Total
2510 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2022-45527 | 1 Institutional Management Website Project | 1 Institutional Management Website | 2024-08-03 | 9.8 Critical |
File upload vulnerability in Future-Depth Institutional Management Website (IMS) 1.0, allows unauthorized attackers to directly upload malicious files to the courseimg directory. | ||||
CVE-2022-45548 | 1 Ayacms Project | 1 Ayacms | 2024-08-03 | 8.8 High |
AyaCMS v3.1.2 has an Arbitrary File Upload vulnerability. | ||||
CVE-2022-45476 | 1 Tiny File Manager Project | 1 Tiny File Manager | 2024-08-03 | 9.8 Critical |
Tiny File Manager version 2.4.8 executes the code of files uploaded by users of the application, instead of just returning them for download. This is possible because the application is vulnerable to insecure file upload. | ||||
CVE-2022-44036 | 1 B2evolution | 1 B2evolution Cms | 2024-08-03 | 7.2 High |
In b2evolution 7.2.5, if configured with admins_can_manipulate_sensitive_files, arbitrary file upload is allowed for admins, leading to command execution. NOTE: the vendor's position is that this is "very obviously a feature not an issue and if you don't like that feature it is very obvious how to disable it." | ||||
CVE-2022-45377 | 1 Codedropz | 1 Drag And Drop Multiple File Upload For Woocommerce | 2024-08-03 | 6.5 Medium |
Unrestricted Upload of File with Dangerous Type vulnerability in Glen Don L. Mongaya Drag and Drop Multiple File Upload for WooCommerce.This issue affects Drag and Drop Multiple File Upload for WooCommerce: from n/a through 1.0.8. | ||||
CVE-2022-45427 | 1 Dahuasecurity | 8 Dhi-dss4004-s2, Dhi-dss4004-s2 Firmware, Dhi-dss7016d-s2 and 5 more | 2024-08-03 | 7.2 High |
Some Dahua software products have a vulnerability of unrestricted upload of file. After obtaining the permissions of administrators, by sending a specific crafted packet to the vulnerable interface, an attacker can upload arbitrary files. | ||||
CVE-2022-45338 | 1 Exactsoftware | 1 Exact Synergy | 2024-08-03 | 7.8 High |
An arbitrary file upload vulnerability in the profile picture upload function of Exact Synergy Enterprise 267 before 267SP13 and Exact Synergy Enterprise 500 before 500SP6 allows attackers to execute arbitrary code via a crafted SVG file. | ||||
CVE-2022-45275 | 1 Dynamic Transaction Queuing System Project | 1 Dynamic Transaction Queuing System | 2024-08-03 | 7.2 High |
An arbitrary file upload vulnerability in /queuing/admin/ajax.php?action=save_settings of Dynamic Transaction Queuing System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. | ||||
CVE-2022-45359 | 1 Yithemes | 1 Yith Woocommerce Gift Cards | 2024-08-03 | 9.8 Critical |
Unauth. Arbitrary File Upload vulnerability in YITH WooCommerce Gift Cards premium plugin <= 3.19.0 on WordPress. | ||||
CVE-2022-45039 | 1 Wbce | 1 Wbce Cms | 2024-08-03 | 7.2 High |
An arbitrary file upload vulnerability in the Server Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary code via a crafted PHP file. | ||||
CVE-2022-45009 | 1 Online Leave Management System Project | 1 Online Leave Management System | 2024-08-03 | 7.2 High |
Online Leave Management System v1.0 was discovered to contain an arbitrary file upload vulnerability at /leave_system/classes/SystemSettings.php?f=update_settings. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. | ||||
CVE-2022-44401 | 1 Online Tours \& Travels Management System Project | 1 Online Tours \& Travels Management System | 2024-08-03 | 9.8 Critical |
Online Tours & Travels Management System v1.0 contains an arbitrary file upload vulnerability via /tour/admin/file.php. | ||||
CVE-2022-44384 | 1 Rconfig | 1 Rconfig | 2024-08-03 | 8.8 High |
An arbitrary file upload vulnerability in rconfig v3.9.6 allows attackers to execute arbitrary code via a crafted PHP file. | ||||
CVE-2022-44400 | 1 Purchase Order Management System Project | 1 Purchase Order Management System | 2024-08-03 | 9.8 Critical |
Purchase Order Management System v1.0 contains a file upload vulnerability via /purchase_order/admin/?page=system_info. | ||||
CVE-2022-44354 | 1 Contec | 2 Solarview Compact, Solarview Compact Firmware | 2024-08-03 | 9.8 Critical |
SolarView Compact 4.0 and 5.0 is vulnerable to Unrestricted File Upload via a crafted php file. | ||||
CVE-2022-44053 | 1 Democritus | 1 D8s-networking | 2024-08-03 | 9.8 Critical |
The d8s-networking for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-user-agents package. The affected version of d8s-htm is 0.1.0. | ||||
CVE-2022-44054 | 1 Democritus | 1 D8s-xml | 2024-08-03 | 9.8 Critical |
The d8s-xml for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-utility package. The affected version of d8s-htm is 0.1.0. | ||||
CVE-2022-44051 | 1 Democritus | 1 D8s-stats | 2024-08-03 | 9.8 Critical |
The d8s-stats for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-math package. The affected version of d8s-htm is 0.1.0. | ||||
CVE-2022-44289 | 1 Thinkphp | 1 Thinkphp | 2024-08-03 | 8.8 High |
Thinkphp 5.1.41 and 5.0.24 has a code logic error which causes file upload getshell. | ||||
CVE-2022-44276 | 1 Tecrail | 1 Responsive Filemanager | 2024-08-03 | 9.8 Critical |
In Responsive Filemanager < 9.12.0, an attacker can bypass upload restrictions resulting in RCE. |