Total
2367 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-22504 | 1 Atlassian | 1 Confluence Server | 2023-06-07 | N/A | 6.5 MEDIUM |
| Affected versions of Atlassian Confluence Server allow remote attackers who have read permissions to a page, but not write permissions, to upload attachments via a Broken Access Control vulnerability in the attachments feature. | |||||
| CVE-2023-32689 | 1 Parseplatform | 1 Parse-server | 2023-06-06 | N/A | 6.5 MEDIUM |
| Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Versions prior to 5.4.4 and 6.1.1 are vulnerable to a phishing attack vulnerability that involves a user uploading malicious files. A malicious user could upload an HTML file to Parse Server via its public API. That HTML file would then be accessible at the internet domain at which Parse Server is hosted. The URL of the the uploaded HTML could be shared for phishing attacks. The HTML page may seem legitimate because it is served under the internet domain where Parse Server is hosted, which may be the same as a company's official website domain. An additional security issue arises when the Parse JavaScript SDK is used. The SDK stores sessions in the internet browser's local storage, which usually restricts data access depending on the internet domain. A malicious HTML file could contain a script that retrieves the user's session token from local storage and then share it with the attacker. The fix included in versions 5.4.4 and 6.1.1 adds a new Parse Server option `fileUpload.fileExtensions` to restrict file upload on Parse Server by file extension. It is recommended to restrict file upload for HTML file extensions, which this fix disables by default. If an app requires upload of files with HTML file extensions, the option can be set to `['.*']` or another custom value to override the default. | |||||
| CVE-2023-33508 | 1 Kramerav | 2 Via Go2, Via Go2 Firmware | 2023-06-06 | N/A | 9.8 CRITICAL |
| KramerAV VIA GO² < 4.0.1.1326 is vulnerable to unauthenticated file upload resulting in Remote Code Execution (RCE). | |||||
| CVE-2023-32686 | 1 Kiwitcms | 1 Kiwi Tcms | 2023-06-02 | N/A | 5.4 MEDIUM |
| Kiwi TCMS is an open source test management system for both manual and automated testing. Kiwi TCMS allows users to upload attachments to test plans, test cases, etc. Earlier versions of Kiwi TCMS had introduced upload validators in order to prevent potentially dangerous files from being uploaded. The upload validation checks were not robust enough which left the possibility of an attacker to circumvent them and upload a potentially dangerous file. Exploiting this flaw, a combination of files could be uploaded so that they work together to circumvent the existing Content-Security-Policy and allow execution of arbitrary JavaScript in the browser. This issue has been patched in version 12.3. | |||||
| CVE-2023-0455 | 1 Bumsys Project | 1 Bumsys | 2023-06-01 | N/A | 8.8 HIGH |
| Unrestricted Upload of File with Dangerous Type in GitHub repository unilogies/bumsys prior to v1.0.3-beta. | |||||
| CVE-2023-29721 | 1 Sofawiki Project | 1 Sofawiki | 2023-06-01 | N/A | 9.8 CRITICAL |
| SofaWiki <= 3.8.9 has a file upload vulnerability that leads to command execution. | |||||
| CVE-2023-28409 | 1 Mw Wp Form Project | 1 Mw Wp Form | 2023-05-30 | N/A | 9.8 CRITICAL |
| Unrestricted upload of file with dangerous type exists in MW WP Form versions v4.4.2 and earlier, which may allow a remote unauthenticated attacker to upload an arbitrary file. | |||||
| CVE-2023-27397 | 1 Microengine | 1 Mailform | 2023-05-30 | N/A | 9.8 CRITICAL |
| Unrestricted upload of file with dangerous type exists in MicroEngine Mailform version 1.1.0 to 1.1.8. If the product's file upload function and server save option are enabled, a remote attacker may save an arbitrary file on the server and execute it. | |||||
| CVE-2023-31689 | 1 Wcms | 1 Wcms | 2023-05-27 | N/A | 9.8 CRITICAL |
