Total
2367 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-41711 | 1 Uatech | 1 Badaso | 2022-10-28 | N/A | 9.8 CRITICAL |
| Badaso version 2.6.0 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application does not properly validate the data uploaded by users. | |||||
| CVE-2022-34115 | 1 Dataease Project | 1 Dataease | 2022-10-27 | N/A | 9.8 CRITICAL |
| DataEase v1.11.1 was discovered to contain a arbitrary file write vulnerability via the parameter dataSourceId. | |||||
| CVE-2021-41178 | 1 Nextcloud | 1 Server | 2022-10-25 | 4.0 MEDIUM | 6.5 MEDIUM |
| Nextcloud is an open-source, self-hosted productivity platform. Prior to versions 20.0.13, 21.0.5, and 22.2.0, a file traversal vulnerability makes an attacker able to download arbitrary SVG images from the host system, including user provided files. This could also be leveraged into a XSS/phishing attack, an attacker could upload a malicious SVG file that mimics the Nextcloud login form and send a specially crafted link to victims. The XSS risk here is mitigated due to the fact that Nextcloud employs a strict Content-Security-Policy disallowing execution of arbitrary JavaScript. It is recommended that the Nextcloud Server be upgraded to 20.0.13, 21.0.5 or 22.2.0. There are no known workarounds aside from upgrading. | |||||
| CVE-2021-24252 | 1 Wp-eventmanager | 1 Event Banner | 2022-10-25 | 6.5 MEDIUM | 7.2 HIGH |
| The Event Banner WordPress plugin through 1.3 does not verify the uploaded image file, allowing admin accounts to upload arbitrary files, such as .exe, .php, or others executable, leading to RCE. Due to the lack of CSRF check, the issue can also be used via such vector to achieve the same result, or via a LFI as authorisation checks are missing (but would require WP to be loaded) | |||||
| CVE-2021-24620 | 1 Simple-e-commerce-shopping-cart Project | 1 Simple-e-commerce-shopping-cart | 2022-10-25 | 6.8 MEDIUM | 8.8 HIGH |
| The WordPress Simple Ecommerce Shopping Cart Plugin- Sell products through Paypal plugin through 2.2.5 does not check for the uploaded Downloadable Digital product file, allowing any file, such as PHP to be uploaded by an administrator. Furthermore, as there is no CSRF in place, attackers could also make a logged admin upload a malicious PHP file, which would lead to RCE | |||||
| CVE-2021-24947 | 1 Thinkupthemes | 1 Responsive Vector Maps | 2022-10-25 | 4.0 MEDIUM | 6.5 MEDIUM |
| The RVM WordPress plugin before 6.4.2 does not have proper authorisation, CSRF checks and validation of the rvm_upload_regions_file_path parameter in the rvm_import_regions AJAX action, allowing any authenticated user, such as subscriber, to read arbitrary files on the web server | |||||
| CVE-2021-25003 | 1 Wptaskforce | 1 Wpcargo Track \& Trace | 2022-10-25 | 7.5 HIGH | 9.8 CRITICAL |
| The WPCargo Track & Trace WordPress plugin before 6.9.0 contains a file which could allow unauthenticated attackers to write a PHP file anywhere on the web server, leading to RCE | |||||
| CVE-2022-39305 | 1 Gin-vue-admin Project | 1 Gin-vue-admin | 2022-10-24 | N/A | 9.8 CRITICAL |
| Gin-vue-admin is a backstage management system based on vue and gin, which separates the front and rear of the full stack. Versions prior to 2.5.4 contain a file upload ability. The affected code fails to validate fileMd5 and fileName parameters, resulting in an arbitrary file being read. This issue is patched in 2.5.4b. There are no known workarounds. | |||||
| CVE-2021-24171 | 1 Woocommerce | 1 Upload Files | 2022-10-24 | 7.5 HIGH | 9.8 CRITICAL |
| The WooCommerce Upload Files WordPress plugin before 59.4 ran a single sanitization pass to remove blocked extensions such as .php. It was possible to bypass this and upload a file with a PHP extension by embedding a "blocked" extension within another "blocked" extension in the "wcuf_file_name" parameter. It was also possible to perform a double extension attack and upload files to a different location via path traversal using the "wcuf_current_upload_session_id" parameter. | |||||
