Total
2510 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-2744 | 1 Gym Management System Project | 1 Gym Management System | 2024-08-03 | 6.3 Medium |
| A vulnerability, which was classified as critical, has been found in SourceCodester Gym Management System. Affected by this issue is some unknown functionality of the file /admin/add_exercises.php of the component Background Management. The manipulation of the argument exer_img leads to unrestricted upload. The attack may be launched remotely. The identifier of this vulnerability is VDB-206012. | ||||
| CVE-2022-2791 | 1 Emerson | 1 Proficy | 2024-08-03 | 5.9 Medium |
| Emerson Electric's Proficy Machine Edition Version 9.00 and prior is vulnerable to CWE-434 Unrestricted Upload of File with Dangerous Type, and will upload any file written into the PLC logic folder to the connected PLC. | ||||
| CVE-2022-2779 | 1 Gas Agency Management System Project | 1 Gas Agency Management System | 2024-08-03 | 6.3 Medium |
| A vulnerability classified as critical was found in SourceCodester Gas Agency Management System. Affected by this vulnerability is an unknown functionality of the file /gasmark/assets/myimages/oneWord.php. The manipulation of the argument shell leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-206173 was assigned to this vulnerability. | ||||
| CVE-2022-2750 | 1 Company Website Cms Project | 1 Company Website Cms | 2024-08-03 | 6.3 Medium |
| A vulnerability, which was classified as critical, was found in SourceCodester Company Website CMS. Affected is an unknown function of the file /dashboard/add-service.php of the component Add Service Handler. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. VDB-206022 is the identifier assigned to this vulnerability. | ||||
| CVE-2022-2736 | 1 Company Website Cms Project | 1 Company Website Cms | 2024-08-03 | 6.3 Medium |
| A vulnerability was found in SourceCodester Company Website CMS. It has been classified as critical. This affects an unknown part of the file /dashboard/updatelogo.php of the component Background Upload Logo Icon. The manipulation of the argument xfile/ufile leads to unrestricted upload. It is possible to initiate the attack remotely. The identifier VDB-205881 was assigned to this vulnerability. | ||||
| CVE-2022-2746 | 1 Simple Online Book Store System Project | 1 Simple Online Book Store System | 2024-08-03 | 6.3 Medium |
| A vulnerability has been found in SourceCodester Simple Online Book Store System and classified as critical. This vulnerability affects unknown code of the file Admin_ add.php. The manipulation leads to unrestricted upload. The attack can be initiated remotely. VDB-206014 is the identifier assigned to this vulnerability. | ||||
| CVE-2022-2749 | 1 Gym Management System Project | 1 Gym Management System | 2024-08-03 | 4.7 Medium |
| A vulnerability was found in SourceCodester Gym Management System. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /mygym/admin/index.php?view_exercises. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-206017 was assigned to this vulnerability. | ||||
| CVE-2022-2751 | 1 Company Website Cms Project | 1 Company Website Cms | 2024-08-03 | 6.3 Medium |
| A vulnerability was found in SourceCodester Company Website CMS and classified as critical. Affected by this issue is some unknown functionality of the file /dashboard/add-portfolio.php. The manipulation of the argument ufile leads to unrestricted upload. The attack may be launched remotely. The identifier of this vulnerability is VDB-206024. | ||||
| CVE-2022-2740 | 1 Company Website Cms Project | 1 Company Website Cms | 2024-08-03 | 6.3 Medium |
| A vulnerability was found in SourceCodester Company Website CMS. It has been declared as critical. This vulnerability affects unknown code of the file /dashboard/add-blog.php of the component Add Blog. The manipulation of the argument ufile leads to unrestricted upload. The attack can be initiated remotely. VDB-205882 is the identifier assigned to this vulnerability. | ||||
| CVE-2022-2694 | 1 Company Website Cms Project | 1 Company Website Cms | 2024-08-03 | 6.3 Medium |
| A vulnerability was found in SourceCodester Company Website CMS and classified as critical. This issue affects some unknown processing. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-205817 was assigned to this vulnerability. | ||||
| CVE-2022-2647 | 1 Jeecg | 1 Jeecg Boot | 2024-08-03 | 7.3 High |
| A vulnerability was found in jeecg-boot. It has been declared as critical. This vulnerability affects unknown code of the file /api/. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-205594 is the identifier assigned to this vulnerability. | ||||
| CVE-2022-2678 | 1 Alphaware E-commerce System Project | 1 Alphaware E-commerce System | 2024-08-03 | 6.3 Medium |
| A vulnerability was found in SourceCodester Alphaware Simple E-Commerce System. It has been declared as critical. This vulnerability affects unknown code of the file admin_feature.php of the component Background Management Page. The manipulation leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-205666 is the identifier assigned to this vulnerability. | ||||
| CVE-2022-2594 | 1 Advancedcustomfields | 1 Advanced Custom Fields | 2024-08-03 | 8.8 High |
| The Advanced Custom Fields WordPress plugin before 5.12.3, Advanced Custom Fields Pro WordPress plugin before 5.12.3 allows unauthenticated users to upload files allowed in a default WP configuration (so PHP is not possible) if there is a frontend form available. This vulnerability was introduced in the 5.0 rewrite and did not exist prior to that release. | ||||
| CVE-2022-2418 | 1 Eveo | 1 Urve Web Manager | 2024-08-03 | 8 High |
| A vulnerability was found in URVE Web Manager. It has been classified as critical. This affects an unknown part of the file kreator.html5/img_upload.php. The manipulation leads to unrestricted upload. Access to the local network is required for this attack. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2022-2420 | 1 Eveo | 1 Urve Web Manager | 2024-08-03 | 8 High |
| A vulnerability was found in URVE Web Manager. It has been rated as critical. This issue affects some unknown processing of the file _internal/uploader.php. The manipulation leads to unrestricted upload. The attack needs to be approached within the local network. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2022-2419 | 1 Eveo | 1 Urve Web Manager | 2024-08-03 | 8 High |
| A vulnerability was found in URVE Web Manager. It has been declared as critical. This vulnerability affects unknown code of the file _internal/collector/upload.php. The manipulation leads to unrestricted upload. Access to the local network is required for this attack to succeed. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2022-2356 | 1 Mediajedi | 1 User Private Files | 2024-08-03 | 8.8 High |
| The Frontend File Manager & Sharing WordPress plugin before 1.1.3 does not filter file extensions when letting users upload files on the server, which may lead to malicious code being uploaded. | ||||
| CVE-2022-2268 | 1 Soflyy | 1 Wp All Import | 2024-08-03 | 7.2 High |
| The Import any XML or CSV File to WordPress plugin before 3.6.8 accepts all zip files and automatically extracts the zip file without validating the extracted file type. Allowing high privilege users such as admin to upload an arbitrary file like PHP, leading to RCE | ||||
| CVE-2022-2180 | 1 Greyd | 1 Greyd.suite | 2024-08-03 | 9.8 Critical |
| The GREYD.SUITE WordPress theme does not properly validate uploaded custom font packages, and does not perform any authorization or csrf checks, allowing an unauthenticated attacker to upload arbitrary files including php source files, leading to possible remote code execution (RCE). | ||||
| CVE-2022-2212 | 1 Library Management System Project | 1 Library Management System | 2024-08-03 | 6.3 Medium |
| A vulnerability was found in SourceCodester Library Management System 1.0. It has been classified as critical. Affected is an unknown function of the component /card/index.php. The manipulation of the argument image leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||