Total
2367 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-36547 | 1 Mara Cms Project | 1 Mara Cms | 2021-11-02 | 7.5 HIGH | 9.8 CRITICAL |
| A remote code execution (RCE) vulnerability in the component /codebase/dir.php?type=filenew of Mara v7.5 allows attackers to execute arbitrary commands via a crafted PHP file. | |||||
| CVE-2021-3745 | 1 Flatcore | 1 Flatcore-cms | 2021-11-01 | 6.0 MEDIUM | 6.6 MEDIUM |
| flatcore-cms is vulnerable to Unrestricted Upload of File with Dangerous Type | |||||
| CVE-2020-11476 | 1 Concretecms | 1 Concrete Cms | 2021-11-01 | 9.0 HIGH | 7.2 HIGH |
| Concrete5 before 8.5.3 allows Unrestricted Upload of File with Dangerous Type such as a .phar file. | |||||
| CVE-2020-24986 | 1 Concretecms | 1 Concrete Cms | 2021-11-01 | 9.0 HIGH | 7.2 HIGH |
| Concrete5 up to and including 8.5.2 allows Unrestricted Upload of File with Dangerous Type such as a .php file via File Manager. It is possible to modify site configuration to upload the PHP file and execute arbitrary commands. | |||||
| CVE-2021-38471 | 1 Auvesy | 1 Versiondog | 2021-10-28 | 6.4 MEDIUM | 9.1 CRITICAL |
| There are multiple API function codes that permit data writing to any file, which may allow an attacker to modify existing files or create new files. | |||||
| CVE-2020-36485 | 1 Madeportable | 1 Playable | 2021-10-28 | 4.6 MEDIUM | 7.8 HIGH |
| Portable Ltd Playable v9.18 was discovered to contain an arbitrary file upload vulnerability in the filename parameter of the upload module. This vulnerability allows attackers to execute arbitrary code via a crafted JPEG file. | |||||
| CVE-2021-37372 | 1 Online Student Admission System Project | 1 Online Student Admission System | 2021-10-28 | 6.5 MEDIUM | 8.8 HIGH |
| Online Student Admission System 1.0 is affected by an insecure file upload vulnerability. A low privileged user can upload malicious PHP files by updating their profile image to gain remote code execution. | |||||
| CVE-2021-37221 | 1 Customer Relationship Management System Project | 1 Customer Relationship Management System | 2021-10-28 | 6.5 MEDIUM | 8.8 HIGH |
| A file upload vulnerability exists in Sourcecodester Customer Relationship Management System 1.0 via the account update option & customer create option, which could let a remote malicious user upload an arbitrary php file. . | |||||
| CVE-2020-23043 | 1 Air Sender Project | 1 Air Sender | 2021-10-27 | 6.5 MEDIUM | 8.8 HIGH |
| Tran Tu Air Sender v1.0.2 was discovered to contain an arbitrary file upload vulnerability in the upload module. This vulnerability allows attackers to execute arbitrary code via a crafted file. | |||||
| CVE-2021-39221 | 1 Nextcloud | 1 Contacts | 2021-10-27 | 3.5 LOW | 5.4 MEDIUM |
| Nextcloud is an open-source, self-hosted productivity platform. The Nextcloud Contacts application prior to version 4.0.3 was vulnerable to a stored Cross-Site Scripting (XSS) vulnerability. For exploitation, a user would need to right-click on a malicious file and open the file in a new tab. Due the strict Content-Security-Policy shipped with Nextcloud, this issue is not exploitable on modern browsers supporting Content-Security-Policy. It is recommended that the Nextcloud Contacts application is upgraded to 4.0.3. As a workaround, one may use a browser that has support for Content-Security-Policy. | |||||
| CVE-2021-41745 | 1 Showdoc | 1 Showdoc | 2021-10-27 | 7.5 HIGH | 9.8 CRITICAL |
| ShowDoc 2.8.3 ihas a file upload vulnerability, where attackers can use the vulnerability to obtain server permissions. | |||||
| CVE-2021-38484 | 1 Inhandnetworks | 2 Ir615, Ir615 Firmware | 2021-10-22 | 9.0 HIGH | 7.2 HIGH |
| InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 do not have a filter or signature check to detect or prevent an upload of malicious files to the server, which may allow an attacker, acting as an administrator, to upload malicious files. This could result in cross-site scripting, deletion of system files, and remote code execution. | |||||
| CVE-2021-3846 | 1 Firefly-iii | 1 Firefly Iii | 2021-10-22 | 6.5 MEDIUM | 8.8 HIGH |
| firefly-iii is vulnerable to Unrestricted Upload of File with Dangerous Type | |||||
| CVE-2021-42342 | 1 Embedthis | 1 Goahead | 2021-10-20 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in GoAhead 4.x and 5.x before 5.1.5. In the file upload filter, user form variables can be passed to CGI scripts without being prefixed with the CGI prefix. This permits tunneling untrusted environment variables into vulnerable CGI scripts. | |||||
| CVE-2021-20130 | 1 Zohocorp | 1 Manageengine Admanager Plus | 2021-10-19 | 6.5 MEDIUM | 8.8 HIGH |
| ManageEngine ADManager Plus Build 7111 contains a post-authentication remote code execution vulnerability due to improperly validated file uploads in the PasswordExpiry interface. | |||||
| CVE-2021-20131 | 1 Zohocorp | 1 Manageengine Admanager Plus | 2021-10-19 | 6.5 MEDIUM | 8.8 HIGH |
| ManageEngine ADManager Plus Build 7111 contains a post-authentication remote code execution vulnerability due to improperly validated file uploads in the Personalization interface. | |||||
| CVE-2021-20125 | 1 Draytek | 1 Vigorconnect | 2021-10-19 | 10.0 HIGH | 9.8 CRITICAL |
| An arbitrary file upload and directory traversal vulnerability exists in the file upload functionality of DownloadFileServlet in Draytek VigorConnect 1.6.0-B3. An unauthenticated attacker could leverage this vulnerability to upload files to any location on the target operating system with root privileges. | |||||
| CVE-2021-40189 | 1 Php-fusion | 1 Phpfusion | 2021-10-19 | 6.5 MEDIUM | 7.2 HIGH |
| PHPFusion 9.03.110 is affected by a remote code execution vulnerability. The theme function will extract a file to "webroot/themes/{Theme Folder], where an attacker can access and execute arbitrary code. | |||||
| CVE-2021-40188 | 1 Php-fusion | 1 Phpfusion | 2021-10-18 | 6.5 MEDIUM | 7.2 HIGH |
| PHPFusion 9.03.110 is affected by an arbitrary file upload vulnerability. The File Manager function in admin panel does not filter all PHP extensions such as ".php, .php7, .phtml, .php5, ...". An attacker can upload a malicious file and execute code on the server. | |||||
| CVE-2017-12678 | 2 Debian, Taglib | 2 Debian Linux, Taglib | 2021-10-18 | 6.8 MEDIUM | 8.8 HIGH |
| In TagLib 1.11.1, the rebuildAggregateFrames function in id3v2framefactory.cpp has a pointer to cast vulnerability, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted audio file. | |||||