Total
2367 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-39384 | 1 Diaowen | 1 Dwsurvey | 2022-03-29 | 7.5 HIGH | 9.8 CRITICAL |
| DWSurvey v3.2.0 was discovered to contain an arbitrary file write vulnerability via the component /utils/ToHtmlServlet.java. | |||||
| CVE-2022-23880 | 1 Taogogo | 1 Taocms | 2022-03-28 | 7.5 HIGH | 9.8 CRITICAL |
| An arbitrary file upload vulnerability in the File Management function module of taoCMS v3.0.2 allows attackers to execute arbitrary code via a crafted PHP file. | |||||
| CVE-2022-1034 | 1 Showdoc | 1 Showdoc | 2022-03-28 | 6.5 MEDIUM | 7.2 HIGH |
| There is a Unrestricted Upload of File vulnerability in ShowDoc v2.10.3 in GitHub repository star7th/showdoc prior to 2.10.4. | |||||
| CVE-2022-1033 | 1 Craterapp | 1 Crater | 2022-03-28 | 6.5 MEDIUM | 7.8 HIGH |
| Unrestricted Upload of File with Dangerous Type in GitHub repository crater-invoice/crater prior to 6.0.6. | |||||
| CVE-2020-26008 | 1 Shopxo | 1 Shopxo | 2022-03-28 | 6.8 MEDIUM | 7.8 HIGH |
| The PluginsUpload function in application/service/PluginsAdminService.php of ShopXO v1.9.0 contains an arbitrary file upload vulnerability which allows attackers to execute arbitrary code via uploading a crafted PHP file. | |||||
| CVE-2020-26007 | 1 Shopxo | 1 Shopxo | 2022-03-28 | 6.8 MEDIUM | 7.8 HIGH |
| An arbitrary file upload vulnerability in the upload payment plugin of ShopXO v1.9.0 allows attackers to execute arbitrary code via uploading a crafted PHP file. | |||||
| CVE-2022-25581 | 1 Classcms | 1 Classcms | 2022-03-28 | 6.8 MEDIUM | 7.8 HIGH |
| Classcms v2.5 and below contains an arbitrary file upload via the component \class\classupload. This vulnerability allows attackers to execute code injection via a crafted .txt file. | |||||
| CVE-2019-18288 | 1 Siemens | 1 Sppa-t3000 Application Server | 2022-03-25 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). An attacker with valid authentication at the RMI interface could be able to gain remote code execution through an unsecured file upload. Please note that an attacker needs to have access to the Application Highway in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. | |||||
| CVE-2022-25602 | 1 Expresstech | 1 Responsive Menu | 2022-03-25 | 6.5 MEDIUM | 8.8 HIGH |
| Nonce token leak vulnerability leading to arbitrary file upload, theme deletion, plugin settings change discovered in Responsive Menu WordPress plugin (versions <= 4.1.7). | |||||
| CVE-2022-0415 | 1 Gogs | 1 Gogs | 2022-03-25 | 6.5 MEDIUM | 8.8 HIGH |
| Remote Command Execution in uploading repository file in GitHub repository gogs/gogs prior to 0.12.6. | |||||
| CVE-2022-26965 | 1 Pluck-cms | 1 Pluck | 2022-03-25 | 6.5 MEDIUM | 7.2 HIGH |
| In Pluck 4.7.16, an admin user can use the theme upload functionality at /admin.php?action=themeinstall to perform remote code execution. | |||||
| CVE-2021-45834 | 1 Opendocman | 1 Opendocman | 2022-03-25 | 7.5 HIGH | 9.8 CRITICAL |
| An attacker can upload or transfer files of dangerous types to the OpenDocMan 1.4.4 portal via add.php using MIME-bypass, which may be automatically processed within the product's environment or lead to arbitrary code execution. | |||||
| CVE-2021-45835 | 1 Online Admission System Project | 1 Online Admissions System | 2022-03-25 | 7.5 HIGH | 9.8 CRITICAL |
| The Online Admission System 1.0 allows an unauthenticated attacker to upload or transfer files of dangerous types to the application through documents.php, which may be used to execute malicious code or lead to code execution. | |||||
| CVE-2021-45040 | 1 Spatie | 1 Laravel Media Library | 2022-03-24 | 10.0 HIGH | 9.8 CRITICAL |
| The Spatie media-library-pro library through 1.17.10 and 2.x through 2.1.6 for Laravel allows remote attackers to upload executable files via the uploads route. | |||||
| CVE-2022-25495 | 1 Cuppacms | 1 Cuppacms | 2022-03-23 | 7.5 HIGH | 9.8 CRITICAL |
| The component /jquery_file_upload/server/php/index.php of CuppaCMS v1.0 allows attackers to upload arbitrary files and execute arbitrary code via a crafted PHP file. | |||||
| CVE-2022-24749 | 1 Sylius | 1 Sylius | 2022-03-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| Sylius is an open source eCommerce platform. In versions prior to 1.9.10, 1.10.11, and 1.11.2, it is possible to upload an SVG file containing cross-site scripting (XSS) code in the admin panel. In order to perform a XSS attack, the file itself has to be open in a new card or loaded outside of the IMG tag. The problem applies both to the files opened on the admin panel and shop pages. The issue is fixed in versions 1.9.10, 1.10.11, and 1.11.2. As a workaround, require a library that adds on-upload file sanitization and overwrite the service before writing the file to the filesystem. The GitHub Security Advisory contains more specific information about the workaround. | |||||
| CVE-2022-0962 | 1 Showdoc | 1 Showdoc | 2022-03-22 | 3.5 LOW | 5.4 MEDIUM |
| Stored XSS viva .webma file upload in GitHub repository star7th/showdoc prior to 2.10.4. | |||||
| CVE-2022-0951 | 1 Showdoc | 1 Showdoc | 2022-03-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| File Upload Restriction Bypass leading to Stored XSS Vulnerability in GitHub repository star7th/showdoc prior to 2.10.4. | |||||
| CVE-2022-0945 | 1 Showdoc | 1 Showdoc | 2022-03-21 | 3.5 LOW | 5.4 MEDIUM |
| Stored XSS viva axd and cshtml file upload in star7th/showdoc in GitHub repository star7th/showdoc prior to v2.10.4. | |||||
| CVE-2022-0960 | 1 Showdoc | 1 Showdoc | 2022-03-21 | 3.5 LOW | 5.4 MEDIUM |
| Stored XSS viva .properties file upload in GitHub repository star7th/showdoc prior to 2.10.4. | |||||