Total
2367 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-24239 | 1 Aceware | 1 Aceweb Online Portal | 2022-06-11 | 7.5 HIGH | 9.8 CRITICAL |
| ACEweb Online Portal 3.5.065 was discovered to contain an unrestricted file upload vulnerability via attachments.awp. | |||||
| CVE-2022-30506 | 1 Mingsoft | 1 Mcms | 2022-06-10 | 7.5 HIGH | 9.8 CRITICAL |
| An arbitrary file upload vulnerability was discovered in MCMS 5.2.7, allowing an attacker to execute arbitrary code through a crafted ZIP file. | |||||
| CVE-2022-30819 | 1 Wedding Management System Project | 1 Wedding Management System | 2022-06-10 | 6.5 MEDIUM | 8.8 HIGH |
| In Wedding Management System v1.0, there is an arbitrary file upload vulnerability in the picture upload point of "photos_edit.php" file. | |||||
| CVE-2022-30820 | 1 Wedding Management System Project | 1 Wedding Management System | 2022-06-10 | 6.5 MEDIUM | 8.8 HIGH |
| In Wedding Management v1.0, there is an arbitrary file upload vulnerability in the picture upload point of "users_edit.php" file. | |||||
| CVE-2022-30821 | 1 Wedding Management System Project | 1 Wedding Management System | 2022-06-10 | 6.5 MEDIUM | 8.8 HIGH |
| In Wedding Management System v1.0, the editing function of the "Services" module in the background management system has an arbitrary file upload vulnerability in the picture upload point of "package_edit.php" file. | |||||
| CVE-2022-30822 | 1 Wedding Management System Project | 1 Wedding Management System | 2022-06-10 | 6.5 MEDIUM | 8.8 HIGH |
| In Wedding Management System v1.0, there is an arbitrary file upload vulnerability in the picture upload point of "users_profile.php" file. | |||||
| CVE-2022-30808 | 1 Elitecms | 1 Elite Cms | 2022-06-10 | 7.5 HIGH | 9.8 CRITICAL |
| elitecms 1.0.1 is vulnerable to Arbitrary code execution via admin/manage_uploads.php. | |||||
| CVE-2022-29725 | 1 Creatiwity | 1 Witycms | 2022-06-10 | 6.5 MEDIUM | 8.8 HIGH |
| An arbitrary file upload in the image upload component of wityCMS v0.6.2 allows attackers to execute arbitrary code via a crafted PHP file. | |||||
| CVE-2022-30423 | 1 Merchandise Online Store Project | 1 Merchandise Online Store | 2022-06-10 | 7.5 HIGH | 9.8 CRITICAL |
| Merchandise Online Store v1.0 by oretnom23 has an arbitrary code execution (RCE) vulnerability in the user profile upload point in the system information. | |||||
| CVE-2021-33615 | 1 Rsa | 1 Archer | 2022-06-09 | 8.5 HIGH | 7.5 HIGH |
| RSA Archer 6.8.00500.1003 P5 allows Unrestricted Upload of a File with a Dangerous Type. | |||||
| CVE-2022-29637 | 1 Iminho | 1 Mindoc | 2022-06-08 | 6.8 MEDIUM | 7.8 HIGH |
| An arbitrary file upload vulnerability in Mindoc v2.1-beta.5 allows attackers to execute arbitrary commands via a crafted Zip file. | |||||
| CVE-2022-29632 | 1 Roncoo | 1 Roncoo-education | 2022-06-08 | 7.5 HIGH | 9.8 CRITICAL |
| An arbitrary file upload vulnerability in the component /course/api/upload/pic of Roncoo Education v9.0.0 allows attackers to execute arbitrary code via a crafted file. | |||||
| CVE-2022-28062 | 1 Online Car Rental System Project | 1 Online Car Rental System | 2022-06-05 | 6.5 MEDIUM | 8.8 HIGH |
| Car Rental System v1.0 contains an arbitrary file upload vulnerability via the Add Car component which allows attackers to upload a webshell and execute arbitrary code. | |||||
| CVE-2021-42654 | 1 Sscms | 1 Siteserver Cms | 2022-06-03 | 7.5 HIGH | 9.8 CRITICAL |
| SiteServer CMS < V5.1 is affected by an unrestricted upload of a file with dangerous type (getshell), which could be used to execute arbitrary code. | |||||
| CVE-2022-1837 | 1 Home Clean Services Management System Project | 1 Home Clean Services Management System | 2022-06-02 | 6.5 MEDIUM | 7.2 HIGH |
| A vulnerability was found in Home Clean Services Management System 1.0. It has been rated as critical. Affected by this issue is register.php?link=registerand. The manipulation with the input <?php phpinfo();?> leads to code execution. The attack may be launched remotely but demands an authentication. Exploit details have been disclosed to the public. | |||||
| CVE-2022-28104 | 2 Apple, Foxit | 2 Iphone Os, Pdf Editor | 2022-06-02 | 7.5 HIGH | 9.8 CRITICAL |
| Foxit PDF Editor v11.3.1 was discovered to contain an arbitrary file upload vulnerability. | |||||
| CVE-2022-28927 | 1 Subconverter Project | 1 Subconverter | 2022-05-26 | 7.5 HIGH | 9.8 CRITICAL |
| A remote code execution (RCE) vulnerability in Subconverter v0.7.2 allows attackers to execute arbitrary code via crafted config and url parameters. | |||||
| CVE-2022-1752 | 1 Trudesk Project | 1 Trudesk | 2022-05-26 | 6.0 MEDIUM | 8.0 HIGH |
| Unrestricted Upload of File with Dangerous Type in GitHub repository polonel/trudesk prior to 1.2.2. | |||||
| CVE-2022-30887 | 1 Pharmacy Management System Project | 1 Pharmacy Management System | 2022-05-26 | 7.5 HIGH | 9.8 CRITICAL |
| Pharmacy Management System v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the component /php_action/editProductImage.php. This vulnerability allows attackers to execute arbitrary code via a crafted image file. | |||||
| CVE-2021-41938 | 1 Shopxo | 1 Shopxo | 2022-05-26 | 6.5 MEDIUM | 7.2 HIGH |
| An issue was discovered in ShopXO CMS 2.2.0. After entering the management page, there is an arbitrary file upload vulnerability in three locations. | |||||