Total
2494 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-43269 | 1 Pigcms | 1 Pigcms | 2024-09-19 | 9.8 Critical |
| pigcms up to 7.0 was discovered to contain an arbitrary file upload vulnerability. | ||||
| CVE-2023-4097 | 1 Qsige | 1 Qsige | 2024-09-19 | 8.8 High |
| The file upload functionality is not implemented correctly and allows uploading of any type of file. As a prerequisite, it is necessary for the attacker to log into the application with a valid username. | ||||
| CVE-2023-4817 | 1 Icpdas | 2 Et-7060, Et-7060 Firmware | 2024-09-19 | 7.2 High |
| This vulnerability allows an authenticated attacker to upload malicious files by bypassing the restrictions of the upload functionality, compromising the entire device. | ||||
| CVE-2024-46373 | 1 Dedecms | 1 Dedecms | 2024-09-19 | 8.8 High |
| Dedecms V5.7.115 contains an arbitrary code execution via file upload vulnerability in the backend. | ||||
| CVE-2023-43321 | 1 Dcnetworks | 2 Dcfw-1800-sdc, Dcfw-1800-sdc Firmware | 2024-09-19 | 8.8 High |
| File Upload vulnerability in Digital China Networks DCFW-1800-SDC v.3.0 allows an authenticated attacker to execute arbitrary code via the wget function in the /sbin/cloudadmin.sh component. | ||||
| CVE-2023-44061 | 1 Simple And Nice Shopping Cart Script Project | 1 Simple And Nice Shopping Cart Script | 2024-09-19 | 8.8 High |
| File Upload vulnerability in Simple and Nice Shopping Cart Script v.1.0 allows a remote attacker to execute arbitrary code via the upload function in the edit profile component. | ||||
| CVE-2024-46377 | 1 Sourcecodester | 1 Best House Rental Management System | 2024-09-19 | 9.8 Critical |
| Best House Rental Management System 1.0 contains an arbitrary file upload vulnerability in the save_settings() function of the file rental/admin_class.php. | ||||
| CVE-2023-45353 | 1 Atos | 1 Unify Openscape Common Management | 2024-09-19 | 8.8 High |
| Atos Unify OpenScape Common Management Portal V10 before V10 R4.17.0 and V10 R5.1.0 allows an authenticated attacker to execute arbitrary code on the operating system by leveraging the Common Management Portal web interface for Authenticated remote upload and creation of arbitrary files affecting the underlying operating system. This is also known as OCMP-6591. | ||||
| CVE-2024-29848 | 1 Ivanti | 1 Avalanche | 2024-09-19 | N/A |
| An unrestricted file upload vulnerability in web component of Ivanti Avalanche before 6.4.x allows an authenticated, privileged user to execute arbitrary commands as SYSTEM. | ||||
| CVE-2024-27115 | 2 Simple Online Planning, Soplanning | 2 So Planning, Soplanning | 2024-09-18 | 9.8 Critical |
| A unauthenticated Remote Code Execution (RCE) vulnerability is found in the SO Planning online planning tool. With this vulnerability, an attacker can upload executable files that are moved to a publicly accessible folder before verifying any requirements. This leads to the possibility of execution of code on the underlying system when the file is triggered. The vulnerability has been remediated in version 1.52.02. | ||||
| CVE-2023-43696 | 1 Sick | 2 Apu0200, Apu0200 Firmware | 2024-09-18 | 8.2 High |
| Improper Access Control in SICK APU allows an unprivileged remote attacker to download as well as upload arbitrary files via anonymous access to the FTP server. | ||||
| CVE-2023-38098 | 1 Netgear | 1 Prosafe Network Management System | 2024-09-18 | N/A |
| NETGEAR ProSAFE Network Management System UpLoadServlet Unrestricted File Upload Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the UpLoadServlet class. The issue results from the lack of proper validation of user-supplied data, which can allow the upload of arbitrary files. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-19720. | ||||
| CVE-2023-38095 | 2024-09-18 | N/A | ||
| NETGEAR ProSAFE Network Management System MFileUploadController Unrestricted File Upload Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the MFileUploadController class. The issue results from the lack of proper validation of user-supplied data, which can allow the upload of arbitrary files. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-19717. | ||||
| CVE-2023-44962 | 1 Koha-community | 1 Koha Library Software | 2024-09-18 | 5.3 Medium |
| File Upload vulnerability in Koha Library Software 23.05.04 and before allows a remote attacker to read arbitrary files via the upload-cover-image.pl component. | ||||
| CVE-2024-8242 | 1 Inspireui | 1 Mstore Api | 2024-09-18 | 4.3 Medium |
| The MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the update_user_profile() function in all versions up to, and including, 4.15.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload arbitrary files (not including PHP files) on the affected site's server which may make remote code execution possible. This can be paired with a registration endpoint for unauthenticated users to exploit the issue. | ||||
| CVE-2024-45398 | 1 Contao | 1 Contao | 2024-09-18 | 8.3 High |
| Contao is an Open Source CMS. In affected versions a back end user with access to the file manager can upload malicious files and execute them on the server. Users are advised to update to Contao 4.13.49, 5.3.15 or 5.4.3. Users unable to update are advised to configure their web server so it does not execute PHP files and other scripts in the Contao file upload directory. | ||||
| CVE-2024-6595 | 1 Gitlab | 1 Gitlab | 2024-09-17 | 3 Low |
| An issue was discovered in GitLab CE/EE affecting all versions starting from 11.8 prior to 16.11.6, starting from 17.0 prior to 17.0.4, and starting from 17.1 prior to 17.1.2 where it was possible to upload an NPM package with conflicting package data. | ||||
| CVE-2023-45856 | 1 Qdpm | 1 Qdpm | 2024-09-17 | 9.8 Critical |
| qdPM 9.2 allows remote code execution by using the Add Attachments feature of Edit Project to upload a .php file to the /uploads URI. | ||||
| CVE-2023-5790 | 1 Remyandrade | 1 File Manager App | 2024-09-17 | 6.3 Medium |
| A vulnerability classified as critical was found in SourceCodester File Manager App 1.0. Affected by this vulnerability is an unknown functionality of the file endpoint/add-file.php. The manipulation of the argument uploadedFileName leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-243595. | ||||
| CVE-2021-32538 | 1 Artware Cms Project | 1 Artware Cms | 2024-09-17 | 9.8 Critical |
| ARTWARE CMS parameter of image upload function does not filter the type of upload files which allows remote attackers can upload arbitrary files without logging in, and further execute code unrestrictedly. | ||||