Total
2367 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-33253 | 1 Agilebio | 1 Labcollector | 2023-07-21 | N/A | 8.8 HIGH |
| LabCollector 6.0 though 6.15 allows remote code execution. An authenticated remote low-privileged user can upload an executable PHP file and execute system commands. The vulnerability is in the message function, and is due to insufficient validation of the file (such as shell.jpg.php.shell) being sent. | |||||
| CVE-2022-0950 | 1 Showdoc | 1 Showdoc | 2023-07-21 | 3.5 LOW | 5.4 MEDIUM |
| Unrestricted Upload of File with Dangerous Type in GitHub repository star7th/showdoc prior to 2.10.4. | |||||
| CVE-2023-34126 | 1 Sonicwall | 2 Analytics, Global Management System | 2023-07-20 | N/A | 8.8 HIGH |
| Vulnerability in SonicWall GMS and Analytics allows an authenticated attacker to upload files on the underlying filesystem with root privileges. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions. | |||||
| CVE-2023-37656 | 1 Websiteguide Project | 1 Websiteguide | 2023-07-18 | N/A | 9.8 CRITICAL |
| WebsiteGuide v0.2 is vulnerable to Remote Command Execution (RCE) via image upload. | |||||
| CVE-2021-34619 | 1 Storeapps | 1 Stock Manager For Woocommerce | 2023-07-18 | 6.8 MEDIUM | 8.8 HIGH |
| The WooCommerce Stock Manager WordPress plugin is vulnerable to Cross-Site Request Forgery leading to Arbitrary File Upload in versions up to, and including, 2.5.7 due to missing nonce and file validation in the /woocommerce-stock-manager/trunk/admin/views/import-export.php file. | |||||
| CVE-2023-34193 | 1 Zimbra | 1 Collaboration | 2023-07-12 | N/A | 8.8 HIGH |
| File Upload vulnerability in Zimbra ZCS 8.8.15 allows an authenticated privileged user to execute arbitrary code and obtain sensitive information via the ClientUploader function. | |||||
| CVE-2020-21861 | 1 Duxcms Project | 1 Duxcms | 2023-07-12 | N/A | 8.8 HIGH |
| File upload vulnerability in DuxCMS 2.1 allows attackers to execute arbitrary php code via duxcms/AdminUpload/upload. | |||||
| CVE-2023-36809 | 1 Kiwitcms | 1 Kiwi Tcms | 2023-07-12 | N/A | 5.4 MEDIUM |
| Kiwi TCMS, an open source test management system allows users to upload attachments to test plans, test cases, etc. Versions of Kiwi TCMS prior to 12.5 had introduced changes which were meant to serve all uploaded files as plain text in order to prevent browsers from executing potentially dangerous files when such files are accessed directly. The previous Nginx configuration was incorrect allowing certain browsers like Firefox to ignore the `Content-Type: text/plain` header on some occasions thus allowing potentially dangerous scripts to be executed. Additionally, file upload validators and parts of the HTML rendering code had been found to require additional sanitation and improvements. Version 12.5 fixes this vulnerability with updated Nginx content type configuration, improved file upload validation code to prevent more potentially dangerous uploads, and Sanitization of test plan names used in the `tree_view_html()` function. | |||||
| CVE-2023-36969 | 1 Cmsmadesimple | 1 Cms Made Simple | 2023-07-12 | N/A | 8.8 HIGH |
| CMS Made Simple v2.2.17 is vulnerable to Remote Command Execution via the File Upload Function. | |||||
| CVE-2020-22153 | 1 Thedaylightstudio | 1 Fuel Cms | 2023-07-11 | N/A | 9.8 CRITICAL |
| File Upload vulnerability in FUEL-CMS v.1.4.6 allows a remote attacker to execute arbitrary code via a crafted .php file to the upload parameter in the navigation function. | |||||
| CVE-2023-34736 | 1 Guantang Equipment Management System Project | 1 Guantang Equipment Management System | 2023-07-10 | N/A | 7.2 HIGH |
| Guantang Equipment Management System version 4.12 is vulnerable to Arbitrary File Upload. | |||||
| CVE-2020-18432 | 1 Sem-cms | 1 Semcms | 2023-07-07 | N/A | 9.8 CRITICAL |
| File Upload vulnerability in SEMCMS PHP 3.7 allows remote attackers to upload arbitrary files and gain escalated privileges. | |||||
| CVE-2023-3491 | 1 Fossbilling | 1 Fossbilling | 2023-07-07 | N/A | 8.8 HIGH |
| Unrestricted Upload of File with Dangerous Type in GitHub repository fossbilling/fossbilling prior to 0.5.3. | |||||
| CVE-2023-32621 | 1 Wavlink | 2 Wl-wn531ax2, Wl-wn531ax2 Firmware | 2023-07-06 | N/A | 7.2 HIGH |
| WL-WN531AX2 firmware versions prior to 2023526 allows an attacker with an administrative privilege to upload arbitrary files and execute OS commands with the root privilege. | |||||
| CVE-2023-34738 | 1 Chemex | 1 Chemex | 2023-07-06 | N/A | 9.8 CRITICAL |
| Chemex through 3.7.1 is vulnerable to arbitrary file upload. | |||||
| CVE-2022-44276 | 1 Tecrail | 1 Responsive Filemanager | 2023-07-05 | N/A | 9.8 CRITICAL |
| In Responsive Filemanager < 9.12.0, an attacker can bypass upload restrictions resulting in RCE. | |||||
| CVE-2023-33404 | 1 Blogengine | 1 Blogengine.net | 2023-07-05 | N/A | 9.8 CRITICAL |
| An Unrestricted Upload vulnerability, due to insufficient validation on UploadControlled.cs file, in BlogEngine.Net version 3.3.8.0 and earlier allows remote attackers to execute remote code. | |||||
| CVE-2020-20210 | 1 Bludit | 1 Bludit | 2023-07-05 | N/A | 8.8 HIGH |
| Bludit 3.9.2 is vulnerable to Remote Code Execution (RCE) via /admin/ajax/upload-images. | |||||
| CVE-2023-32752 | 1 L7-networks | 2 Instantqos, Instantscan | 2023-07-03 | N/A | 9.8 CRITICAL |
| L7 Networks InstantScan IS-8000 & InstantQoS IQ-8000’s file uploading function does not restrict upload of file with dangerous type. An unauthenticated remote attacker can exploit this vulnerability to upload and run arbitrary executable files to perform arbitrary system commands or disrupt service. | |||||
| CVE-2023-36630 | 1 Mgt-commerce | 1 Cloudpanel | 2023-07-03 | N/A | 8.8 HIGH |
| In CloudPanel before 2.3.1, insecure file upload leads to privilege escalation and authentication bypass. | |||||