Total
2367 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-47893 | 1 Riello-ups | 2 Netman 204, Netman 204 Firmware | 2023-10-04 | N/A | 9.8 CRITICAL |
| There is a remote code execution vulnerability that affects all versions of NetMan 204. A remote attacker could upload a firmware file containing a webshell, that could allow him to execute arbitrary code as root. | |||||
| CVE-2023-44008 | 1 Mojoportal | 1 Mojoportal | 2023-10-04 | N/A | 9.8 CRITICAL |
| File Upload vulnerability in mojoPortal v.2.7.0.0 allows a remote attacker to execute arbitrary code via the File Manager function. | |||||
| CVE-2023-44009 | 1 Mojoportal | 1 Mojoportal | 2023-10-04 | N/A | 9.8 CRITICAL |
| File Upload vulnerability in mojoPortal v.2.7.0.0 allows a remote attacker to execute arbitrary code via the Skin Management function. | |||||
| CVE-2023-31857 | 1 Oretnom23 | 1 Online Computer And Laptop Store | 2023-10-04 | N/A | 9.8 CRITICAL |
| Sourcecodester Online Computer and Laptop Store 1.0 allows unrestricted file upload and can lead to remote code execution. The vulnerability path is /classes/Users.php?f=save. | |||||
| CVE-2022-47186 | 1 Generex | 2 Cs141, Cs141 Firmware | 2023-10-03 | N/A | 9.1 CRITICAL |
| There is an unrestricted upload of file vulnerability in Generex CS141 below 2.06 version. An attacker could upload and/or delete any type of file, without any format restriction and without any authentication, in the "upload" directory. | |||||
| CVE-2023-38874 | 1 Economizzer | 1 Economizzer | 2023-10-02 | N/A | 8.8 HIGH |
| A remote code execution (RCE) vulnerability via an insecure file upload exists in gugoan's Economizzer v.0.9-beta1 and commit 3730880 (April 2023). A malicious attacker can upload a PHP web shell as an attachment when adding a new cash book entry. Afterwards, the attacker may visit the web shell and execute arbitrary commands. | |||||
| CVE-2023-5227 | 1 Phpmyfaq | 1 Phpmyfaq | 2023-10-02 | N/A | 9.8 CRITICAL |
| Unrestricted Upload of File with Dangerous Type in GitHub repository thorsten/phpmyfaq prior to 3.1.8. | |||||
| CVE-2023-5185 | 1 Projectworlds | 1 Gym Management System Project | 2023-09-29 | N/A | 8.8 HIGH |
| Gym Management System Project v1.0 is vulnerable to an Insecure File Upload vulnerability on the 'file' parameter of profile/i.php page, allowing an authenticated attacker to obtain Remote Code Execution on the server hosting the application. | |||||
| CVE-2023-43226 | 1 Dedecms | 1 Dedecms | 2023-09-29 | N/A | 8.8 HIGH |
| An arbitrary file upload vulnerability in dede/baidunews.php in DedeCMS 5.7.111 and earlier allows attackers to execute arbitrary code via uploading a crafted PHP file. | |||||
| CVE-2023-42462 | 1 Glpi-project | 1 Glpi | 2023-09-29 | N/A | 9.1 CRITICAL |
| GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. The document upload process can be diverted to delete some files. Users are advised to upgrade to version 10.0.10. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-40219 | 1 Collne | 1 Welcart E-commerce | 2023-09-27 | N/A | 7.2 HIGH |
| Welcart e-Commerce versions 2.7 to 2.8.21 allows a user with editor or higher privilege to upload an arbitrary file to an unauthorized directory. | |||||
| CVE-2023-39377 | 1 Siberiancms | 1 Siberiancms | 2023-09-27 | N/A | 7.2 HIGH |
| SiberianCMS - CWE-434: Unrestricted Upload of File with Dangerous Type - A malicious user with administrative privileges may be able to upload a dangerous filetype via an unspecified method | |||||
| CVE-2023-41902 | 1 Corecode | 1 Macupdater | 2023-09-26 | N/A | 7.8 HIGH |
| An XPC misconfiguration vulnerability in CoreCode MacUpdater before 2.3.8, and 3.x before 3.1.2, allows attackers to escalate privileges by crafting malicious .pkg files. | |||||
| CVE-2023-40183 | 1 Dataease | 1 Dataease | 2023-09-26 | N/A | 5.3 MEDIUM |
| DataEase is an open source data visualization and analysis tool. Prior to version 1.18.11, DataEase has a vulnerability that allows an attacker to to obtain user cookies. The program only uses the `ImageIO.read()` method to determine whether the file is an image file or not. There is no whitelisting restriction on file suffixes. This allows the attacker to synthesize the attack code into an image for uploading and change the file extension to html. The attacker may steal user cookies by accessing links. The vulnerability has been fixed in v1.18.11. There are no known workarounds. | |||||
| CVE-2023-43497 | 1 Jenkins | 1 Jenkins | 2023-09-23 | N/A | 8.1 HIGH |
| In Jenkins 2.423 and earlier, LTS 2.414.1 and earlier, processing file uploads using the Stapler web framework creates temporary files in the default system temporary directory with the default permissions for newly created files, potentially allowing attackers with access to the Jenkins controller file system to read and write the files before they are used. | |||||
| CVE-2023-43478 | 1 Telstra | 2 Arcadyan Lh1000, Arcadyan Lh1000 Firmware | 2023-09-22 | N/A | 9.8 CRITICAL |
| fake_upload.cgi on the Telstra Smart Modem Gen 2 (Arcadyan LH1000), firmware versions < 0.18.15r, allows unauthenticated attackers to upload firmware images and configuration backups, which could allow them to alter the firmware or the configuration on the device, ultimately leading to code execution as root. | |||||
| CVE-2023-42335 | 1 Fl3xx | 2 Crew, Dispatch | 2023-09-22 | N/A | 8.8 HIGH |
| Unrestricted File Upload vulnerability in Fl3xx Dispatch 2.10.37 and fl3xx Crew 2.10.37 allows a remote attacker to execute arbitrary code via the add attachment function in the New Expense component. | |||||
| CVE-2023-38887 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2023-09-22 | N/A | 8.8 HIGH |
| File Upload vulnerability in Dolibarr ERP CRM v.17.0.1 and before allows a remote attacker to execute arbitrary code and obtain sensitive information via the extension filtering and renaming functions. | |||||
| CVE-2023-36319 | 1 Openupload Project | 1 Openupload | 2023-09-21 | N/A | 8.8 HIGH |
| File Upload vulnerability in Openupload Stable v.0.4.3 allows a remote attacker to execute arbitrary code via the action parameter of the compress-inc.php file. | |||||
| CVE-2023-42180 | 1 Lenosp Project | 1 Lenosp | 2023-09-19 | N/A | 8.8 HIGH |
| An arbitrary file upload vulnerability in the /user/upload component of lenosp 1.0-1.2.0 allows attackers to execute html code via a crafted JPG file. | |||||