Total
2367 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-10934 | 1 Acyba | 1 Acymailing | 2023-02-03 | 6.5 MEDIUM | 7.2 HIGH |
| Acyba AcyMailing before 6.9.2 mishandles file uploads by admins. | |||||
| CVE-2020-36388 | 1 Civicrm | 1 Civicrm | 2023-02-03 | 6.5 MEDIUM | 8.8 HIGH |
| In CiviCRM before 5.21.3 and 5.22.x through 5.24.x before 5.24.3, users may be able to upload and execute a crafted PHAR archive. | |||||
| CVE-2018-3832 | 1 Insteon | 2 Hub 2245-222, Hub 2245-222 Firmware | 2023-02-03 | 8.5 HIGH | 9.0 CRITICAL |
| An exploitable firmware update vulnerability exists in Insteon Hub running firmware version 1013. The HTTP server allows for uploading arbitrary MPFS binaries that could be modified to enable access to hidden resources which allow for uploading unsigned firmware images to the device. To trigger this vulnerability, an attacker can upload an MPFS binary via the '/mpfsupload' HTTP form and later on upload the firmware via a POST request to 'firmware.htm'. | |||||
| CVE-2023-22726 | 1 Act Project | 1 Act | 2023-02-03 | N/A | 8.8 HIGH |
| act is a project which allows for local running of github actions. The artifact server that stores artifacts from Github Action runs does not sanitize path inputs. This allows an attacker to download and overwrite arbitrary files on the host from a Github Action. This issue may lead to privilege escalation. The /upload endpoint is vulnerable to path traversal as filepath is user controlled, and ultimately flows into os.Mkdir and os.Open. The /artifact endpoint is vulnerable to path traversal as the path is variable is user controlled, and the specified file is ultimately returned by the server. This has been addressed in version 0.2.40. Users are advised to upgrade. Users unable to upgrade may, during implementation of Open and OpenAtEnd for FS, ensure to use ValidPath() to check against path traversal or clean the user-provided paths manually. | |||||
| CVE-2022-40037 | 1 Javaweb Blog Project | 1 Javaweb Blog | 2023-02-02 | N/A | 9.8 CRITICAL |
| An issue discovered in Rawchen blog-ssm v1.0 allows remote attacker to escalate privileges and execute arbitrary commands via the component /upFile. | |||||
| CVE-2021-26642 | 2 Microsoft, Xpressengine | 2 Windows, Xpressengine | 2023-02-02 | N/A | 9.8 CRITICAL |
| When uploading an image file to a bulletin board developed with XpressEngine, a vulnerability in which an arbitrary file can be uploaded due to insufficient verification of the file. A remote attacker can use this vulnerability to execute arbitrary code on the server where the bulletin board is running. | |||||
| CVE-2022-40035 | 1 Blog-ssm Project | 1 Blog-ssm | 2023-02-01 | N/A | 8.8 HIGH |
| File Upload Vulnerability found in Rawchen Blog-ssm v1.0 allowing attackers to execute arbitrary commands and gain escalated privileges via the /uploadFileList component. | |||||
| CVE-2022-3478 | 1 Gitlab | 1 Gitlab | 2023-02-01 | N/A | 4.3 MEDIUM |
| An issue has been discovered in GitLab affecting all versions starting from 12.8 before 15.4.6, all versions starting from 15.5 before 15.5.5, all versions starting from 15.6 before 15.6.1. It was possible to trigger a DoS attack by uploading a malicious nuget package. | |||||
| CVE-2022-47042 | 1 Mingsoft | 1 Mcms | 2023-02-01 | N/A | 8.8 HIGH |
| MCMS v5.2.10 and below was discovered to contain an arbitrary file write vulnerability via the component ms/template/writeFileContent.do. | |||||
| CVE-2021-3120 | 1 Yithemes | 1 Yith Woocommerce Gift Cards | 2023-02-01 | 10.0 HIGH | 9.8 CRITICAL |
| An arbitrary file upload vulnerability in the YITH WooCommerce Gift Cards Premium plugin before 3.3.1 for WordPress allows remote attackers to achieve remote code execution on the operating system in the security context of the web server. In order to exploit this vulnerability, an attacker must be able to place a valid Gift Card product into the shopping cart. An uploaded file is placed at a predetermined path on the web server with a user-specified filename and extension. This occurs because the ywgc-upload-picture parameter can have a .php value even though the intention was to only allow uploads of Gift Card images. | |||||
| CVE-2022-40797 | 1 Roxyfileman | 1 Roxy Fileman | 2023-01-31 | N/A | 9.8 CRITICAL |
| Roxy Fileman 1.4.6 allows Remote Code Execution via a .phar upload, because the default FORBIDDEN_UPLOADS value in conf.json only blocks .php, .php4, and .php5 files. (Visiting any .phar file invokes the PHP interpreter in some realistic web-server configurations.) | |||||
| CVE-2018-3758 | 1 Express-cart Project | 1 Express-cart | 2023-01-30 | 9.0 HIGH | 8.8 HIGH |
| Unrestricted file upload (RCE) in express-cart module before 1.1.7 allows a privileged user to gain access in the hosting machine. | |||||
| CVE-2015-3884 | 1 Qdpm | 1 Qdpm | 2023-01-27 | 6.5 MEDIUM | 8.8 HIGH |
| Unrestricted file upload vulnerability in the (1) myAccount, (2) projects, (3) tasks, (4) tickets, (5) discussions, (6) reports, and (7) scheduler pages in qdPM 8.3 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in uploads/attachments/ or uploads/users/. | |||||
| CVE-2022-47766 | 1 Popojicms | 1 Popojicms | 2023-01-25 | N/A | 8.8 HIGH |
| PopojiCMS v2.0.1 backend plugin function has a file upload vulnerability. | |||||
| CVE-2023-22851 | 1 Tiki | 1 Tiki | 2023-01-25 | N/A | 7.2 HIGH |
| Tiki before 24.2 allows lib/importer/tikiimporter_blog_wordpress.php PHP Object Injection by an admin because of an unserialize call. | |||||
| CVE-2019-13359 | 1 Control-webpanel | 1 Webpanel | 2023-01-24 | 8.5 HIGH | 7.5 HIGH |
| In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.836, a cwpsrv-xxx cookie allows a normal user to craft and upload a session file to the /tmp directory, and use it to become the root user. | |||||
| CVE-2022-42287 | 1 Nvidia | 2 Bmc, Dgx A100 | 2023-01-24 | N/A | 7.8 HIGH |
| NVIDIA BMC contains a vulnerability in IPMI handler, where an authorized attacker can upload and download arbitrary files under certain circumstances, which may lead to denial of service, escalation of privileges, information disclosure and data tampering. | |||||
| CVE-2020-15645 | 1 Marvell | 1 Qconvergeconsole | 2023-01-24 | 9.0 HIGH | 8.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole 5.5.0.64. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the getFileFromURL method of the GWTTestServiceImpl class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-10553. | |||||
| CVE-2022-0863 | 1 Wp Svg Icons Project | 1 Wp Svg Icons | 2023-01-19 | 6.5 MEDIUM | 7.2 HIGH |
| The WP SVG Icons WordPress plugin through 3.2.3 does not properly validate uploaded custom icon packs, allowing an high privileged user like an admin to upload a zip file containing malicious php code, leading to remote code execution. | |||||
| CVE-2022-46610 | 1 72crm | 1 Wukong Crm | 2023-01-14 | N/A | 8.8 HIGH |
| 72crm v9 was discovered to contain an arbitrary file upload vulnerability via the avatar upload function. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. | |||||