Total
1580 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-27261 | 1 Express-fileupload Project | 1 Express-fileupload | 2022-04-19 | 4.3 MEDIUM | 7.5 HIGH |
An arbitrary file write vulnerability in Express-FileUpload v1.3.1 allows attackers to upload multiple files with the same name, causing an overwrite of files in the web application server. | |||||
CVE-2022-27262 | 1 Sailsjs | 1 Skipper | 2022-04-19 | 7.5 HIGH | 9.8 CRITICAL |
An arbitrary file upload vulnerability in the file upload module of Skipper v0.9.1 allows attackers to execute arbitrary code via a crafted file. | |||||
CVE-2022-27263 | 1 Strapi | 1 Strapi | 2022-04-19 | 7.5 HIGH | 9.8 CRITICAL |
An arbitrary file upload vulnerability in the file upload module of Strapi v4.1.5 allows attackers to execute arbitrary code via a crafted file. | |||||
CVE-2022-27140 | 1 Express-fileupload Project | 1 Express-fileupload | 2022-04-19 | 7.5 HIGH | 9.8 CRITICAL |
An arbitrary file upload vulnerability in the file upload module of Express-Fileupload v1.3.1 allows attackers to execute arbitrary code via a crafted PHP file. | |||||
CVE-2022-24837 | 1 Hedgedoc | 1 Hedgedoc | 2022-04-19 | 5.0 MEDIUM | 5.3 MEDIUM |
HedgeDoc is an open-source, web-based, self-hosted, collaborative markdown editor. Images uploaded with HedgeDoc version 1.9.1 and later have an enumerable filename after the upload, resulting in potential information leakage of uploaded documents. This is especially relevant for private notes and affects all upload backends, except Lutim and imgur. This issue is patched in version 1.9.3 by replacing the filename generation with UUIDv4. If you cannot upgrade to HedgeDoc 1.9.3, it is possible to block POST requests to `/uploadimage`, which will disable future uploads. | |||||
CVE-2019-6139 | 1 Forcepoint | 1 User Id | 2022-04-18 | 7.5 HIGH | 9.8 CRITICAL |
Forcepoint User ID (FUID) server versions up to 1.2 have a remote arbitrary file upload vulnerability on TCP port 5001. Successful exploitation of this vulnerability may lead to remote code execution. To fix this vulnerability, upgrade to FUID version 1.3 or higher. To prevent the vulnerability on FUID versions 1.2 and below, apply local firewall rules on the FUID server to disable all external access to port TCP/5001. FUID requires this port only for local connections through the loopback interface. | |||||
CVE-2020-10386 | 1 Chadhaajay | 1 Phpkb | 2022-04-18 | 6.5 MEDIUM | 7.2 HIGH |
admin/imagepaster/image-upload.php in Chadha PHPKB Standard Multi-Language 9 allows remote attackers to achieve Code Execution by uploading a .php file in the admin/js/ directory. | |||||
CVE-2021-28428 | 1 Horizontcms Project | 1 Horizontcms | 2022-04-15 | 7.5 HIGH | 9.8 CRITICAL |
File upload vulnerability in HorizontCMS before 1.0.0-beta.3 via uploading a .htaccess and *.hello files using the Media Files upload functionality. The original file upload vulnerability (CVE-2020-27387) was remediated by restricting the PHP extensions; however, we confirmed that the filter was bypassed via uploading an arbitrary .htaccess and *.hello files in order to execute PHP code to gain RCE. | |||||
CVE-2022-26630 | 1 Jellycms | 1 Jellycms | 2022-04-15 | 6.5 MEDIUM | 8.8 HIGH |
Jellycms v3.8.1 and below was discovered to contain an arbitrary file upload vulnerability via \app.\admin\Controllers\db.php. | |||||
CVE-2021-43430 | 1 Bigantsoft | 1 Bigant Office Messenger 5 | 2022-04-15 | 6.5 MEDIUM | 8.8 HIGH |
An Access Control vulnerability exists in BigAntSoft BigAnt office messenger 5.6 via im_webserver, which could let a malicious user upload PHP Trojan files. | |||||
CVE-2019-19925 | 8 Debian, Netapp, Opensuse and 5 more | 12 Debian Linux, Cloud Backup, Backports Sle and 9 more | 2022-04-15 | 5.0 MEDIUM | 7.5 HIGH |
zipfileUpdate in ext/misc/zipfile.c in SQLite 3.30.1 mishandles a NULL pathname during an update of a ZIP archive. | |||||
CVE-2022-27047 | 1 Moguit | 1 Mogu Blog Cms | 2022-04-15 | 7.5 HIGH | 9.8 CRITICAL |
mogu_blog_cms 5.2 suffers from upload arbitrary files without any limitation. | |||||
CVE-2022-27115 | 2 Microsoft, Std42 | 2 Windows, Elfinder | 2022-04-15 | 7.5 HIGH | 9.8 CRITICAL |
In Studio-42 elFinder 2.1.60, there is a vulnerability that causes remote code execution through file name bypass for file upload. | |||||
CVE-2022-1008 | 1 Ocdi | 1 One Click Demo Import | 2022-04-14 | 6.5 MEDIUM | 7.2 HIGH |
The One Click Demo Import WordPress plugin before 3.1.0 does not validate the imported file, allowing high privilege users such as admin to upload arbitrary files (such as PHP) even when FILE_MODS and FILE_EDIT are disallowed | |||||
CVE-2022-1045 | 1 Trudesk Project | 1 Trudesk | 2022-04-14 | 3.5 LOW | 5.4 MEDIUM |
Stored XSS viva .svg file upload in GitHub repository polonel/trudesk prior to v1.2.0. | |||||
CVE-2022-27477 | 1 Newbee-mall Project | 1 Newbee-mall | 2022-04-14 | 7.5 HIGH | 9.8 CRITICAL |
Newbee-Mall v1.0.0 was discovered to contain an arbitrary file upload via the Upload function at /admin/goods/edit. | |||||
CVE-2022-27131 | 1 Zbzcms | 1 Zbzcms | 2022-04-14 | 7.5 HIGH | 9.8 CRITICAL |
An arbitrary file upload vulnerability at /zbzedit/php/zbz.php in zbzcms v1.0 allows attackers to execute arbitrary code via a crafted PHP file. | |||||
CVE-2022-27129 | 1 Zbzcms | 1 Zbzcms | 2022-04-14 | 7.5 HIGH | 9.8 CRITICAL |
An arbitrary file upload vulnerability at /admin/ajax.php in zbzcms v1.0 allows attackers to execute arbitrary code via a crafted PHP file. | |||||
CVE-2022-27351 | 1 Zoo Management System Project | 1 Zoo Management System | 2022-04-14 | 7.5 HIGH | 9.8 CRITICAL |
Zoo Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via /public_html/apply_vacancy. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. | |||||
CVE-2021-46367 | 1 Ritecms | 1 Ritecms | 2022-04-14 | 9.0 HIGH | 7.2 HIGH |
RiteCMS version 3.1.0 and below suffers from a remote code execution vulnerability in the admin panel. An authenticated attacker can upload a PHP file and bypass the .htacess configuration to deny execution of .php files in media and files directory by default. |