Total
2510 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-24254 | 1 Extensis | 1 Portfolio | 2024-08-03 | 8.8 High |
| An unrestricted file upload vulnerability in the Backup/Restore Archive component of Extensis Portfolio v4.0 allows remote attackers to execute arbitrary code via a crafted ZIP file. | ||||
| CVE-2022-24136 | 1 Hospital Management System Project | 1 Hospital Management System | 2024-08-03 | 9.8 Critical |
| Hospital Management System v1.0 is affected by an unrestricted upload of dangerous file type vulerability in treatmentrecord.php. To exploit, an attacker can upload any PHP file, and then execute it. | ||||
| CVE-2022-23906 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-08-03 | 7.2 High |
| CMS Made Simple v2.2.15 was discovered to contain a Remote Command Execution (RCE) vulnerability via the upload avatar function. This vulnerability is exploited via a crafted image file. | ||||
| CVE-2022-23880 | 1 Taogogo | 1 Taocms | 2024-08-03 | 9.8 Critical |
| An arbitrary file upload vulnerability in the File Management function module of taoCMS v3.0.2 allows attackers to execute arbitrary code via a crafted PHP file. | ||||
| CVE-2022-23390 | 1 Diyhi | 1 Bbs Forum | 2024-08-03 | 9.8 Critical |
| An issue in the getType function of BBS Forum v5.3 and below allows attackers to upload arbitrary files. | ||||
| CVE-2022-23329 | 1 Ujcms | 1 Jspxcms | 2024-08-03 | 9.8 Critical |
| A vulnerability in ${"freemarker.template.utility.Execute"?new() of UJCMS Jspxcms v10.2.0 allows attackers to execute arbitrary commands via uploading malicious files. | ||||
| CVE-2022-23375 | 1 Wikidocs | 1 Wikidocs | 2024-08-03 | 8.8 High |
| WikiDocs version 0.1.18 has an authenticated remote code execution vulnerability. An attacker can upload a malicious file using the image upload form through index.php. | ||||
| CVE-2022-23315 | 1 Mingsoft | 1 Mcms | 2024-08-03 | 9.8 Critical |
| MCMS v5.2.4 was discovered to contain an arbitrary file upload vulnerability via the component /ms/template/writeFileContent.do. | ||||
| CVE-2022-23346 | 1 Bigantsoft | 1 Bigant Server | 2024-08-03 | 8.8 High |
| BigAnt Software BigAnt Server v5.6.06 was discovered to contain incorrect access control issues. | ||||
| CVE-2022-23048 | 1 Exponentcms | 1 Exponent Cms | 2024-08-03 | 7.2 High |
| Exponent CMS 2.6.0patch2 allows an authenticated admin user to upload a malicious extension in the format of a ZIP file with a PHP file inside it. After upload it, the PHP file will be placed at "themes/simpletheme/{rce}.php" from where can be accessed in order to execute commands. | ||||
| CVE-2022-23043 | 1 Tribalsystems | 1 Zenario | 2024-08-03 | 7.2 High |
| Zenario CMS 9.2 allows an authenticated admin user to bypass the file upload restriction by creating a new 'File/MIME Types' using the '.phar' extension. Then an attacker can upload a malicious file, intercept the request and change the extension to '.phar' in order to run commands on the server. | ||||
| CVE-2022-23026 | 1 F5 | 2 Big-ip Advanced Web Application Firewall, Big-ip Application Acceleration Manager | 2024-08-03 | 4.3 Medium |
| On BIG-IP ASM & Advanced WAF version 16.1.x before 16.1.2, 15.1.x before 15.1.4.1, 14.1.x before 14.1.4.5, and all versions of 13.1.x and 12.1.x, an authenticated user with low privileges, such as a guest, can upload data using an undisclosed REST endpoint causing an increase in disk resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | ||||
| CVE-2022-22952 | 2 Microsoft, Vmware | 2 Windows, Carbon Black App Control | 2024-08-03 | 9.1 Critical |
| VMware Carbon Black App Control (8.5.x prior to 8.5.14, 8.6.x prior to 8.6.6, 8.7.x prior to 8.7.4 and 8.8.x prior to 8.8.2) contains a file upload vulnerability. A malicious actor with administrative access to the VMware App Control administration interface may be able to execute code on the Windows instance where AppC Server is installed by uploading a specially crafted file. | ||||
| CVE-2022-22929 | 1 Mingsoft | 1 Mcms | 2024-08-03 | 9.8 Critical |
| MCMS v5.2.4 was discovered to have an arbitrary file upload vulnerability in the New Template module, which allows attackers to execute arbitrary code via a crafted ZIP file. | ||||
| CVE-2022-4949 | 2 Adsanityplugin, Xen | 2 Adsanity, Xen | 2024-08-03 | 8.8 High |
| The AdSanity plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'ajax_upload' function in versions up to, and including, 1.8.1. This makes it possible for authenticated attackers with Contributor+ level privileges to upload arbitrary files on the affected sites server which makes remote code execution possible. | ||||
| CVE-2022-4732 | 1 Microweber | 1 Microweber | 2024-08-03 | 7.2 High |
| Unrestricted Upload of File with Dangerous Type in GitHub repository microweber/microweber prior to 1.3.2. | ||||
| CVE-2022-4665 | 1 Ampache | 1 Ampache | 2024-08-03 | 8.8 High |
| Unrestricted Upload of File with Dangerous Type in GitHub repository ampache/ampache prior to 5.5.6. | ||||
| CVE-2022-4506 | 1 Open-emr | 1 Openemr | 2024-08-03 | 8.8 High |
| Unrestricted Upload of File with Dangerous Type in GitHub repository openemr/openemr prior to 7.0.0.2. | ||||
| CVE-2022-4276 | 1 House Rental System Project | 1 House Rental System | 2024-08-03 | 6.3 Medium |
| A vulnerability was found in House Rental System and classified as critical. Affected by this issue is some unknown functionality of the file tenant-engine.php of the component POST Request Handler. The manipulation of the argument id_photo leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-214772. | ||||
| CVE-2022-4232 | 1 Rinvizle | 1 Event Registration System | 2024-08-03 | 4.7 Medium |
| A vulnerability, which was classified as critical, was found in SourceCodester Event Registration System 1.0. Affected is an unknown function. The manipulation of the argument cmd leads to unrestricted upload. It is possible to launch the attack remotely. VDB-214590 is the identifier assigned to this vulnerability. | ||||