Total
2367 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-34128 | 1 Glpi-project | 1 Positions | 2023-04-25 | N/A | 9.8 CRITICAL |
| The Cartography (aka positions) plugin before 6.0.1 for GLPI allows remote code execution via PHP code in the POST data to front/upload.php. | |||||
| CVE-2023-2034 | 1 Froxlor | 1 Froxlor | 2023-04-21 | N/A | 8.8 HIGH |
| Unrestricted Upload of File with Dangerous Type in GitHub repository froxlor/froxlor prior to 2.0.14. | |||||
| CVE-2023-26852 | 1 Textpattern | 1 Textpattern | 2023-04-21 | N/A | 7.2 HIGH |
| An arbitrary file upload vulnerability in the upload plugin of Textpattern v4.8.8 and below allows attackers to execute arbitrary code by uploading a crafted PHP file. | |||||
| CVE-2020-19802 | 1 Doyocms Project | 1 Doyocms | 2023-04-20 | N/A | 9.8 CRITICAL |
| File Upload vulnerability found in Milken DoyoCMS v.2.3 allows a remote attacker to execute arbitrary code via the upload file type parameter. | |||||
| CVE-2023-29621 | 1 Purchase Order Management Project | 1 Purchase Order Management | 2023-04-20 | N/A | 8.8 HIGH |
| Purchase Order Management v1.0 was discovered to contain an arbitrary file upload vulnerability which allows attackers to execute arbitrary code via a crafted file uploaded to the server. | |||||
| CVE-2023-29625 | 1 Employee Performance Evaluation System Project | 1 Employee Performance Evaluation System | 2023-04-20 | N/A | 8.8 HIGH |
| Employee Performance Evaluation System v1.0 was discovered to contain an arbitrary file upload vulnerability which allows attackers to execute arbitrary code via a crafted file uploaded to the server. | |||||
| CVE-2023-29627 | 1 Online Pizza Ordering Project | 1 Online Pizza Ordering | 2023-04-20 | N/A | 8.8 HIGH |
| Online Pizza Ordering v1.0 was discovered to contain an arbitrary file upload vulnerability which allows attackers to execute arbitrary code via a crafted file uploaded to the server. | |||||
| CVE-2021-35532 | 1 Hitachienergy | 2 Txpert Hub Coretec 4, Txpert Hub Coretec 4 Firmware | 2023-04-19 | 7.2 HIGH | 6.7 MEDIUM |
| A vulnerability exists in the file upload validation part of Hitachi Energy TXpert Hub CoreTec 4 product. The vulnerability allows an attacker or malicious agent who manages to gain access to the system and obtain an account with sufficient privilege to upload a malicious firmware to the product. This issue affects: Hitachi Energy TXpert Hub CoreTec 4 version 2.0.0; 2.0.1; 2.1.0; 2.1.1; 2.1.2; 2.1.3; 2.2.0; 2.2.1. | |||||
| CVE-2023-27602 | 1 Apache | 1 Linkis | 2023-04-19 | N/A | 9.8 CRITICAL |
| In Apache Linkis <=1.3.1, The PublicService module uploads files without restrictions on the path to the uploaded files, and file types. We recommend users upgrade the version of Linkis to version 1.3.2. For versions <=1.3.1, we suggest turning on the file path check switch in linkis.properties `wds.linkis.workspace.filesystem.owner.check=true` `wds.linkis.workspace.filesystem.path.check=true` | |||||
| CVE-2023-27179 | 1 Gdidees | 1 Gdidees Cms | 2023-04-17 | N/A | 7.5 HIGH |
| GDidees CMS v3.9.1 and lower was discovered to contain an arbitrary file download vulenrability via the filename parameter at /_admin/imgdownload.php. | |||||
| CVE-2023-1728 | 1 Fernus | 1 Learning Management Systems | 2023-04-17 | N/A | 9.8 CRITICAL |
| Unrestricted Upload of File with Dangerous Type vulnerability in Fernus Informatics LMS allows OS Command Injection, Server Side Include (SSI) Injection.This issue affects LMS: before 23.04.03. | |||||
| CVE-2023-29375 | 1 Progress | 1 Sitefinity | 2023-04-14 | N/A | 9.8 CRITICAL |
| An issue was discovered in Progress Sitefinity 13.3 before 13.3.7647, 14.0 before 14.0.7736, 14.1 before 14.1.7826, 14.2 before 14.2.7930, and 14.3 before 14.3.8025. There is potentially dangerous file upload through the SharePoint connector. | |||||
| CVE-2023-27178 | 1 Gdidees | 1 Gdidees Cms | 2023-04-14 | N/A | 9.8 CRITICAL |
| An arbitrary file upload vulnerability in the upload function of GDidees CMS 3.9.1 allows attackers to execute arbitrary code via a crafted file. | |||||
| CVE-2023-27033 | 1 Cdesigner Project | 1 Cdesigner | 2023-04-13 | N/A | 9.8 CRITICAL |
| Prestashop cdesigner v3.1.3 to v3.1.8 was discovered to contain a code injection vulnerability via the component CdesignerSaverotateModuleFrontController::initContent(). | |||||
| CVE-2023-24720 | 1 Readium | 1 Readium-js | 2023-04-12 | N/A | 9.8 CRITICAL |
| An arbitrary file upload vulnerability in readium-js v0.32.0 allows attackers to execute arbitrary code via uploading a crafted EPUB file. | |||||
| CVE-2023-0670 | 1 Ulearn Project | 1 Ulearn | 2023-04-12 | N/A | 7.2 HIGH |
| Ulearn version a5a7ca20de859051ea0470542844980a66dfc05d allows an attacker with administrator permissions to obtain remote code execution on the server through the image upload functionality. This occurs because the application does not validate that the uploaded image is actually an image. | |||||
| CVE-2023-24530 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2023-04-11 | N/A | 9.1 CRITICAL |
| SAP BusinessObjects Business Intelligence Platform (CMC) - versions 420, 430, allows an authenticated admin user to upload malicious code that can be executed by the application over the network. On successful exploitation, attacker can perform operations that may completely compromise the application causing high impact on confidentiality, integrity and availability of the application. | |||||
| CVE-2023-23851 | 1 Sap | 1 Business Planning And Consolidation | 2023-04-11 | N/A | 5.4 MEDIUM |
| SAP Business Planning and Consolidation - versions 200, 300, allows an attacker with business authorization to upload any files (including web pages) without the proper file format validation. If other users visit the uploaded malicious web page, the attacker may perform actions on behalf of the users without their consent impacting the confidentiality and integrity of the system. | |||||
| CVE-2023-0265 | 1 Uvdesk | 1 Community-skeleton | 2023-04-11 | N/A | 8.8 HIGH |
| Uvdesk version 1.1.1 allows an authenticated remote attacker to execute commands on the server. This is possible because the application does not properly validate profile pictures uploaded by customers. | |||||
| CVE-2023-26857 | 1 Dynamic Transaction Queuing System Project | 1 Dynamic Transaction Queuing System | 2023-04-11 | N/A | 7.2 HIGH |
| An arbitrary file upload vulnerability in /admin/ajax.php?action=save_uploads of Dynamic Transaction Queuing System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. | |||||