Total
2367 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-34747 | 1 Ujcms | 1 Ujcms | 2023-06-22 | N/A | 9.8 CRITICAL |
| File upload vulnerability in ujcms 6.0.2 via /api/backend/core/web-file-upload/upload. | |||||
| CVE-2022-33166 | 1 Ibm | 1 Security Directory Suite Va | 2023-06-21 | N/A | 7.2 HIGH |
| IBM Security Directory Suite VA 8.0.1 through 8.0.1.19 could allow a privileged user to upload malicious files of dangerous types that can be automatically processed within the product's environment. IBM X-Force ID: 228586. | |||||
| CVE-2023-34944 | 1 Chamilo | 1 Chamilo Lms | 2023-06-20 | N/A | 9.8 CRITICAL |
| An arbitrary file upload vulnerability in the /fileUpload.lib.php component of Chamilo 1.11.* up to v1.11.18 allows attackers to execute arbitrary code via uploading a crafted SVG file. | |||||
| CVE-2023-2063 | 1 Mitsubishielectric | 8 Fx5-enet\/ip, Fx5-enet\/ip Firmware, Rj71eip91 and 5 more | 2023-06-16 | N/A | 7.3 HIGH |
| Unrestricted Upload of File with Dangerous Type vulnerability in FTP function on Mitsubishi Electric Corporation MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series EtherNet/IP module FX5-ENET/IP allows a remote unauthenticated attacker to cause information disclosure, tampering, deletion or destruction via file upload/download. As a result, the attacker may be able to exploit this for further attacks. | |||||
| CVE-2023-27881 | 1 Ptc | 1 Vuforia Studio | 2023-06-16 | N/A | 9.9 CRITICAL |
| A user could use the “Upload Resource” functionality to upload files to any location on the disk. | |||||
| CVE-2023-33498 | 1 Alist Project | 1 Alist | 2023-06-13 | N/A | 8.8 HIGH |
| alist <=3.16.3 is vulnerable to Incorrect Access Control. Low privilege accounts can upload any file. | |||||
| CVE-2023-29631 | 1 Joommasters | 1 Jms Slider | 2023-06-13 | N/A | 9.8 CRITICAL |
| PrestaShop jmsslider 1.6.0 is vulnerable to Incorrect Access Control via ajax_jmsslider.php. | |||||
| CVE-2023-33601 | 1 Phpok | 1 Phpok | 2023-06-13 | N/A | 8.8 HIGH |
| An arbitrary file upload vulnerability in /admin.php?c=upload of phpok v6.4.100 allows attackers to execute arbitrary code via a crafted PHP file. | |||||
| CVE-2023-28353 | 2 Faronics, Microsoft | 2 Insight, Windows | 2023-06-13 | N/A | 8.8 HIGH |
| An issue was discovered in Faronics Insight 10.0.19045 on Windows. An unauthenticated attacker is able to upload any type of file to any location on the Teacher Console's computer, enabling a variety of different exploitation paths including code execution. It is also possible for the attacker to chain this vulnerability with others to cause a deployed DLL file to immediately execute as NT AUTHORITY/SYSTEM. | |||||
| CVE-2023-33569 | 1 Faculty Evaluation System Project | 1 Faculty Evaluation System | 2023-06-13 | N/A | 7.2 HIGH |
| Sourcecodester Faculty Evaluation System v1.0 is vulnerable to arbitrary code execution via ip/eval/ajax.php?action=update_user. | |||||
| CVE-2018-4834 | 1 Siemens | 10 Pxc001-e.d, Pxc001-e.d Firmware, Pxc00\/50\/100\/200-e.d and 7 more | 2023-06-13 | 10.0 HIGH | 9.8 CRITICAL |
| A vulnerability has been identified in Desigo PXC00-E.D V4.10 (All versions < V4.10.111), Desigo PXC00-E.D V5.00 (All versions < V5.0.171), Desigo PXC00-E.D V5.10 (All versions < V5.10.69), Desigo PXC00-E.D V6.00 (All versions < V6.0.204), Desigo PXC00/64/128-U V4.10 (All versions < V4.10.111 only with web module), Desigo PXC00/64/128-U V5.00 (All versions < V5.0.171 only with web module), Desigo PXC00/64/128-U V5.10 (All versions < V5.10.69 only with web module), Desigo PXC00/64/128-U V6.00 (All versions < V6.0.204 only with web module), Desigo PXC001-E.D V4.10 (All versions < V4.10.111), Desigo PXC001-E.D V5.00 (All versions < V5.0.171), Desigo PXC001-E.D V5.10 (All versions < V5.10.69), Desigo PXC001-E.D V6.00 (All versions < V6.0.204), Desigo PXC100-E.D V4.10 (All versions < V4.10.111), Desigo PXC100-E.D V5.00 (All versions < V5.0.171), Desigo PXC100-E.D V5.10 (All versions < V5.10.69), Desigo PXC100-E.D V6.00 (All versions < V6.0.204), Desigo PXC12-E.D V4.10 (All versions < V4.10.111), Desigo PXC12-E.D V5.00 (All versions < V5.0.171), Desigo PXC12-E.D V5.10 (All versions < V5.10.69), Desigo PXC12-E.D V6.00 (All versions < V6.0.204), Desigo PXC200-E.D V4.10 (All versions < V4.10.111), Desigo PXC200-E.D V5.00 (All versions < V5.0.171), Desigo PXC200-E.D V5.10 (All versions < V5.10.69), Desigo PXC200-E.D V6.00 (All versions < V6.0.204), Desigo PXC22-E.D V4.10 (All versions < V4.10.111), Desigo PXC22-E.D V5.00 (All versions < V5.0.171), Desigo PXC22-E.D V5.10 (All versions < V5.10.69), Desigo PXC22-E.D V6.00 (All versions < V6.0.204), Desigo PXC22.1-E.D V4.10 (All versions < V4.10.111), Desigo PXC22.1-E.D V5.00 (All versions < V5.0.171), Desigo PXC22.1-E.D V5.10 (All versions < V5.10.69), Desigo PXC22.1-E.D V6.00 (All versions < V6.0.204), Desigo PXC36.1-E.D V4.10 (All versions < V4.10.111), Desigo PXC36.1-E.D V5.00 (All versions < V5.0.171), Desigo PXC36.1-E.D V5.10 (All versions < V5.10.69), Desigo PXC36.1-E.D V6.00 (All versions < V6.0.204), Desigo PXC50-E.D V4.10 (All versions < V4.10.111), Desigo PXC50-E.D V5.00 (All versions < V5.0.171), Desigo PXC50-E.D V5.10 (All versions < V5.10.69), Desigo PXC50-E.D V6.00 (All versions < V6.0.204), Desigo PXM20-E V4.10 (All versions < V4.10.111), Desigo PXM20-E V5.00 (All versions < V5.0.171), Desigo PXM20-E V5.10 (All versions < V5.10.69), Desigo PXM20-E V6.00 (All versions < V6.0.204). A remote attacker with network access to the device could potentially upload a new firmware image to the devices without prior authentication. | |||||
| CVE-2023-22450 | 1 Advantech | 1 Webaccess\/scada | 2023-06-12 | N/A | 7.2 HIGH |
| In Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary file upload vulnerability that could allow an attacker to upload an ASP script file to a webserver when logged in as manager user, which can lead to arbitrary code execution. | |||||
| CVE-2023-32628 | 1 Advantech | 1 Webaccess\/scada | 2023-06-12 | N/A | 9.8 CRITICAL |
| In Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary file upload vulnerability that could allow an attacker to modify the file extension of a certificate file to ASP when uploading it, which can lead to remote code execution. | |||||
| CVE-2021-24499 | 1 Amentotech | 1 Workreap | 2023-06-12 | 7.5 HIGH | 9.8 CRITICAL |
| The Workreap WordPress theme before 2.2.2 AJAX actions workreap_award_temp_file_uploader and workreap_temp_file_uploader did not perform nonce checks, or validate that the request is from a valid user in any other way. The endpoints allowed for uploading arbitrary files to the uploads/workreap-temp directory. Uploaded files were neither sanitized nor validated, allowing an unauthenticated visitor to upload executable code such as php scripts. | |||||
| CVE-2022-41217 | 1 Hybridsoftware | 1 Cloudflow | 2023-06-11 | N/A | 9.8 CRITICAL |
| Cloudflow contains a unauthenticated file upload vulnerability, which makes it possible for an attacker to upload malicious files to the CLOUDFLOW PROOFSCOPE built-in storage. | |||||
| CVE-2020-19028 | 1 Emlog | 1 Emlog | 2023-06-09 | N/A | 7.5 HIGH |
| *File Upload vulnerability found in Emlog EmlogCMS v.6.0.0 allows a remote attacker to gain access to sensitive information via the /admin/plugin.php function. | |||||
| CVE-2023-33386 | 1 Marsctf Project | 1 Marsctf | 2023-06-09 | N/A | 9.8 CRITICAL |
| MarsCTF 1.2.1 has an arbitrary file upload vulnerability in the interface for uploading attachments in the background. | |||||
| CVE-2023-3032 | 1 Mobatime | 1 Mobatime Web Application | 2023-06-09 | N/A | 8.8 HIGH |
| Unrestricted Upload of File with Dangerous Type vulnerability in Mobatime web application (Documentary proof upload modules) allows a malicious user to Upload a Web Shell to a Web Server.This issue affects Mobatime web application: through 06.7.22. | |||||
| CVE-2023-28700 | 1 Itpison | 1 Omicard Edm | 2023-06-09 | N/A | 6.8 MEDIUM |
| OMICARD EDM backend system’s file uploading function does not restrict upload of file with dangerous type. A local area network attacker with administrator privileges can exploit this vulnerability to upload and run arbitrary executable files to perform arbitrary system commands or disrupt service. | |||||
| CVE-2023-28699 | 1 Wddgroup | 1 Fantasy | 2023-06-09 | N/A | 8.8 HIGH |
| Wade Graphic Design FANTSY has a vulnerability of insufficient filtering for file type in its file update function. An authenticated remote attacker with general user privilege can exploit this vulnerability to upload a PHP file containing a webshell to perform arbitrary system operation or disrupt service. | |||||