Total
2510 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-50692 | 1 Jizhicms | 1 Jizhicms | 2024-08-02 | 8.8 High |
| File Upload vulnerability in JIZHICMS v.2.5, allows remote attacker to execute arbitrary code via a crafted file uploaded and downloaded to the download_url parameter in the app/admin/exts/ directory. | ||||
| CVE-2023-50564 | 1 Pluck-cms | 1 Pluck | 2024-08-02 | 8.8 High |
| An arbitrary file upload vulnerability in the component /inc/modules_install.php of Pluck-CMS v4.7.18 allows attackers to execute arbitrary code via uploading a crafted ZIP file. | ||||
| CVE-2023-50386 | 1 Apache | 1 Solr | 2024-08-02 | 8.8 High |
| Improper Control of Dynamically-Managed Code Resources, Unrestricted Upload of File with Dangerous Type, Inclusion of Functionality from Untrusted Control Sphere vulnerability in Apache Solr.This issue affects Apache Solr: from 6.0.0 through 8.11.2, from 9.0.0 before 9.4.1. In the affected versions, Solr ConfigSets accepted Java jar and class files to be uploaded through the ConfigSets API. When backing up Solr Collections, these configSet files would be saved to disk when using the LocalFileSystemRepository (the default for backups). If the backup was saved to a directory that Solr uses in its ClassPath/ClassLoaders, then the jar and class files would be available to use with any ConfigSet, trusted or untrusted. When Solr is run in a secure way (Authorization enabled), as is strongly suggested, this vulnerability is limited to extending the Backup permissions with the ability to add libraries. Users are recommended to upgrade to version 8.11.3 or 9.4.1, which fix the issue. In these versions, the following protections have been added: * Users are no longer able to upload files to a configSet that could be executed via a Java ClassLoader. * The Backup API restricts saving backups to directories that are used in the ClassLoader. | ||||
| CVE-2023-50104 | 1 Zzcms | 1 Zzcms | 2024-08-02 | 9.8 Critical |
| ZZCMS 2023 has a file upload vulnerability in 3/E_bak5.1/upload/index.php, allowing attackers to exploit this loophole to gain server privileges and execute arbitrary code. | ||||
| CVE-2023-50038 | 1 Textpattern | 1 Textpattern | 2024-08-02 | 8.8 High |
| There is an arbitrary file upload vulnerability in the background of textpattern cms v4.8.8, which leads to the loss of server permissions. | ||||
| CVE-2023-49715 | 1 Wwbn | 1 Avideo | 2024-08-02 | 4.3 Medium |
| A unrestricted php file upload vulnerability exists in the import.json.php temporary copy functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary code execution when chained with an LFI vulnerability. An attacker can send a series of HTTP requests to trigger this vulnerability. | ||||
| CVE-2023-49814 | 1 Symbiostock | 1 Symbiostock | 2024-08-02 | 9.1 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in Symbiostock symbiostock.This issue affects Symbiostock: from n/a through 6.0.0. | ||||
| CVE-2023-48965 | 1 Thinkadmin | 1 Thinkadmin | 2024-08-02 | 8.8 High |
| An issue in the component /admin/api.plugs/script of ThinkAdmin v6.1.53 allows attackers to getshell via providing a crafted URL to download a malicious PHP file. | ||||
| CVE-2023-48966 | 1 Thinkadmin | 1 Thinkadmin | 2024-08-02 | 8.8 High |
| An arbitrary file upload vulnerability in the component /admin/api.upload/file of ThinkAdmin v6.1.53 allows attackers to execute arbitrary code via a crafted Zip file. | ||||
| CVE-2023-49052 | 1 Microweber | 1 Microweber | 2024-08-02 | 8.8 High |
| File Upload vulnerability in Microweber v.2.0.4 allows a remote attacker to execute arbitrary code via a crafted script to the file upload function in the created forms component. | ||||
| CVE-2023-48930 | 1 Rockoa | 1 Xinhu | 2024-08-02 | 9.8 Critical |
| xinhu xinhuoa 2.2.1 contains a File upload vulnerability. | ||||
| CVE-2023-48371 | 1 Itpison | 1 Omicard Edm | 2024-08-02 | 9.8 Critical |
| ITPison OMICARD EDM’s file uploading function does not restrict upload of file with dangerous type. An unauthenticated remote attacker can exploit this vulnerability to upload and run arbitrary executable files to perform arbitrary system commands or disrupt service. | ||||
| CVE-2023-48394 | 1 Kaifa | 1 Webitr Attendance System | 2024-08-02 | 8.8 High |
| Kaifa Technology WebITR is an online attendance system, its file uploading function does not restrict upload of file with dangerous type. A remote attacker with regular user privilege can exploit this vulnerability to upload arbitrary files to perform arbitrary command or disrupt service. | ||||
| CVE-2023-48376 | 1 Csharp | 1 Cws Collaborative Development Platform | 2024-08-02 | 9.8 Critical |
| SmartStar Software CWS is a web-based integration platform, its file uploading function does not restrict upload of file with dangerous type. An unauthenticated remote attacker can exploit this vulnerability to upload arbitrary files to perform arbitrary command or disrupt service. | ||||
| CVE-2023-47706 | 3 Ibm, Linux, Microsoft | 4 Aix, Security Guardium Key Lifecycle Manager, Linux Kernel and 1 more | 2024-08-02 | 6.6 Medium |
| IBM Security Guardium Key Lifecycle Manager 4.3 could allow an authenticated user to upload files of a dangerous file type. IBM X-Force ID: 271341. | ||||
| CVE-2023-47711 | 2024-08-02 | 2.7 Low | ||
| IBM Security Guardium 11.3, 11.4, 11.5, and 12.0 could allow an authenticated user to upload files that would cause a denial of service. IBM X-Force ID: 271526. | ||||
| CVE-2023-46808 | 1 Ivanti | 1 Neurons For Itsm | 2024-08-02 | 9.9 Critical |
| An file upload vulnerability in Ivanti ITSM before 2023.4, allows an authenticated remote user to perform file writes to the server. Successful exploitation may lead to execution of commands in the context of non-root user. | ||||
| CVE-2023-46694 | 2024-08-02 | 8.1 High | ||
| Vtenext 21.02 allows an authenticated attacker to upload arbitrary files, potentially enabling them to execute remote commands. This flaw exists due to the application's failure to enforce proper authentication controls when accessing the Ckeditor file manager functionality. | ||||
| CVE-2023-46474 | 1 Sigb | 1 Pmb | 2024-08-02 | 7.2 High |
| File Upload vulnerability PMB v.7.4.8 allows a remote attacker to execute arbitrary code and escalate privileges via a crafted PHP file uploaded to the start_import.php file. | ||||
| CVE-2023-46263 | 2 Ivanti, Microsoft | 2 Avalanche, Windows | 2024-08-02 | 9.8 Critical |
| An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.4.1 and below that could allow an attacker to achieve a remote code execution. | ||||