Total
1580 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-35150 | 1 Baijiacms Project | 1 Baijiacms | 2022-08-23 | N/A | 9.8 CRITICAL |
| Baijicms v4 was discovered to contain an arbitrary file upload vulnerability. | |||||
| CVE-2022-2180 | 1 Greyd | 1 Greyd.suite | 2022-08-16 | N/A | 9.8 CRITICAL |
| The GREYD.SUITE WordPress theme does not properly validate uploaded custom font packages, and does not perform any authorization or csrf checks, allowing an unauthenticated attacker to upload arbitrary files including php source files, leading to possible remote code execution (RCE). | |||||
| CVE-2022-2779 | 1 Gas Agency Management System Project | 1 Gas Agency Management System | 2022-08-16 | N/A | 9.8 CRITICAL |
| A vulnerability classified as critical was found in SourceCodester Gas Agency Management System. Affected by this vulnerability is an unknown functionality of the file /gasmark/assets/myimages/oneWord.php. The manipulation of the argument shell leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-206173 was assigned to this vulnerability. | |||||
| CVE-2022-2804 | 1 Zoo Management System Project | 1 Zoo Management System | 2022-08-16 | N/A | 9.8 CRITICAL |
| A vulnerability was found in SourceCodester Zoo Management System. It has been classified as critical. Affected is an unknown function of the file /pages/apply_vacancy.php. The manipulation of the argument filename leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-206250 is the identifier assigned to this vulnerability. | |||||
| CVE-2022-2744 | 1 Gym Management System Project | 1 Gym Management System | 2022-08-15 | N/A | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, has been found in SourceCodester Gym Management System. Affected by this issue is some unknown functionality of the file /admin/add_exercises.php of the component Background Management. The manipulation of the argument exer_img leads to unrestricted upload. The attack may be launched remotely. The identifier of this vulnerability is VDB-206012. | |||||
| CVE-2022-2749 | 1 Gym Management System Project | 1 Gym Management System | 2022-08-15 | N/A | 8.8 HIGH |
| A vulnerability was found in SourceCodester Gym Management System. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /mygym/admin/index.php?view_exercises. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-206017 was assigned to this vulnerability. | |||||
| CVE-2022-2746 | 1 Simple Online Book Store System Project | 1 Simple Online Book Store System | 2022-08-15 | N/A | 9.8 CRITICAL |
| A vulnerability has been found in SourceCodester Simple Online Book Store System and classified as critical. This vulnerability affects unknown code of the file Admin_ add.php. The manipulation leads to unrestricted upload. The attack can be initiated remotely. VDB-206014 is the identifier assigned to this vulnerability. | |||||
| CVE-2022-2736 | 1 Company Website Cms Project | 1 Company Website Cms | 2022-08-15 | N/A | 9.8 CRITICAL |
| A vulnerability was found in SourceCodester Company Website CMS. It has been classified as critical. This affects an unknown part of the file /dashboard/updatelogo.php of the component Background Upload Logo Icon. The manipulation of the argument xfile/ufile leads to unrestricted upload. It is possible to initiate the attack remotely. The identifier VDB-205881 was assigned to this vulnerability. | |||||
| CVE-2022-2740 | 1 Company Website Cms Project | 1 Company Website Cms | 2022-08-15 | N/A | 9.8 CRITICAL |
| A vulnerability was found in SourceCodester Company Website CMS. It has been declared as critical. This vulnerability affects unknown code of the file /dashboard/add-blog.php of the component Add Blog. The manipulation of the argument ufile leads to unrestricted upload. The attack can be initiated remotely. VDB-205882 is the identifier assigned to this vulnerability. | |||||
| CVE-2022-2750 | 1 Company Website Cms Project | 1 Company Website Cms | 2022-08-15 | N/A | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, was found in SourceCodester Company Website CMS. Affected is an unknown function of the file /dashboard/add-service.php of the component Add Service Handler. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. VDB-206022 is the identifier assigned to this vulnerability. | |||||
| CVE-2022-2751 | 1 Company Website Cms Project | 1 Company Website Cms | 2022-08-15 | N/A | 9.8 CRITICAL |
| A vulnerability was found in SourceCodester Company Website CMS and classified as critical. Affected by this issue is some unknown functionality of the file /dashboard/add-portfolio.php. The manipulation of the argument ufile leads to unrestricted upload. The attack may be launched remotely. The identifier of this vulnerability is VDB-206024. | |||||
| CVE-2022-35426 | 1 Ucms Project | 1 Ucms | 2022-08-12 | N/A | 9.8 CRITICAL |
| UCMS 1.6 is vulnerable to arbitrary file upload via ucms/sadmin/file PHP file. | |||||
| CVE-2022-2046 | 1 Wpwax | 1 Directorist | 2022-08-12 | N/A | 4.9 MEDIUM |
| The Directorist WordPress plugin before 7.2.3 allows administrators to download other plugins from the same vendor directly to the site, but does not check the URL domain it gets the zip files from. This could allow administrators to run code on the server, which is a problem in multisite configurations. | |||||
| CVE-2022-36264 | 1 Airspan | 2 Airspot 5410, Airspot 5410 Firmware | 2022-08-12 | N/A | 9.1 CRITICAL |
| In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists an Unauthenticated remote Arbitrary File Upload vulnerability which allows overwriting arbitrary files. A malicious actor can remotely upload a file of their choice and overwrite any file in the system by manipulating the filename and append a relative path that will be interpreted during the upload process. Using this method, it is possible to rewrite any file in the system or upload a new file. | |||||
| CVE-2022-2356 | 1 Mediajedi | 1 User Private Files | 2022-08-11 | N/A | 8.8 HIGH |
| The Frontend File Manager & Sharing WordPress plugin before 1.1.3 does not filter file extensions when letting users upload files on the server, which may lead to malicious code being uploaded. | |||||
| CVE-2022-2694 | 1 Company Website Cms Project | 1 Company Website Cms | 2022-08-11 | N/A | 8.8 HIGH |
| A vulnerability was found in SourceCodester Company Website CMS and classified as critical. This issue affects some unknown processing. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-205817 was assigned to this vulnerability. | |||||
| CVE-2022-2678 | 1 Alphaware E-commerce System Project | 1 Alphaware E-commerce System | 2022-08-10 | N/A | 8.8 HIGH |
| A vulnerability was found in SourceCodester Alphaware Simple E-Commerce System. It has been declared as critical. This vulnerability affects unknown code of the file admin_feature.php of the component Background Management Page. The manipulation leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-205666 is the identifier assigned to this vulnerability. | |||||
| CVE-2022-2647 | 1 Jeecg | 1 Jeecg Boot | 2022-08-10 | N/A | 9.8 CRITICAL |
| A vulnerability was found in jeecg-boot. It has been declared as critical. This vulnerability affects unknown code of the file /api/. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-205594 is the identifier assigned to this vulnerability. | |||||
| CVE-2022-34613 | 1 Mealie Project | 1 Mealie | 2022-08-08 | N/A | 9.8 CRITICAL |
| Mealie 1.0.0beta3 contains an arbitrary file upload vulnerability which allows attackers to execute arbitrary code via a crafted file. | |||||
| CVE-2022-34154 | 1 Ideastocode | 1 Enable Svg\, Webp \& Ico Upload | 2022-08-05 | N/A | 8.8 HIGH |
| Authenticated (author or higher user role) Arbitrary File Upload vulnerability in ideasToCode Enable SVG, WebP & ICO Upload plugin <= 1.0.1 at WordPress. | |||||