Total
2367 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-12803 | 1 Hunesion | 1 I-onenet | 2023-02-28 | 10.0 HIGH | 9.8 CRITICAL |
| In Hunesion i-oneNet version 3.0.7 ~ 3.0.53 and 4.0.4 ~ 4.0.16, the specific upload web module doesn't verify the file extension and type, and an attacker can upload a webshell. After the webshell upload, an attacker can use the webshell to perform remote code exection such as running a system command. | |||||
| CVE-2016-10954 | 1 Dynamicpress | 1 Neosense | 2023-02-23 | 7.5 HIGH | 9.8 CRITICAL |
| The Neosense theme before 1.8 for WordPress has qquploader unrestricted file upload. | |||||
| CVE-2023-24646 | 1 Online Food Ordering System Project | 1 Online Food Ordering System | 2023-02-23 | N/A | 9.8 CRITICAL |
| An arbitrary file upload vulnerability in the component /fos/admin/ajax.php of Food Ordering System v2.0 allows attackers to execute arbitrary code via a crafted PHP file. | |||||
| CVE-2022-45527 | 1 Institutional Management Website Project | 1 Institutional Management Website | 2023-02-18 | N/A | 9.8 CRITICAL |
| File upload vulnerability in Future-Depth Institutional Management Website (IMS) 1.0, allows unauthorized attackers to directly upload malicious files to the courseimg directory. | |||||
| CVE-2012-1592 | 1 Apache | 1 Struts | 2023-02-13 | 6.5 MEDIUM | 8.8 HIGH |
| A local code execution issue exists in Apache Struts2 when processing malformed XSLT files, which could let a malicious user upload and execute arbitrary files. | |||||
| CVE-2021-34427 | 1 Eclipse | 1 Business Intelligence And Reporting Tools | 2023-02-11 | 7.5 HIGH | 9.8 CRITICAL |
| In Eclipse BIRT versions 4.8.0 and earlier, an attacker can use query parameters to create a JSP file which is accessible from remote (current BIRT viewer dir) to inject JSP code into the running instance. | |||||
| CVE-2021-36426 | 1 Phpwcms | 1 Phpwcms | 2023-02-10 | N/A | 8.8 HIGH |
| File Upload vulnerability in phpwcms 1.9.25 allows remote attackers to run arbitrary code via crafted file upload to include/inc_lib/general.inc.php. | |||||
| CVE-2020-12077 | 1 Mappresspro | 1 Mappress | 2023-02-09 | 6.5 MEDIUM | 8.8 HIGH |
| The mappress-google-maps-for-wordpress plugin before 2.53.9 for WordPress does not correctly implement AJAX functions with nonces (or capability checks), leading to remote code execution. | |||||
| CVE-2020-12675 | 1 Mappresspro | 1 Mappress | 2023-02-09 | 6.5 MEDIUM | 8.8 HIGH |
| The mappress-google-maps-for-wordpress plugin before 2.54.6 for WordPress does not correctly implement capability checks for AJAX functions related to creation/retrieval/deletion of PHP template files, leading to Remote Code Execution. NOTE: this issue exists because of an incomplete fix for CVE-2020-12077. | |||||
| CVE-2022-0537 | 1 Mappresspro | 1 Mappress | 2023-02-09 | 6.5 MEDIUM | 7.2 HIGH |
| The MapPress Maps for WordPress plugin before 2.73.13 allows a high privileged user to bypass the DISALLOW_FILE_EDIT and DISALLOW_FILE_MODS settings and upload arbitrary files to the site through the "ajax_save" function. The file is written relative to the current 's stylesheet directory, and a .php file extension is added. No validation is performed on the content of the file, triggering an RCE vulnerability by uploading a web shell. Further the name parameter is not sanitized, allowing the payload to be uploaded to any directory to which the server has write access. | |||||
| CVE-2022-42971 | 2 Microsoft, Schneider-electric | 8 Windows 10, Windows 11, Windows 7 and 5 more | 2023-02-08 | N/A | 9.8 CRITICAL |
| A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists that could cause remote code execution when the attacker uploads a malicious JSP file. Affected Products: APC Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GA), APC Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 - Versions prior to V2.5-GA-01-22261), Schneider Electric Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GS), Schneider Electric Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 - Versions prior to V2.5-GS-01-22261) | |||||
| CVE-2023-24610 | 1 Nosh Chartingsystem Project | 1 Nosh Chartingsystem | 2023-02-08 | N/A | 8.8 HIGH |
| NOSH 4a5cfdb allows remote authenticated users to execute PHP arbitrary code via the "practice logo" upload feature. The client-side checks can be bypassed. This may allow attackers to steal Protected Health Information because the product is for health charting. | |||||
| CVE-2022-47854 | 1 I-librarian | 1 I-librarian | 2023-02-08 | N/A | 9.8 CRITICAL |
| i-librarian 4.10 is vulnerable to Arbitrary file upload in ajaxsupplement.php. | |||||
| CVE-2023-23135 | 1 Ftdms Project | 1 Ftdms | 2023-02-08 | N/A | 7.2 HIGH |
| An arbitrary file upload vulnerability in Ftdms v3.1.6 allows attackers to execute arbitrary code via uploading a crafted JPG file. | |||||
| CVE-2022-47769 | 1 Serinf | 1 Fast Checkin | 2023-02-08 | N/A | 9.8 CRITICAL |
| An arbitrary file write vulnerability in Serenissima Informatica Fast Checkin v1.0 allows unauthenticated attackers to upload malicious files in the web root of the application to gain access to the server via the web shell. | |||||
| CVE-2022-48006 | 1 Taogogo | 1 Taocms | 2023-02-07 | N/A | 9.8 CRITICAL |
| An arbitrary file upload vulnerability in taocms v3.0.2 allows attackers to execute arbitrary code via a crafted PHP file. This vulnerability is exploited via manipulation of the upext variable at /include/Model/Upload.php. | |||||
| CVE-2022-43979 | 1 Pandorafms | 1 Pandora Fms | 2023-02-06 | N/A | 9.8 CRITICAL |
| There is a Path Traversal that leads to a Local File Inclusion in Pandora FMS v764. A function is called to check that the parameter that the user has inserted does not contain malicious characteres, but this check is insufficient. An attacker could insert an absolute path to overcome the heck, thus being able to incluse any PHP file that resides on the disk. The exploitation of this vulnerability could lead to a remote code execution. | |||||
| CVE-2022-48008 | 1 Limesurvey | 1 Limesurvey | 2023-02-04 | N/A | 9.8 CRITICAL |
| An arbitrary file upload vulnerability in the plugin manager of LimeSurvey v5.4.15 allows attackers to execute arbitrary code via a crafted PHP file. | |||||
| CVE-2020-10963 | 1 Frozennode | 1 Laravel-administrator | 2023-02-03 | 6.5 MEDIUM | 7.2 HIGH |
| FrozenNode Laravel-Administrator through 5.0.12 allows unrestricted file upload (and consequently Remote Code Execution) via admin/tips_image/image/file_upload image upload with PHP content within a GIF image that has the .php extension. NOTE: this product is discontinued. | |||||
| CVE-2019-4292 | 1 Ibm | 1 Security Guardium | 2023-02-03 | 6.5 MEDIUM | 8.8 HIGH |
| IBM Security Guardium 10.5 could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable web server. IBM X-Force ID: 160698. | |||||