Total
2367 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-1008 | 1 Ocdi | 1 One Click Demo Import | 2022-04-15 | 6.5 MEDIUM | 7.2 HIGH |
| The One Click Demo Import WordPress plugin before 3.1.0 does not validate the imported file, allowing high privilege users such as admin to upload arbitrary files (such as PHP) even when FILE_MODS and FILE_EDIT are disallowed | |||||
| CVE-2022-1045 | 1 Trudesk Project | 1 Trudesk | 2022-04-15 | 3.5 LOW | 5.4 MEDIUM |
| Stored XSS viva .svg file upload in GitHub repository polonel/trudesk prior to v1.2.0. | |||||
| CVE-2022-27477 | 1 Newbee-mall Project | 1 Newbee-mall | 2022-04-15 | 7.5 HIGH | 9.8 CRITICAL |
| Newbee-Mall v1.0.0 was discovered to contain an arbitrary file upload via the Upload function at /admin/goods/edit. | |||||
| CVE-2022-27131 | 1 Zbzcms | 1 Zbzcms | 2022-04-14 | 7.5 HIGH | 9.8 CRITICAL |
| An arbitrary file upload vulnerability at /zbzedit/php/zbz.php in zbzcms v1.0 allows attackers to execute arbitrary code via a crafted PHP file. | |||||
| CVE-2022-27129 | 1 Zbzcms | 1 Zbzcms | 2022-04-14 | 7.5 HIGH | 9.8 CRITICAL |
| An arbitrary file upload vulnerability at /admin/ajax.php in zbzcms v1.0 allows attackers to execute arbitrary code via a crafted PHP file. | |||||
| CVE-2021-46367 | 1 Ritecms | 1 Ritecms | 2022-04-14 | 9.0 HIGH | 7.2 HIGH |
| RiteCMS version 3.1.0 and below suffers from a remote code execution vulnerability in the admin panel. An authenticated attacker can upload a PHP file and bypass the .htacess configuration to deny execution of .php files in media and files directory by default. | |||||
| CVE-2022-27352 | 1 Simple House Rental System Project | 1 Simple House Rental System | 2022-04-14 | 6.5 MEDIUM | 8.8 HIGH |
| Simple House Rental System v1 was discovered to contain an arbitrary file upload vulnerability via /app/register.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. | |||||
| CVE-2022-27357 | 1 Ecommerce-website Project | 1 Ecommerce-website | 2022-04-14 | 7.5 HIGH | 9.8 CRITICAL |
| Ecommerce-Website v1 was discovered to contain an arbitrary file upload vulnerability via /customer_register.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. | |||||
| CVE-2022-27064 | 1 Musical World Project | 1 Musical World | 2022-04-14 | 6.5 MEDIUM | 8.8 HIGH |
| Musical World v1 was discovered to contain an arbitrary file upload vulnerability via uploaded_songs.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. | |||||
| CVE-2022-27346 | 1 Ecommerce-website Project | 1 Ecommerce-website | 2022-04-14 | 6.5 MEDIUM | 8.8 HIGH |
| Ecommece-Website v1.1.0 was discovered to contain an arbitrary file upload vulnerability via /admin/index.php?slides. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. | |||||
| CVE-2022-27349 | 1 Socialcodia | 1 Social Codia Sms | 2022-04-14 | 6.5 MEDIUM | 7.2 HIGH |
| Social Codia SMS v1 was discovered to contain an arbitrary file upload vulnerability via addteacher.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. | |||||
| CVE-2022-27061 | 1 Aerocms Project | 1 Aerocms | 2022-04-13 | 6.5 MEDIUM | 7.2 HIGH |
| AeroCMS v0.0.1 was discovered to contain an arbitrary file upload vulnerability via the Post Image function under the Admin panel. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. | |||||
| CVE-2022-26627 | 1 Online Project Time Management System Project | 1 Online Project Time Management System | 2022-04-13 | 6.8 MEDIUM | 8.8 HIGH |
| Online Project Time Management System v1.0 was discovered to contain an arbitrary file write vulnerability which allows attackers to execute arbitrary code via a crafted HTML file. | |||||
| CVE-2021-43421 | 1 Std42 | 1 Elfinder | 2022-04-13 | 7.5 HIGH | 9.8 CRITICAL |
| A File Upload vulnerability exists in Studio-42 elFinder 2.0.4 to 2.1.59 via connector.minimal.php, which allows a remote malicious user to upload arbitrary files and execute PHP code. | |||||
| CVE-2022-26607 | 1 Baigo | 1 Baigo Cms | 2022-04-13 | 6.5 MEDIUM | 7.2 HIGH |
| A remote code execution (RCE) vulnerability in baigo CMS v3.0-alpha-2 was discovered to allow attackers to execute arbitrary code via uploading a crafted PHP file. | |||||
| CVE-2022-26605 | 1 Dascomsoft | 1 Eziosuite | 2022-04-13 | 6.5 MEDIUM | 8.8 HIGH |
| eZiosuite v2.0.7 contains an authenticated arbitrary file upload via the Avatar upload functionality. | |||||
| CVE-2021-43936 | 1 Webhmi | 2 Webhmi, Webhmi Firmware | 2022-04-12 | 10.0 HIGH | 9.8 CRITICAL |
| The software allows the attacker to upload or transfer files of dangerous types to the WebHMI portal, that may be automatically processed within the product's environment or lead to arbitrary code execution. | |||||
| CVE-2022-0440 | 1 Catchplugins | 1 Catch Themes Demo Import | 2022-04-12 | 6.5 MEDIUM | 7.2 HIGH |
| The Catch Themes Demo Import WordPress plugin before 2.1.1 does not validate one of the file to be imported, which could allow high privivilege admin to upload an arbitrary PHP file and gain RCE even in the case of an hardened blog (ie DISALLOW_UNFILTERED_HTML, DISALLOW_FILE_EDIT and DISALLOW_FILE_MODS constants set to true) | |||||
| CVE-2022-26619 | 1 Halo | 1 Halo | 2022-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| Halo Blog CMS v1.4.17 was discovered to allow attackers to upload arbitrary files via the Attachment Upload function. | |||||
| CVE-2020-28062 | 1 Hisiphp | 1 Hisiphp | 2022-04-12 | 6.5 MEDIUM | 7.2 HIGH |
| An Access Control vulnerability exists in HisiPHP 2.0.11 via special packets that are constructed in $files = Dir::getList($decompath. '/ Upload/Plugins /, which could let a remote malicious user execute arbitrary code. | |||||