Total
2510 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2022-28372 | 1 Verizon | 4 Lvskihp Indoorunit, Lvskihp Indoorunit Firmware, Lvskihp Outdoorunit and 1 more | 2024-08-03 | 7.5 High |
On Verizon 5G Home LVSKIHP InDoorUnit (IDU) 3.4.66.162 and OutDoorUnit (ODU) 3.33.101.0 devices, the CRTC and ODU RPC endpoints provide a means of provisioning a firmware update for the device via crtc_fw_upgrade or crtcfwimage. The URL provided is not validated, and thus allows for arbitrary file upload to the device. This occurs in /lib/lua/luci/crtc.lua (IDU) and /lib/functions/wnc_jsonsh/wnc_crtc_fw.sh (ODU). | ||||
CVE-2022-28369 | 1 Verizon | 2 Lvskihp Indoorunit, Lvskihp Indoorunit Firmware | 2024-08-03 | 9.8 Critical |
Verizon 5G Home LVSKIHP InDoorUnit (IDU) 3.4.66.162 does not validate the user-provided URL within the crtcmode function's enable_ssh sub-operation of the crtcrpc JSON listener (found at /lib/functions/wnc_jsonsh/crtcmode.sh) A remote attacker on the local network can provide a malicious URL. The data (found at that URL) is written to /usr/sbin/dropbear and then executed as root. | ||||
CVE-2022-28223 | 1 Tekon | 16 Kio, Kio-1m, Kio-1m Firmware and 13 more | 2024-08-03 | 9.1 Critical |
Tekon KIO devices through 2022-03-30 allow an authenticated admin user to escalate privileges to root by uploading a malicious Lua plugin. | ||||
CVE-2022-28120 | 1 Rainier | 1 Open Virtual Simulation Experiment Teaching Management Platform | 2024-08-03 | 9.8 Critical |
Beijing Runnier Network Technology Co., Ltd Open virtual simulation experiment teaching management platform software 2.0 has a file upload vulnerability, which can be exploited by an attacker to gain control of the server. | ||||
CVE-2022-28104 | 2 Apple, Foxit | 2 Iphone Os, Pdf Editor | 2024-08-03 | 9.8 Critical |
Foxit PDF Editor v11.3.1 was discovered to contain an arbitrary file upload vulnerability. | ||||
CVE-2022-28053 | 1 Typemill | 1 Typemill | 2024-08-03 | 8.8 High |
Typemill v1.5.3 was discovered to contain an arbitrary file upload vulnerability via the upload function. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. | ||||
CVE-2022-27952 | 1 Payloadcms | 1 Payload | 2024-08-03 | 9.8 Critical |
An arbitrary file upload vulnerability in the file upload module of PayloadCMS v0.15.0 allows attackers to execute arbitrary code via a crafted SVG file. | ||||
CVE-2022-28021 | 1 Purchase Order Management System Project | 1 Purchase Order Management System | 2024-08-03 | 9.8 Critical |
Purchase Order Management System v1.0 was discovered to contain a remote code execution (RCE) vulnerability via /purchase_order/admin/?page=user. | ||||
CVE-2022-28062 | 1 Online Car Rental System Project | 1 Online Car Rental System | 2024-08-03 | 8.8 High |
Car Rental System v1.0 contains an arbitrary file upload vulnerability via the Add Car component which allows attackers to upload a webshell and execute arbitrary code. | ||||
CVE-2022-27477 | 1 Newbee-mall Project | 1 Newbee-mall | 2024-08-03 | 9.8 Critical |
Newbee-Mall v1.0.0 was discovered to contain an arbitrary file upload via the Upload function at /admin/goods/edit. | ||||
CVE-2022-27478 | 1 Victor Cms Project | 1 Victor Cms | 2024-08-03 | 8.8 High |
Victor v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the component admin/profile.php?section=admin. | ||||
CVE-2022-27261 | 1 Express-fileupload Project | 1 Express-fileupload | 2024-08-03 | 7.5 High |
An arbitrary file write vulnerability in Express-FileUpload v1.3.1 allows attackers to upload multiple files with the same name, causing an overwrite of files in the web application server. | ||||
CVE-2022-27468 | 1 Monstaftp | 1 Monsta Ftp | 2024-08-03 | 9.8 Critical |
Monstaftp v2.10.3 was discovered to contain an arbitrary file upload which allows attackers to execute arbitrary code via a crafted file uploaded to the web server. | ||||
CVE-2022-27349 | 1 Socialcodia | 1 Social Codia Sms | 2024-08-03 | 7.2 High |
Social Codia SMS v1 was discovered to contain an arbitrary file upload vulnerability via addteacher.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. | ||||
CVE-2022-27435 | 1 Ecommerce-website Project | 1 Ecommerce-website | 2024-08-03 | 8.8 High |
An unrestricted file upload at /public/admin/index.php?add_product of Ecommerce-Website v1.1.0 allows attackers to upload a webshell via the Product Image component. | ||||
CVE-2022-27352 | 1 Simple House Rental System Project | 1 Simple House Rental System | 2024-08-03 | 8.8 High |
Simple House Rental System v1 was discovered to contain an arbitrary file upload vulnerability via /app/register.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. | ||||
CVE-2022-27357 | 1 Ecommerce-website Project | 1 Ecommerce-website | 2024-08-03 | 9.8 Critical |
Ecommerce-Website v1 was discovered to contain an arbitrary file upload vulnerability via /customer_register.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. | ||||
CVE-2022-27346 | 1 Ecommerce-website Project | 1 Ecommerce-website | 2024-08-03 | 8.8 High |
Ecommece-Website v1.1.0 was discovered to contain an arbitrary file upload vulnerability via /admin/index.php?slides. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. | ||||
CVE-2022-27351 | 1 Phpgurukul | 1 Zoo Management System | 2024-08-03 | 9.8 Critical |
Zoo Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via /public_html/apply_vacancy. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. | ||||
CVE-2022-27249 | 1 Idearespa | 1 Reftree | 2024-08-03 | 8.8 High |
An unrestricted file upload vulnerability in IdeaRE RefTree before 2021.09.17 allows remote authenticated users to execute arbitrary code by using UploadDwg to upload a crafted aspx file to the web root, and then visiting the URL for this aspx resource. |