Total
2367 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-1411 | 1 Yetiforce | 1 Yetiforce Customer Relationship Management | 2022-05-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| Unrestructed file upload in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0. Attacker can send malicious files to the victims is able to retrieve the stored data from the web application without that data being made safe to render in the browser and steals victim's cookie leads to account takeover. | |||||
| CVE-2022-28568 | 1 Simple Doctor\'s Appointment System Project | 1 Simple Doctor\'s Appointment System | 2022-05-12 | 7.5 HIGH | 9.8 CRITICAL |
| Sourcecodester Doctor's Appointment System 1.0 is vulnerable to File Upload to RCE via Image upload from the administrator panel. An attacker can obtain remote command execution just by knowing the path where the images are stored. | |||||
| CVE-2022-29451 | 1 Rarathemes | 1 Rara One Click Demo Import | 2022-05-11 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) leading to Arbitrary File Upload vulnerability in Rara One Click Demo Import plugin <= 1.2.9 on WordPress allows attackers to trick logged-in admin users into uploading dangerous files into /wp-content/uploads/ directory. | |||||
| CVE-2022-29001 | 1 Springbootmovie Project | 1 Springbootmovie | 2022-05-10 | 6.5 MEDIUM | 7.2 HIGH |
| In SpringBootMovie <=1.2, the uploaded file suffix parameter is not filtered, resulting in arbitrary file upload vulnerability | |||||
| CVE-2022-1273 | 1 Importwp | 1 Import Wp | 2022-05-10 | 6.5 MEDIUM | 7.2 HIGH |
| The Import WP WordPress plugin before 2.4.6 does not validate the imported file in some cases, allowing high privilege users such as admin to upload arbitrary files (such as PHP), leading to RCE | |||||
| CVE-2021-43934 | 1 Smartptt | 1 Smartptt Scada | 2022-05-09 | 7.5 HIGH | 9.8 CRITICAL |
| Elcomplus SmartPTT is vulnerable as the backup and restore system does not adequately validate upload requests, enabling a malicious user to potentially upload arbitrary files. | |||||
| CVE-2021-26628 | 2 Linux, Maxb | 2 Linux Kernel, Maxboard | 2022-05-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| Insufficient script validation of the admin page enables XSS, which causes unauthorized users to steal admin privileges. When uploading file in a specific menu, the verification of the files is insufficient. It allows remote attackers to upload arbitrary files disguising them as image files. | |||||
| CVE-2022-27468 | 1 Monstaftp | 1 Monsta Ftp | 2022-05-05 | 7.5 HIGH | 9.8 CRITICAL |
| Monstaftp v2.10.3 was discovered to contain an arbitrary file upload which allows attackers to execute arbitrary code via a crafted file uploaded to the web server. | |||||
| CVE-2022-28528 | 1 Bloofox | 1 Bloofoxcms | 2022-05-05 | 6.5 MEDIUM | 8.8 HIGH |
| bloofoxCMS v0.5.2.1 was discovered to contain an arbitrary file upload vulnerability via /admin/index.php?mode=content&page=media&action=edit. | |||||
| CVE-2022-28053 | 1 Typemill | 1 Typemill | 2022-05-05 | 6.5 MEDIUM | 8.8 HIGH |
| Typemill v1.5.3 was discovered to contain an arbitrary file upload vulnerability via the upload function. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. | |||||
| CVE-2022-22392 | 1 Ibm | 1 Planning Analytics Workspace | 2022-05-05 | 6.8 MEDIUM | 7.8 HIGH |
| IBM Planning Analytics Local 2.0 could allow an attacker to upload arbitrary executable files which, when executed by an unsuspecting victim could result in code execution. IBM X-Force ID: 222066. | |||||
| CVE-2022-28525 | 1 Ed01-cms Project | 1 Ed01-cms | 2022-05-04 | 6.5 MEDIUM | 8.8 HIGH |
| ED01-CMS v20180505 was discovered to contain an arbitrary file upload vulnerability via /admin/users.php?source=edit_user&id=1. | |||||
| CVE-2021-39040 | 1 Ibm | 1 Planning Analytics Workspace | 2022-05-03 | 6.0 MEDIUM | 8.0 HIGH |
| IBM Planning Analytics Workspace 2.0 could be vulnerable to malicious file upload by not validating the file types or sizes. Attackers can make use of this weakness and upload malicious executable files into the system and it can be sent to victim for performing further attacks. IBM X-Force ID: 214025. | |||||
| CVE-2021-4225 | 2 Microsoft, Smartypantsplugins | 2 Windows, Sp Project \& Document Manager | 2022-05-03 | 6.5 MEDIUM | 8.8 HIGH |
| The SP Project & Document Manager WordPress plugin before 4.24 allows any authenticated users, such as subscribers, to upload files. The plugin attempts to prevent PHP and other similar files that could be executed on the server from being uploaded by checking the file extension. It was discovered that on Windows servers, the security checks in place were insufficient, enabling bad actors to potentially upload backdoors on vulnerable sites. | |||||
