write vulnerability in Serenissima Informatica Fast Checkin v1.0 allows unauthenticated attackers to upload malicious files in the web root of the application to gain access to the server via the web shell. | ||||
CVE-2022-47766 | 1 Popojicms | 1 Popojicms | 2024-08-03 | 8.8 High |
PopojiCMS v2.0.1 backend plugin function has a file upload vulnerability. | ||||
CVE-2022-47615 | 1 Thimpress | 1 Learnpress | 2024-08-03 | 9.3 Critical |
Local File Inclusion vulnerability in LearnPress – WordPress LMS Plugin <= 4.1.7.3.2 versions. |