| In Wcms 0.3.2, an attacker can send a crafted request from a vulnerable web application backend server /wcms/wex/html.php via the finish parameter and the textAreaCode parameter. It can write arbitrary strings into custom file names and upload any files, and write malicious code to execute scripts to trigger command execution. | |||||
| CVE-2022-1329 | 1 Elementor | 1 Website Builder | 2023-05-26 | 6.5 MEDIUM | 8.8 HIGH |
| The Elementor Website Builder plugin for WordPress is vulnerable to unauthorized execution of several AJAX actions due to a missing capability check in the ~/core/app/modules/onboarding/module.php file that make it possible for attackers to modify site data in addition to uploading malicious files that can be used to obtain remote code execution, in versions 3.6.0 to 3.6.2. | |||||
| CVE-2021-34623 | 1 Properfraction | 1 Profilepress | 2023-05-26 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability in the image uploader component found in the ~/src/Classes/ImageUploader.php file of the ProfilePress WordPress plugin made it possible for users to upload arbitrary files during user registration or during profile updates. This issue affects versions 3.0.0 - 3.1.3. . | |||||
| CVE-2021-34624 | 1 Properfraction | 1 Profilepress | 2023-05-26 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability in the file uploader component found in the ~/src/Classes/FileUploader.php file of the ProfilePress WordPress plugin made it possible for users to upload arbitrary files during user registration or during profile updates. This issue affects versions 3.0.0 - 3.1.3. . | |||||
| CVE-2019-11185 | 1 3cx | 1 Live Chat | 2023-05-26 | 7.5 HIGH | 9.8 CRITICAL |
| The WP Live Chat Support Pro plugin through 8.0.26 for WordPress contains an arbitrary file upload vulnerability. This results from an incomplete patch for CVE-2018-12426. Arbitrary file upload is achieved by using a non-blacklisted executable file extension in conjunction with a whitelisted file extension, and prepending "magic bytes" to the payload to pass MIME checks. Specifically, an unauthenticated remote user submits a crafted file upload POST request to the REST api remote_upload endpoint. The file contains data that will fool the plugin's MIME check into classifying it as an image (which is a whitelisted file extension) and finally a trailing .phtml file extension. | |||||
| CVE-2023-30333 | 1 Perfree | 1 Perfreeblog | 2023-05-25 | N/A | 9.8 CRITICAL |
| An arbitrary file upload vulnerability in the component /admin/ThemeController.java of PerfreeBlog v3.1.2 allows attackers to execute arbitrary code via a crafted file. | |||||
| CVE-2023-31903 | 1 Freeguppy | 1 Guppy | 2023-05-25 | N/A | 9.8 CRITICAL |
| GuppY CMS 6.00.10 is vulnerable to Unrestricted File Upload which allows remote attackers to execute arbitrary code by uploading a php file. | |||||
| CVE-2023-29930 | 1 Genesys | 1 Tftp Server | 2023-05-24 | N/A | 8.8 HIGH |
| An issue was found in Genesys CIC Polycom phone provisioning TFTP Server all version allows a remote attacker to execute arbitrary code via the login crednetials to the TFTP server configuration page. | |||||
| CVE-2023-31576 | 1 S9y | 1 Serendipity | 2023-05-23 | N/A | 8.8 HIGH |
| An arbitrary file upload vulnerability in Serendipity 2.4-beta1 allows attackers to execute arbitrary code via a crafted HTML or Javascript file. | |||||
| CVE-2023-1731 | 1 Meinbergglobal | 7 Lantime Firmware, Lantime M100, Lantime M200 and 4 more | 2023-05-23 | N/A | 7.2 HIGH |
| In Meinbergs LTOS versions prior to V7.06.013, the configuration file upload function would not correctly validate the input, which would allow an remote authenticated attacker with high privileges to execute arbitrary commands. | |||||
| CVE-2023-29657 | 1 Extplorer | 1 Extplorer | 2023-05-22 | N/A | 8.8 HIGH |
| eXtplorer 2.1.15 is vulnerable to Insecure Permissions. File upload in file manager allows uploading zip file containing php pages with arbitrary code executions. | |||||
| CVE-2021-34076 | 1 Phpok | 1 Phpok | 2023-05-19 | N/A | 8.8 HIGH |
| File Upload vulnerability in PHPOK 5.7.140 allows remote attackers to run arbitrary code and gain escalated privileges via crafted zip file upload. | |||||