Total
1580 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-41217 | 1 Hybridsoftware | 1 Cloudflow | 2023-03-02 | N/A | 9.8 CRITICAL |
Cloudflow contains a unauthenticated file upload vulnerability, which makes it possible for an attacker to upload malicious files to the CLOUDFLOW PROOFSCOPE built-in storage. | |||||
CVE-2022-2111 | 1 Inventree Project | 1 Inventree | 2023-02-28 | 6.5 MEDIUM | 8.8 HIGH |
Unrestricted Upload of File with Dangerous Type in GitHub repository inventree/inventree prior to 0.7.2. | |||||
CVE-2021-35261 | 1 Bearadmin Project | 1 Bearadmin | 2023-02-28 | N/A | 9.8 CRITICAL |
File Upload Vulnerability in Yupoxion BearAdmin before commit 10176153528b0a914eb4d726e200fd506b73b075 allows attacker to execute arbitrary remote code via the Upfile function of the extend/tools/Ueditor endpoint. | |||||
CVE-2019-12803 | 1 Hunesion | 1 I-onenet | 2023-02-28 | 10.0 HIGH | 9.8 CRITICAL |
In Hunesion i-oneNet version 3.0.7 ~ 3.0.53 and 4.0.4 ~ 4.0.16, the specific upload web module doesn't verify the file extension and type, and an attacker can upload a webshell. After the webshell upload, an attacker can use the webshell to perform remote code exection such as running a system command. | |||||
CVE-2023-0943 | 1 Best Pos Management System Project | 1 Best Pos Management System | 2023-02-27 | N/A | 8.8 HIGH |
A vulnerability, which was classified as problematic, has been found in SourceCodester Best POS Management System 1.0. This issue affects some unknown processing of the file index.php?page=site_settings of the component Image Handler. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-221591. | |||||
CVE-2023-0918 | 1 Pharmacy Management System Project | 1 Pharmacy Management System | 2023-02-27 | N/A | 9.8 CRITICAL |
A vulnerability has been found in codeprojects Pharmacy Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file add.php of the component Avatar Image Handler. The manipulation leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-221494 is the identifier assigned to this vulnerability. | |||||
CVE-2016-10954 | 1 Dynamicpress | 1 Neosense | 2023-02-23 | 7.5 HIGH | 9.8 CRITICAL |
The Neosense theme before 1.8 for WordPress has qquploader unrestricted file upload. | |||||
CVE-2023-22937 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2023-02-23 | N/A | 4.3 MEDIUM |
In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the lookup table upload feature let a user upload lookup tables with unnecessary filename extensions. Lookup table file extensions may now be one of the following only: .csv, .csv.gz, .kmz, .kml, .mmdb, or .mmdb.gzl. For more information on lookup table files, see [About lookups](https://docs.splunk.com/Documentation/Splunk/latest/Knowledge/Aboutlookupsandfieldactions). | |||||
CVE-2023-24646 | 1 Online Food Ordering System Project | 1 Online Food Ordering System | 2023-02-23 | N/A | 9.8 CRITICAL |
An arbitrary file upload vulnerability in the component /fos/admin/ajax.php of Food Ordering System v2.0 allows attackers to execute arbitrary code via a crafted PHP file. | |||||
CVE-2023-0783 | 1 Shopex | 1 Ecshop | 2023-02-21 | N/A | 9.8 CRITICAL |
A vulnerability was found in EcShop 4.1.5. It has been classified as critical. This affects an unknown part of the file /ecshop/admin/template.php of the component PHP File Handler. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-220641 was assigned to this vulnerability. | |||||
CVE-2023-24530 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2023-02-21 | N/A | 9.1 CRITICAL |
SAP BusinessObjects Business Intelligence Platform (CMC) - versions 420, 430, allows an authenticated admin user to upload malicious code that can be executed by the application over the network. On successful exploitation, attacker can perform operations that may completely compromise the application causing high impact on confidentiality, integrity and availability of the application. | |||||
CVE-2023-23851 | 1 Sap | 1 Business Planning And Consolidation | 2023-02-21 | N/A | 5.4 MEDIUM |
SAP Business Planning and Consolidation - versions 200, 300, allows an attacker with business authorization to upload any files (including web pages) without the proper file format validation. If other users visit the uploaded malicious web page, the attacker may perform actions on behalf of the users without their consent impacting the confidentiality and integrity of the system. | |||||
CVE-2022-45527 | 1 Institutional Management Website Project | 1 Institutional Management Website | 2023-02-18 | N/A | 9.8 CRITICAL |
File upload vulnerability in Future-Depth Institutional Management Website (IMS) 1.0, allows unauthorized attackers to directly upload malicious files to the courseimg directory. | |||||
CVE-2023-0255 | 1 Shortpixel | 1 Enable Media Replace | 2023-02-15 | N/A | 8.8 HIGH |
The Enable Media Replace WordPress plugin before 4.0.2 does not prevent authors from uploading arbitrary files to the site, which may allow them to upload PHP shells on affected sites. | |||||
CVE-2023-23937 | 1 Pimcore | 1 Pimcore | 2023-02-13 | N/A | 5.4 MEDIUM |
Pimcore is an Open Source Data & Experience Management Platform: PIM, MDM, CDP, DAM, DXP/CMS & Digital Commerce. The upload functionality for updating user profile does not properly validate the file content-type, allowing any authenticated user to bypass this security check by adding a valid signature (p.e. GIF89) and sending any invalid content-type. This could allow an authenticated attacker to upload HTML files with JS content that will be executed in the context of the domain. This issue has been patched in version 10.5.16. | |||||
CVE-2012-1592 | 1 Apache | 1 Struts | 2023-02-12 | 6.5 MEDIUM | 8.8 HIGH |
A local code execution issue exists in Apache Struts2 when processing malformed XSLT files, which could let a malicious user upload and execute arbitrary files. | |||||
CVE-2021-34427 | 1 Eclipse | 1 Business Intelligence And Reporting Tools | 2023-02-11 | 7.5 HIGH | 9.8 CRITICAL |
In Eclipse BIRT versions 4.8.0 and earlier, an attacker can use query parameters to create a JSP file which is accessible from remote (current BIRT viewer dir) to inject JSP code into the running instance. | |||||
CVE-2020-28871 | 1 Monitorr Project | 1 Monitorr | 2023-02-10 | 7.5 HIGH | 9.8 CRITICAL |
Remote code execution in Monitorr v1.7.6m in upload.php allows an unauthorized person to execute arbitrary code on the server-side via an insecure file upload. | |||||
CVE-2021-36426 | 1 Phpwcms | 1 Phpwcms | 2023-02-09 | N/A | 8.8 HIGH |
File Upload vulnerability in phpwcms 1.9.25 allows remote attackers to run arbitrary code via crafted file upload to include/inc_lib/general.inc.php. | |||||
CVE-2023-24202 | 1 Raffle Draw System Project | 1 Raffle Draw System | 2023-02-09 | N/A | 9.8 CRITICAL |
Raffle Draw System v1.0 was discovered to contain a local file inclusion vulnerability via the page parameter in index.php. |