| CVE-2019-15813 | 1 Sentrifugo | 1 Sentrifugo | 2022-05-03 | 6.5 MEDIUM | 8.8 HIGH |
| Multiple file upload restriction bypass vulnerabilities in Sentrifugo 3.2 could allow authenticated users to execute arbitrary code via a webshell. | |||||
| CVE-2022-28440 | 1 Ucms Project | 1 Ucms | 2022-05-02 | 6.5 MEDIUM | 8.8 HIGH |
| An arbitrary file upload vulnerability in UCMS v1.6 allows attackers to execute arbitrary code via a crafted PHP file. | |||||
| CVE-2019-10869 | 1 Ninjaforms | 1 Ninja Forms File Uploads | 2022-05-02 | 6.8 MEDIUM | 8.1 HIGH |
| Path Traversal and Unrestricted File Upload exists in the Ninja Forms plugin before 3.0.23 for WordPress (when the Uploads add-on is activated). This allows an attacker to traverse the file system to access files and execute code via the includes/fields/upload.php (aka upload/submit page) name and tmp_name parameters. | |||||
| CVE-2022-24262 | 1 Voipmonitor | 1 Voipmonitor | 2022-04-30 | 6.5 MEDIUM | 8.8 HIGH |
| The config restore function of Voipmonitor GUI before v24.96 does not properly check files sent as restore archives, allowing remote attackers to execute arbitrary commands via a crafted file in the web root. | |||||
| CVE-2021-30118 | 1 Kaseya | 1 Vsa | 2022-04-29 | 10.0 HIGH | 9.8 CRITICAL |
| An attacker can upload files with the privilege of the Web Server process for Kaseya VSA Unified Remote Monitoring & Management (RMM) 9.5.4.2149 and subsequently use these files to execute asp commands The api /SystemTab/uploader.aspx is vulnerable to an unauthenticated arbitrary file upload leading to RCE. An attacker can upload files with the privilege of the Web Server process and subsequently use these files to execute asp commands. Detailed description --- Given the following request: ``` POST /SystemTab/uploader.aspx?Filename=shellz.aspx&PathData=C%3A%5CKaseya%5CWebPages%5C&__RequestValidationToken=ac1906a5-d511-47e3-8500-47cc4b0ec219&qqfile=shellz.aspx HTTP/1.1 Host: 192.168.1.194 Cookie: sessionId=92812726; %5F%5FRequestValidationToken=ac1906a5%2Dd511%2D47e3%2D8500%2D47cc4b0ec219 Content-Length: 12 <%@ Page Language="C#" Debug="true" validateRequest="false" %> <%@ Import namespace="System.Web.UI.WebControls" %> <%@ Import namespace="System.Diagnostics" %> <%@ Import namespace="System.IO" %> <%@ Import namespace="System" %> <%@ Import namespace="System.Data" %> <%@ Import namespace="System.Data.SqlClient" %> <%@ Import namespace="System.Security.AccessControl" %> <%@ Import namespace="System.Security.Principal" %> <%@ Import namespace="System.Collections.Generic" %> <%@ Import namespace="System.Collections" %> <script runat="server"> private const string password = "pass"; // The password ( pass ) private const string style = "dark"; // The style ( light / dark ) protected void Page_Load(object sender, EventArgs e) { //this.Remote(password); this.Login(password); this.Style(); this.ServerInfo(); <snip> ``` The attacker can control the name of the file written via the qqfile parameter and the location of the file written via the PathData parameter. Even though the call requires that a sessionId cookie is passed we have determined that the sessionId is not actually validated and any numeric value is accepted as valid. Security issues discovered --- * a sessionId cookie is required by /SystemTab/uploader.aspx, but is not actually validated, allowing an attacker to bypass authentication * /SystemTab/uploader.aspx allows an attacker to create a file with arbitrary content in any place the webserver has write access * The web server process has write access to the webroot where the attacker can execute it by requesting the URL of the newly created file. Impact --- This arbitrary file upload allows an attacker to place files of his own choosing on any location on the hard drive of the server the webserver process has access to, including (but not limited to) the webroot. If the attacker uploads files with code to the webroot (e.g. aspx code) he can then execute this code in the context of the webserver to breach either the integrity, confidentiality, or availability of the system or to steal credentials of other users. In other words, this can lead to a full system compromise. | |||||
| CVE-2021-36356 | 1 Kramerav | 1 Viaware | 2022-04-29 | 10.0 HIGH | 9.8 CRITICAL |
| KRAMER VIAware through August 2021 allows remote attackers to execute arbitrary code because ajaxPages/writeBrowseFilePathAjax.php accepts arbitrary executable pathnames (even though browseSystemFiles.php is no longer reachable via the GUI). NOTE: this issue exists because of an incomplete fix for CVE-2019-17124. | |||||