| CVE-2021-22858 | 1 Changjia Property Management System Project | 1 Changjia Property Management System | 2022-10-24 | 6.5 MEDIUM | 8.8 HIGH |
| Attackers can access the CGE account management function without privilege for permission elevation and execute arbitrary commands or files after obtaining user permissions. | |||||
| CVE-2022-42189 | 1 Emlog | 1 Emlog | 2022-10-22 | N/A | 7.2 HIGH |
| Emlog Pro 1.6.0 plugins upload suffers from a remote code execution (RCE) vulnerability. | |||||
| CVE-2019-7669 | 1 Primasystems | 1 Flexair | 2022-10-21 | 9.0 HIGH | 8.8 HIGH |
| Prima Systems FlexAir, Versions 2.3.38 and prior. Improper validation of file extensions when uploading files could allow a remote authenticated attacker to upload and execute malicious applications within the application’s web root with root privileges. | |||||
| CVE-2022-42198 | 1 Simple Exam Reviewer Management System Project | 1 Simple Exam Reviewer Management System | 2022-10-21 | N/A | 8.8 HIGH |
| In Simple Exam Reviewer Management System v1.0 the User List function suffers from insecure file upload. | |||||
| CVE-2022-42201 | 1 Simple Exam Reviewer Management System Project | 1 Simple Exam Reviewer Management System | 2022-10-21 | N/A | 7.2 HIGH |
| Simple Exam Reviewer Management System v1.0 is vulnerable to Insecure file upload. | |||||
| CVE-2021-41290 | 1 Ecoa | 5 Ecs Router Controller-ecs, Ecs Router Controller-ecs Firmware, Riskbuster and 2 more | 2022-10-21 | 10.0 HIGH | 9.8 CRITICAL |
| ECOA BAS controller suffers from an arbitrary file write and path traversal vulnerability. Using the POST parameters, unauthenticated attackers can remotely set arbitrary values for location and content type and gain the possibility to execute arbitrary code on the affected device. | |||||
| CVE-2022-31366 | 1 Eve-ng | 1 Eve-ng | 2022-10-21 | N/A | 7.2 HIGH |
| An arbitrary file upload vulnerability in the apiImportLabs function in api_labs.php of EVE-NG 2.0.3-112 Community allows attackers to execute arbitrary code via a crafted UNL file. | |||||
| CVE-2020-27387 | 1 Horizontcms Project | 1 Horizontcms | 2022-10-19 | 6.5 MEDIUM | 8.8 HIGH |
| An unrestricted file upload issue in HorizontCMS through 1.0.0-beta allows an authenticated remote attacker (with access to the FileManager) to upload and execute arbitrary PHP code by uploading a PHP payload, and then using the FileManager's rename function to provide the payload (which will receive a random name on the server) with the PHP extension, and finally executing the PHP file via an HTTP GET request to /storage/<php_file_name>. NOTE: the vendor has patched this while leaving the version number at 1.0.0-beta. | |||||
| CVE-2022-42154 | 1 74cms | 1 74cmsse | 2022-10-19 | N/A | 9.8 CRITICAL |
| An arbitrary file upload vulnerability in the component /apiadmin/upload/attach of 74cmsSE v3.13.0 allows attackers to execute arbitrary code via a crafted PHP file. | |||||
| CVE-2022-42029 | 1 Chamilo | 1 Chamilo | 2022-10-19 | N/A | 8.8 HIGH |
| Chamilo 1.11.16 is affected by an authenticated local file inclusion vulnerability which allows authenticated users with access to 'big file uploads' to copy/move files from anywhere in the file system into the web directory. | |||||
| CVE-2022-41537 | 1 Online Tours \& Travels Management System Project | 1 Online Tours \& Travels Management System | 2022-10-19 | N/A | 7.2 HIGH |
| Online Tours & Travels Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via the component /user_operations/profile.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. | |||||