Total
2510 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-34578 | 1 Opensourcepos | 1 Open Source Point Of Sale | 2024-08-03 | 7.2 High |
| Open Source Point of Sale v3.3.7 was discovered to contain an arbitrary file upload vulnerability via the Update Branding Settings page. | ||||
| CVE-2022-34549 | 1 Sims Project | 1 Sims | 2024-08-03 | 8.8 High |
| Sims v1.0 was discovered to contain an arbitrary file upload vulnerability via the component /uploadServlet. This vulnerability allows attackers to escalate privileges and execute arbitrary commands via a crafted file. | ||||
| CVE-2022-34496 | 1 Hiby | 4 Hiby R3 Pro, Hiby R3 Pro Firmware, Hiby R3 Pro Saber and 1 more | 2024-08-03 | 9.8 Critical |
| Hiby R3 PRO firmware v1.5 to v1.7 was discovered to contain a file upload vulnerability via the file upload feature. | ||||
| CVE-2022-34128 | 1 Glpi-project | 1 Positions | 2024-08-03 | 9.8 Critical |
| The Cartography (aka positions) plugin before 6.0.1 for GLPI allows remote code execution via PHP code in the POST data to front/upload.php. | ||||
| CVE-2022-34120 | 1 Barangay Management System Project | 1 Barangay Management System | 2024-08-03 | 7.2 High |
| Barangay Management System v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the module editing function at /pages/activity/activity.php. | ||||
| CVE-2022-34115 | 1 Dataease Project | 1 Dataease | 2024-08-03 | 9.8 Critical |
| DataEase v1.11.1 was discovered to contain a arbitrary file write vulnerability via the parameter dataSourceId. | ||||
| CVE-2022-34024 | 1 Barangay Management System Project | 1 Barangay Management System | 2024-08-03 | 7.2 High |
| Barangay Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via the resident module editing function at /bmis/pages/resident/resident.php. | ||||
| CVE-2022-32114 | 1 Strapi | 1 Strapi | 2024-08-03 | 8.8 High |
| An unrestricted file upload vulnerability in the Add New Assets function of Strapi 4.1.12 allows attackers to conduct XSS attacks via a crafted PDF file. NOTE: the project documentation suggests that a user with the Media Library "Create (upload)" permission is supposed to be able to upload PDF files containing JavaScript, and that all files in a public assets folder are accessible to the outside world (unless the filename begins with a dot character). The administrator can choose to allow only image, video, and audio files (i.e., not PDF) if desired. | ||||
| CVE-2022-31362 | 1 Docebo | 1 Docebo | 2024-08-03 | 8.8 High |
| Docebo Community Edition v4.0.5 and below was discovered to contain an arbitrary file upload vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | ||||
| CVE-2022-33859 | 1 Eaton | 1 Foreseer Electrical Power Monitoring System | 2024-08-03 | 8.1 High |
| A security vulnerability was discovered in the Eaton Foreseer EPMS software. Foreseer EPMS connects an operation’s vast array of devices to assist in the reduction of energy consumption and avoid unplanned downtime caused by the failures of critical systems. A threat actor may upload arbitrary files using the file upload feature. This vulnerability is present in versions 4.x, 5.x, 6.x & 7.0 to 7.5. A new version (v7.6) containing the remediation has been made available by Eaton and a mitigation has been provided for the affected versions that are currently supported. Customers are advised to update the software to the latest version (v7.6). Foreseer EPMS versions 4.x, 5.x, 6.x are no longer supported by Eaton. Please refer to the End-of-Support notification https://www.eaton.com/in/en-us/catalog/services/foreseer/foreseer-legacy.html . | ||||
| CVE-2022-33166 | 1 Ibm | 1 Security Directory Suite Va | 2024-08-03 | 7.2 High |
| IBM Security Directory Suite VA 8.0.1 through 8.0.1.19 could allow a privileged user to upload malicious files of dangerous types that can be automatically processed within the product's environment. IBM X-Force ID: 228586. | ||||
| CVE-2022-32994 | 1 Halo | 1 Halo | 2024-08-03 | 9.8 Critical |
| Halo CMS v1.5.3 was discovered to contain an arbitrary file upload vulnerability via the component /api/admin/attachments/upload. | ||||
| CVE-2022-32413 | 1 Dice Project | 1 Dice | 2024-08-03 | 9.8 Critical |
| An arbitrary file upload vulnerability in Dice v4.2.0 allows attackers to execute arbitrary code via a crafted file. | ||||
| CVE-2022-32433 | 1 Advanced School Management System Project | 1 Advanced School Management System | 2024-08-03 | 7.2 High |
| itsourcecode Advanced School Management System v1.0 is vulnerable to Arbitrary code execution via ip/school/view/all_teacher.php. | ||||
| CVE-2022-32119 | 1 Arox | 1 School Erp Pro | 2024-08-03 | 8.8 High |
| Arox School ERP Pro v1.0 was discovered to contain multiple arbitrary file upload vulnerabilities via the Add Photo function at photogalleries.inc.php and the import staff excel function at 1finance_master.inc.php. | ||||
| CVE-2022-32019 | 1 Car Rental Management System Project | 1 Car Rental Management System | 2024-08-03 | 9.8 Critical |
| Car Rental Management System v1.0 is vulnerable to Arbitrary code execution via car-rental-management-system/admin/ajax.php?action=save_car. | ||||
| CVE-2022-31943 | 1 Mingsoft | 1 Mcms | 2024-08-03 | 9.8 Critical |
| MCMS v5.2.8 was discovered to contain an arbitrary file upload vulnerability. | ||||
| CVE-2022-31854 | 1 Codologic | 1 Codoforum | 2024-08-03 | 7.2 High |
| Codoforum v5.1 was discovered to contain an arbitrary file upload vulnerability via the logo change option in the admin panel. | ||||
| CVE-2022-31374 | 1 Contec | 2 Sv-cpt-mc310, Sv-cpt-mc310 Firmware | 2024-08-03 | 9.8 Critical |
| An arbitrary file upload vulnerability /images/background/1.php in of SolarView Compact 6.0 allows attackers to execute arbitrary code via a crafted php file. | ||||
| CVE-2022-31366 | 1 Eve-ng | 1 Eve-ng | 2024-08-03 | 7.2 High |
| An arbitrary file upload vulnerability in the apiImportLabs function in api_labs.php of EVE-NG 2.0.3-112 Community allows attackers to execute arbitrary code via a crafted UNL file. | ||||