Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by CWE-434
Total 1580 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-36388 1 Civicrm 1 Civicrm 2023-02-03 6.5 MEDIUM 8.8 HIGH
In CiviCRM before 5.21.3 and 5.22.x through 5.24.x before 5.24.3, users may be able to upload and execute a crafted PHAR archive.
CVE-2018-3832 1 Insteon 2 Hub 2245-222, Hub 2245-222 Firmware 2023-02-03 8.5 HIGH 9.0 CRITICAL
An exploitable firmware update vulnerability exists in Insteon Hub running firmware version 1013. The HTTP server allows for uploading arbitrary MPFS binaries that could be modified to enable access to hidden resources which allow for uploading unsigned firmware images to the device. To trigger this vulnerability, an attacker can upload an MPFS binary via the '/mpfsupload' HTTP form and later on upload the firmware via a POST request to 'firmware.htm'.
CVE-2023-23607 1 Dasherr Project 1 Dasherr 2023-02-03 N/A 9.8 CRITICAL
erohtar/Dasherr is a dashboard for self-hosted services. In affected versions unrestricted file upload allows any unauthenticated user to execute arbitrary code on the server. The file /www/include/filesave.php allows for any file to uploaded to anywhere. If an attacker uploads a php file they can execute code on the server. This issue has been addressed in version 1.05.00. Users are advised to upgrade. There are no known workarounds for this issue.
CVE-2022-40037 1 Javaweb Blog Project 1 Javaweb Blog 2023-02-02 N/A 9.8 CRITICAL
An issue discovered in Rawchen blog-ssm v1.0 allows remote attacker to escalate privileges and execute arbitrary commands via the component /upFile.
CVE-2021-26642 2 Microsoft, Xpressengine 2 Windows, Xpressengine 2023-02-02 N/A 9.8 CRITICAL
When uploading an image file to a bulletin board developed with XpressEngine, a vulnerability in which an arbitrary file can be uploaded due to insufficient verification of the file. A remote attacker can use this vulnerability to execute arbitrary code on the server where the bulletin board is running.
CVE-2022-47615 1 Thimpress 1 Learnpress 2023-02-02 N/A 9.8 CRITICAL
Local File Inclusion vulnerability in LearnPress – WordPress LMS Plugin <= 4.1.7.3.2 versions.
CVE-2022-40035 1 Blog-ssm Project 1 Blog-ssm 2023-02-01 N/A 8.8 HIGH
File Upload Vulnerability found in Rawchen Blog-ssm v1.0 allowing attackers to execute arbitrary commands and gain escalated privileges via the /uploadFileList component.
CVE-2022-3478 1 Gitlab 1 Gitlab 2023-02-01 N/A 4.3 MEDIUM
An issue has been discovered in GitLab affecting all versions starting from 12.8 before 15.4.6, all versions starting from 15.5 before 15.5.5, all versions starting from 15.6 before 15.6.1. It was possible to trigger a DoS attack by uploading a malicious nuget package.
CVE-2022-47042 1 Mingsoft 1 Mcms 2023-02-01 N/A 8.8 HIGH
MCMS v5.2.10 and below was discovered to contain an arbitrary file write vulnerability via the component ms/template/writeFileContent.do.
CVE-2022-45476 1 Tiny File Manager Project 1 Tiny File Manager 2023-02-01 N/A 9.8 CRITICAL
Tiny File Manager version 2.4.8 executes the code of files uploaded by users of the application, instead of just returning them for download. This is possible because the application is vulnerable to insecure file upload.
CVE-2023-20040 1 Cisco 1 Network Services Orchestrator 2023-01-31 N/A 5.5 MEDIUM
A vulnerability in the NETCONF service of Cisco Network Services Orchestrator (NSO) could allow an authenticated, remote attacker to cause a denial of service (DoS) on an affected system that is running as the root user. To exploit this vulnerability, the attacker must be a member of the admin group. This vulnerability exists because user-supplied input is not properly validated when NETCONF is used to upload packages to an affected device. An attacker could exploit this vulnerability by uploading a specially crafted package file. A successful exploit could allow the attacker to write crafted files to arbitrary locations on the filesystem or delete arbitrary files from the filesystem of an affected device, resulting in a DoS condition. Note: By default, during install, Cisco NSO will be set up to run as the root user unless the --run-as-user option is used.
CVE-2021-3120 1 Yithemes 1 Yith Woocommerce Gift Cards 2023-01-31 10.0 HIGH 9.8 CRITICAL
An arbitrary file upload vulnerability in the YITH WooCommerce Gift Cards Premium plugin before 3.3.1 for WordPress allows remote attackers to achieve remote code execution on the operating system in the security context of the web server. In order to exploit this vulnerability, an attacker must be able to place a valid Gift Card product into the shopping cart. An uploaded file is placed at a predetermined path on the web server with a user-specified filename and extension. This occurs because the ywgc-upload-picture parameter can have a .php value even though the intention was to only allow uploads of Gift Card images.
CVE-2022-0316 8 Aidreform Project, Chimpgroup, Club-theme Project and 5 more 10 Aidreform, Bolster, Spikes and 7 more 2023-01-31 N/A 9.8 CRITICAL
The WeStand WordPress theme before 2.1, footysquare WordPress theme, aidreform WordPress theme, statfort WordPress theme, club-theme WordPress theme, kingclub-theme WordPress theme, spikes WordPress theme, spikes-black WordPress theme, soundblast WordPress theme, bolster WordPress theme from ChimpStudio and PixFill does not have any authorisation and upload validation in the lang_upload.php file, allowing any unauthenticated attacker to upload arbitrary files to the web server.
CVE-2022-40797 1 Roxyfileman 1 Roxy Fileman 2023-01-31 N/A 9.8 CRITICAL
Roxy Fileman 1.4.6 allows Remote Code Execution via a .phar upload, because the default FORBIDDEN_UPLOADS value in conf.json only blocks .php, .php4, and .php5 files. (Visiting any .phar file invokes the PHP interpreter in some realistic web-server configurations.)
CVE-2018-3758 1 Express-cart Project 1 Express-cart 2023-01-30 9.0 HIGH 8.8 HIGH
Unrestricted file upload (RCE) in express-cart module before 1.1.7 allows a privileged user to gain access in the hosting machine.
CVE-2015-3884 1 Qdpm 1 Qdpm 2023-01-27 6.5 MEDIUM 8.8 HIGH
Unrestricted file upload vulnerability in the (1) myAccount, (2) projects, (3) tasks, (4) tickets, (5) discussions, (6) reports, and (7) scheduler pages in qdPM 8.3 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in uploads/attachments/ or uploads/users/.
CVE-2022-47766 1 Popojicms 1 Popojicms 2023-01-25 N/A 8.8 HIGH
PopojiCMS v2.0.1 backend plugin function has a file upload vulnerability.
CVE-2023-22851 1 Tiki 1 Tiki 2023-01-25 N/A 7.2 HIGH
Tiki before 24.2 allows lib/importer/tikiimporter_blog_wordpress.php PHP Object Injection by an admin because of an unserialize call.
CVE-2022-46660 1 Ge 1 Proficy Historian 2023-01-25 N/A 6.5 MEDIUM
An unauthorized user could alter or write files with full control over the path and content of the file.
CVE-2019-13359 1 Control-webpanel 1 Webpanel 2023-01-24 8.5 HIGH 7.5 HIGH
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.836, a cwpsrv-xxx cookie allows a normal user to craft and upload a session file to the /tmp directory, and use it to become the root user.