Total
2367 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-4436 | 1 Wp3dprinting | 1 3dprint Lite | 2024-02-10 | N/A | 9.8 CRITICAL |
| The 3DPrint Lite WordPress plugin before 1.9.1.5 does not have any authorisation and does not check the uploaded file in its p3dlite_handle_upload AJAX action , allowing unauthenticated users to upload arbitrary file to the web server. However, there is a .htaccess, preventing the file to be accessed on Web servers such as Apache. | |||||
| CVE-2023-6846 | 1 Filemanagerpro | 1 File Manager Pro | 2024-02-09 | N/A | 8.8 HIGH |
| The File Manager Pro plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 8.3.4 via the mk_check_filemanager_php_syntax AJAX function. This makes it possible for authenticated attackers, with subscriber access and above, to execute code on the server. Version 8.3.5 introduces a capability check that prevents users lower than admin from executing this function. | |||||
| CVE-2024-1069 | 1 Crmperks | 1 Database For Contact Form 7\, Wpforms\, Elementor Forms | 2024-02-06 | N/A | 7.2 HIGH |
| The Contact Form Entries plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file validation on the 'view_page' function in versions up to, and including, 1.3.2. This makes it possible for authenticated attackers with administrator-level capabilities or above, to upload arbitrary files on the affected site's server which may make remote code execution possible. | |||||
| CVE-2023-31505 | 1 Schlix | 1 Cms | 2024-02-06 | N/A | 7.2 HIGH |
| An arbitrary file upload vulnerability in Schlix CMS v2.2.8-1, allows remote authenticated attackers to execute arbitrary code and obtain sensitive information via a crafted .phtml file. | |||||
| CVE-2023-6675 | 1 Nationalkeep | 1 Cybermath | 2024-02-06 | N/A | 9.8 CRITICAL |
| Unrestricted Upload of File with Dangerous Type vulnerability in National Keep Cyber Security Services CyberMath allows Upload a Web Shell to a Web Server.This issue affects CyberMath: from v.1.4 before v.1.5. | |||||
| CVE-2021-41645 | 1 Oretnom23 | 1 Budget And Expense Tracker System | 2024-02-03 | 6.5 MEDIUM | 8.8 HIGH |
| Remote Code Execution (RCE) vulnerability exists in Sourcecodester Budget and Expense Tracker System 1.0 that allows a remote malicious user to inject arbitrary code via the image upload field. . | |||||
| CVE-2024-22550 | 1 Shopsite | 1 Shopsite | 2024-02-02 | N/A | 6.1 MEDIUM |
| An arbitrary file upload vulnerability in the component /alsdemo/ss/mediam.cgi of ShopSite v14.0 allows attackers to execute arbitrary code via uploading a crafted SVG file. | |||||
| CVE-2005-0254 | 1 Guillaumegardey | 1 Biborb | 2024-02-02 | 4.3 MEDIUM | N/A |
| BibORB 1.3.2, and possibly earlier versions, does not properly enforce a restriction for uploading only PDF and PS files, which allows remote attackers to upload arbitrary files that are presented to other users with PDF or PS icons, which may trick some users into downloading and executing those files. | |||||
| CVE-2024-20272 | 1 Cisco | 1 Unity Connection | 2024-02-02 | N/A | 9.8 CRITICAL |
| A vulnerability in the web-based management interface of Cisco Unity Connection could allow an unauthenticated, remote attacker to upload arbitrary files to an affected system and execute commands on the underlying operating system. This vulnerability is due to a lack of authentication in a specific API and improper validation of user-supplied data. An attacker could exploit this vulnerability by uploading arbitrary files to an affected system. A successful exploit could allow the attacker to store malicious files on the system, execute arbitrary commands on the operating system, and elevate privileges to root. | |||||
| CVE-2024-23630 | 1 Motorola | 2 Mr2600, Mr2600 Firmware | 2024-02-01 | 7.7 HIGH | 8.8 HIGH |
| An arbitrary firmware upload vulnerability exists in the Motorola MR2600. An attacker can exploit this vulnerability to achieve code execution on the device. Authentication is required, however can be bypassed. | |||||
| CVE-2022-4232 | 1 Rinvizle | 1 Event Registration System | 2024-02-01 | N/A | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, was found in SourceCodester Event Registration System 1.0. Affected is an unknown function. The manipulation of the argument cmd leads to unrestricted upload. It is possible to launch the attack remotely. VDB-214590 is the identifier assigned to this vulnerability. | |||||
| CVE-2023-52324 | 1 Trendmicro | 1 Apex Central | 2024-01-30 | N/A | 8.8 HIGH |
| An unrestricted file upload vulnerability in Trend Micro Apex Central could allow a remote attacker to create arbitrary files on affected installations. Please note: although authentication is required to exploit this vulnerability, this vulnerability could be exploited when the attacker has any valid set of credentials. Also, this vulnerability could be potentially used in combination with another vulnerability to execute arbitrary code. | |||||
| CVE-2024-22152 | 1 Webtoffee | 1 Product Import Export For Woocommerce | 2024-01-30 | N/A | 7.2 HIGH |
| Unrestricted Upload of File with Dangerous Type vulnerability in WebToffee Product Import Export for WooCommerce.This issue affects Product Import Export for WooCommerce: from n/a through 2.3.7. | |||||
| CVE-2024-22135 | 1 Webtoffee | 1 Order Export \& Order Import For Woocommerce | 2024-01-30 | N/A | 7.2 HIGH |
| Unrestricted Upload of File with Dangerous Type vulnerability in WebToffee Order Export & Order Import for WooCommerce.This issue affects Order Export & Order Import for WooCommerce: from n/a through 2.4.3. | |||||
| CVE-2023-52221 | 1 Ukrsolution | 1 Barcode Scanner And Inventory Manager | 2024-01-30 | N/A | 9.8 CRITICAL |
| Unrestricted Upload of File with Dangerous Type vulnerability in UkrSolution Barcode Scanner and Inventory manager.This issue affects Barcode Scanner and Inventory manager: from n/a through 1.5.1. | |||||
| CVE-2002-1841 | 1 Noguska | 1 Nola | 2024-01-26 | 5.0 MEDIUM | N/A |
| The document management module in NOLA 1.1.1 and 1.1.2 does not restrict the types of files that are uploaded, which allows remote attackers to upload and execute arbitrary PHP files with extensions such as .php4. | |||||
| CVE-2001-0901 | 1 Hypermail Development | 1 Hypermail | 2024-01-26 | 7.5 HIGH | N/A |
| Hypermail allows remote attackers to execute arbitrary commands on a server supporting SSI via an attachment with a .shtml extension, which is archived on the server and can then be executed by requesting the URL for the attachment. | |||||
| CVE-2024-22895 | 1 Dedecms | 1 Dedecms | 2024-01-26 | N/A | 8.8 HIGH |
| DedeCMS 5.7.112 has a File Upload vulnerability via uploads/dede/module_upload.php. | |||||
| CVE-2004-2262 | 1 E107 | 1 E107 | 2024-01-26 | 7.5 HIGH | N/A |
| ImageManager in e107 before 0.617 does not properly check the types of uploaded files, which allows remote attackers to execute arbitrary code by uploading a PHP file via the upload parameter to images.php. | |||||
| CVE-2005-1868 | 1 Yvesglodt | 1 I-man | 2024-01-26 | 7.5 HIGH | N/A |
| I-Man 0.9, and possibly earlier versions, allows remote attackers to execute arbitrary PHP code by uploading a file attachment with a .php extension. | |||||