Total
1580 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-24652 | 1 Sentcms | 1 Sentcms | 2022-03-16 | 7.5 HIGH | 9.8 CRITICAL |
| sentcms 4.0.x allows remote attackers to cause arbitrary file uploads through an unauthorized file upload interface, resulting in php code execution in /admin/upload/upload. | |||||
| CVE-2022-24651 | 1 Sentcms | 1 Sentcms | 2022-03-16 | 7.5 HIGH | 9.8 CRITICAL |
| sentcms 4.0.x allows remote attackers to cause arbitrary file uploads through an unauthorized file upload interface, resulting in PHP code execution through /user/upload/upload. | |||||
| CVE-2021-43970 | 1 Quicklert | 1 Quicklert | 2022-03-15 | 9.0 HIGH | 8.8 HIGH |
| An arbitrary file upload vulnerability exists in albumimages.jsp in Quicklert for Digium 10.0.0 (1043) via a .mp3;.jsp filename for a file that begins with audio data bytes. It allows an authenticated (low privileged) attacker to execute remote code on the target server within the context of application's permissions (SYSTEM). | |||||
| CVE-2022-25115 | 1 Home Owners Collection Management System Project | 1 Home Owners Collection Management System | 2022-03-14 | 6.8 MEDIUM | 7.8 HIGH |
| A remote code execution (RCE) vulnerability in the Avatar parameter under /admin/?page=user/manage_user of Home Owners Collection Management System v1.0 allows attackers to execute arbitrary code via a crafted PNG file. | |||||
| CVE-2021-24960 | 1 Iptanus | 2 Wordpress File Upload, Wordpress File Upload Pro | 2022-03-11 | 3.5 LOW | 5.4 MEDIUM |
| The WordPress File Upload WordPress plugin before 4.16.3, wordpress-file-upload-pro WordPress plugin before 4.16.3 allows users with a role as low as Contributor to configure the upload form in a way that allows uploading of SVG files, which could be then be used for Cross-Site Scripting attacks | |||||
| CVE-2021-24216 | 1 Servmask | 1 One-stop Wp Migration | 2022-03-11 | 6.5 MEDIUM | 7.2 HIGH |
| The All-in-One WP Migration WordPress plugin before 7.41 does not validate uploaded files' extension, which allows administrators to upload PHP files on their site, even on multisite installations. | |||||
| CVE-2022-25016 | 1 Home Owners Collection Management System Project | 1 Home Owners Collection Management System | 2022-03-09 | 7.5 HIGH | 9.8 CRITICAL |
| Home Owners Collection Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via the component /student_attendance/index.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. | |||||
| CVE-2022-24254 | 1 Extensis | 1 Portfolio | 2022-03-09 | 6.5 MEDIUM | 8.8 HIGH |
| An unrestricted file upload vulnerability in the Backup/Restore Archive component of Extensis Portfolio v4.0 allows remote attackers to execute arbitrary code via a crafted ZIP file. | |||||
| CVE-2022-24253 | 1 Extensis | 1 Portfolio | 2022-03-09 | 6.5 MEDIUM | 8.8 HIGH |
| Extensis Portfolio v4.0 was discovered to contain an authenticated unrestricted file upload vulnerability via the component AdminFileTransferServlet. | |||||
| CVE-2022-24252 | 1 Extensis | 1 Portfolio | 2022-03-09 | 6.5 MEDIUM | 8.8 HIGH |
| An unrestricted file upload vulnerability in the FileTransferServlet component of Extensis Portfolio v4.0 allows remote attackers to execute arbitrary code via a crafted file. | |||||
| CVE-2022-24251 | 1 Extensis | 1 Portfolio | 2022-03-09 | 6.5 MEDIUM | 8.8 HIGH |
| Extensis Portfolio v4.0 was discovered to contain an authenticated unrestricted file upload vulnerability via the Catalog Asset Upload function. | |||||
| CVE-2022-23906 | 1 Cmsmadesimple | 1 Cms Made Simple | 2022-03-08 | 6.5 MEDIUM | 7.2 HIGH |
| CMS Made Simple v2.2.15 was discovered to contain a Remote Command Execution (RCE) vulnerability via the upload avatar function. This vulnerability is exploited via a crafted image file. | |||||
| CVE-2022-25411 | 1 Max-3000 | 1 Maxsite Cms | 2022-03-08 | 7.5 HIGH | 9.8 CRITICAL |
| A Remote Code Execution (RCE) vulnerability at /admin/options in Maxsite CMS v180 allows attackers to execute arbitrary code via a crafted PHP file. | |||||
| CVE-2022-26149 | 1 Modx | 1 Revolution | 2022-03-08 | 6.5 MEDIUM | 7.2 HIGH |
| MODX Revolution through 2.8.3-pl allows remote authenticated administrators to execute arbitrary code by uploading an executable file, because the Uploadable File Types setting can be changed by an administrator. | |||||
| CVE-2019-18313 | 1 Siemens | 1 Sppa-t3000 Ms3000 Migration Server | 2022-03-04 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could gain remote code execution by sending specifically crafted objects to one of the RPC services. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. | |||||
| CVE-2019-18320 | 1 Siemens | 1 Sppa-t3000 Application Server | 2022-03-04 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). An attacker with network access to the Application Server could be able to upload arbitrary files without authentication. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. | |||||
| CVE-2022-25360 | 1 Watchguard | 1 Fireware | 2022-03-04 | 6.5 MEDIUM | 8.8 HIGH |
| WatchGuard Firebox and XTM appliances allow an authenticated remote attacker with unprivileged credentials to upload files to arbitrary locations. This vulnerability impacts Fireware OS before 12.7.2_U2, 12.x before 12.1.3_U8, and 12.2.x through 12.5.x before 12.5.9_U2. | |||||
| CVE-2022-23043 | 1 Tribalsystems | 1 Zenario | 2022-03-03 | 6.5 MEDIUM | 7.2 HIGH |
| Zenario CMS 9.2 allows an authenticated admin user to bypass the file upload restriction by creating a new 'File/MIME Types' using the '.phar' extension. Then an attacker can upload a malicious file, intercept the request and change the extension to '.phar' in order to run commands on the server. | |||||
| CVE-2021-44967 | 1 Limesurvey | 1 Limesurvey | 2022-03-02 | 9.0 HIGH | 8.8 HIGH |
| A Remote Code Execution (RCE) vulnerabilty exists in LimeSurvey 5.2.4 via the upload and install plugins function, which could let a remote malicious user upload an arbitrary PHP code file. | |||||
| CVE-2022-23375 | 1 Wikidocs | 1 Wikidocs | 2022-03-01 | 6.5 MEDIUM | 8.8 HIGH |
| WikiDocs version 0.1.18 has an authenticated remote code execution vulnerability. An attacker can upload a malicious file using the image upload form through index.php. | |||||