Total
2510 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2022-29651 | 1 Online Food Ordering System Project | 1 Online Food Ordering System | 2024-08-03 | 7.2 High |
An arbitrary file upload vulnerability in the Select Image function of Online Food Ordering System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. | ||||
CVE-2022-29623 | 1 Connect-multiparty Project | 1 Connect-multiparty | 2024-08-03 | 7.8 High |
An arbitrary file upload vulnerability in the file upload module of Connect-Multiparty v2.2.0 allows attackers to execute arbitrary code via a crafted PDF file. | ||||
CVE-2022-29632 | 1 Roncoo | 1 Roncoo-education | 2024-08-03 | 9.8 Critical |
An arbitrary file upload vulnerability in the component /course/api/upload/pic of Roncoo Education v9.0.0 allows attackers to execute arbitrary code via a crafted file. | ||||
CVE-2022-29637 | 1 Iminho | 1 Mindoc | 2024-08-03 | 7.8 High |
An arbitrary file upload vulnerability in Mindoc v2.1-beta.5 allows attackers to execute arbitrary commands via a crafted Zip file. | ||||
CVE-2022-29624 | 1 Tpcms Project | 1 Tpcms | 2024-08-03 | 8.8 High |
An arbitrary file upload vulnerability in the Add File function of TPCMS v3.2 allows attackers to execute arbitrary code via a crafted PHP file. | ||||
CVE-2022-29353 | 1 Graphql-upload Project | 1 Graphql-upload | 2024-08-03 | 9.8 Critical |
An arbitrary file upload vulnerability in the file upload module of Graphql-upload v13.0.0 allows attackers to execute arbitrary code via a crafted filename. | ||||
CVE-2022-29347 | 1 Web\@rchiv Project | 1 Web\@rchiv | 2024-08-03 | 9.8 Critical |
An arbitrary file upload vulnerability in Web@rchiv 1.0 allows attackers to execute arbitrary commands via a crafted PHP file. | ||||
CVE-2022-29354 | 1 Keystonejs | 1 Keystone | 2024-08-03 | 9.8 Critical |
An arbitrary file upload vulnerability in the file upload module of Keystone v4.2.1 allows attackers to execute arbitrary code via a crafted file. | ||||
CVE-2022-29318 | 1 Car Rental Management System Project | 1 Car Rental Management System | 2024-08-03 | 7.2 High |
An arbitrary file upload vulnerability in the New Entry module of Car Rental Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. | ||||
CVE-2022-28397 | 1 Ghost | 1 Ghost | 2024-08-03 | 9.8 Critical |
An arbitrary file upload vulnerability in the file upload module of Ghost CMS v4.42.0 allows attackers to execute arbitrary code via a crafted file. NOTE: Vendor states as detailed in Ghost's security documentation, files can only be uploaded and published by trusted users, this is intentional | ||||
CVE-2022-27140 | 1 Express-fileupload Project | 1 Express-fileupload | 2024-08-03 | 9.8 Critical |
An arbitrary file upload vulnerability in the file upload module of express-fileupload 1.3.1 allows attackers to execute arbitrary code via a crafted PHP file. NOTE: the vendor's position is that the observed behavior can only occur with "intentional misusing of the API": the express-fileupload middleware is not responsible for an application's business logic (e.g., determining whether or how a file should be renamed). | ||||
CVE-2022-27139 | 1 Ghost | 1 Ghost | 2024-08-03 | 9.8 Critical |
An arbitrary file upload vulnerability in the file upload module of Ghost v4.39.0 allows attackers to execute arbitrary code via a crafted SVG file. NOTE: Vendor states that as outlined in Ghost's security documentation, upload of SVGs is only possible by trusted authenticated users. The uploading of SVG files to Ghost does not represent a remote code execution vulnerability. SVGs are not executable on the server, and may only execute javascript in a client's browser - this is expected and intentional functionality | ||||
CVE-2022-29001 | 1 Springbootmovie Project | 1 Springbootmovie | 2024-08-03 | 7.2 High |
In SpringBootMovie <=1.2, the uploaded file suffix parameter is not filtered, resulting in arbitrary file upload vulnerability | ||||
CVE-2022-28927 | 1 Subconverter Project | 1 Subconverter | 2024-08-03 | 9.8 Critical |
A remote code execution (RCE) vulnerability in Subconverter v0.7.2 allows attackers to execute arbitrary code via crafted config and url parameters. | ||||
CVE-2022-28863 | 1 Nokia | 1 Netact | 2024-08-03 | 8.8 High |
An issue was discovered in Nokia NetAct 22. A remote user, authenticated to the website, can visit the Site Configuration Tool section and arbitrarily upload potentially dangerous files without restrictions via the /netact/sct dir parameter in conjunction with the operation=upload value. | ||||
CVE-2022-28606 | 1 Bosscms | 1 Bosscms | 2024-08-03 | 9.8 Critical |
An arbitrary file upload vulnerability exists in Wenzhou Huoyin Information Technology Co., Ltd. BossCMS 1.0, which can be exploited by an attacker to gain control of the server. | ||||
CVE-2022-28568 | 1 Simple Doctor\'s Appointment System Project | 1 Simple Doctor\'s Appointment System | 2024-08-03 | 9.8 Critical |
Sourcecodester Doctor's Appointment System 1.0 is vulnerable to File Upload to RCE via Image upload from the administrator panel. An attacker can obtain remote command execution just by knowing the path where the images are stored. | ||||
CVE-2022-28528 | 1 Bloofox | 1 Bloofoxcms | 2024-08-03 | 8.8 High |
bloofoxCMS v0.5.2.1 was discovered to contain an arbitrary file upload vulnerability via /admin/index.php?mode=content&page=media&action=edit. | ||||
CVE-2022-28525 | 1 Ed01-cms Project | 1 Ed01-cms | 2024-08-03 | 8.8 High |
ED01-CMS v20180505 was discovered to contain an arbitrary file upload vulnerability via /admin/users.php?source=edit_user&id=1. | ||||
CVE-2022-28440 | 1 Ucms Project | 1 Ucms | 2024-08-03 | 8.8 High |
An arbitrary file upload vulnerability in UCMS v1.6 allows attackers to execute arbitrary code via a crafted PHP file. |