Total
1580 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-2933 | 1 Websitebaker | 1 Websitebaker | 2020-01-21 | 6.5 MEDIUM | 7.2 HIGH |
| An Arbitrary File Upload vulnerability exists in admin/media/upload.php in WebsiteBaker 2.8.1 and earlier due to a failure to restrict uploaded files with .htaccess, .php4, .php5, and .phtl extensions. | |||||
| CVE-2020-5509 | 1 Phpgurukul Car Rental Project | 1 Phpgurukul Car Rental | 2020-01-21 | 6.5 MEDIUM | 7.2 HIGH |
| PHPGurukul Car Rental Project v1.0 allows Remote Code Execution via an executable file in an upload of a new profile image. | |||||
| CVE-2020-5846 | 1 Ahsay | 1 Cloud Backup Suite | 2020-01-17 | 4.0 MEDIUM | 8.8 HIGH |
| An insecure file upload and code execution issue was discovered in Ahsay Cloud Backup Suite 8.3.0.30 via a "PUT /obs/obm7/file/upload" request with the base64-encoded pathname in the X-RSW-custom-encode-path HTTP header, and the content in the HTTP request body. It is possible to upload a file into any directory of the server. One can insert a JSP shell into the web server's directory and execute it. This leads to full system access as the configured user (e.g., Administrator) when starting from any authenticated session (e.g., a trial account). This is fixed in the 83/830122/cbs-*-hotfix-task26000 builds. | |||||
| CVE-2015-4553 | 1 Dedecms | 1 Dedecms | 2020-01-15 | 6.5 MEDIUM | 8.8 HIGH |
| A file upload issue exists in DeDeCMS before 5.7-sp1, which allows malicious users getshell. | |||||
| CVE-2014-8337 | 1 Helpdezk | 1 Helpdezk | 2020-01-15 | 7.5 HIGH | 9.8 CRITICAL |
| Unrestricted file upload vulnerability in includes/classes/uploadify-v2.1.4/uploadify.php in HelpDEZk 1.0.1 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in the directory specified by the folder parameter. | |||||
| CVE-2014-8516 | 1 Cloudfastpath | 1 Netcharts Server | 2020-01-15 | 10.0 HIGH | 9.8 CRITICAL |
| Unrestricted file upload vulnerability in Visual Mining NetCharts Server allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via unspecified vectors. | |||||
| CVE-2012-2226 | 1 Invisioncommunity | 1 Invision Power Board | 2020-01-14 | 7.5 HIGH | 9.8 CRITICAL |
| Invision Power Board before 3.3.1 fails to sanitize user-supplied input which could allow remote attackers to obtain sensitive information or execute arbitrary code by uploading a malicious file. | |||||
| CVE-2014-3448 | 1 Bss Continuity Cms Project | 1 Bss Continuty Cms | 2020-01-14 | 7.5 HIGH | 9.8 CRITICAL |
| BSS Continuity CMS 4.2.22640.0 has a Remote Code Execution vulnerability due to unauthenticated file upload | |||||
| CVE-2015-5951 | 1 Thomsonreuters | 1 Fatca | 2020-01-10 | 9.0 HIGH | 9.9 CRITICAL |
| A file upload issue exists in the specid parameter in Thomson Reuters FATCH before 5.2, which allows malicious users to upload arbitrary PHP files to the web root and execute system commands. | |||||
| CVE-2020-5514 | 1 Gilacms | 1 Gila Cms | 2020-01-09 | 9.0 HIGH | 9.1 CRITICAL |
| Gila CMS 1.11.8 allows Unrestricted Upload of a File with a Dangerous Type via .phar or .phtml to the lzld/thumb?src= URI. | |||||
| CVE-2019-20048 | 1 Al-enterprise | 1 Omnivista 8770 | 2020-01-07 | 9.0 HIGH | 7.2 HIGH |
| An issue was discovered on Alcatel-Lucent OmniVista 8770 devices before 4.1.2. An authenticated remote attacker, with elevated privileges in the Web Directory component on port 389, may upload a PHP file to achieve Remote Code Execution as SYSTEM. | |||||
| CVE-2015-5601 | 1 Edx | 1 Edx-platform | 2020-01-07 | 6.5 MEDIUM | 8.8 HIGH |
| edx-platform before 2015-07-20 allows code execution by privileged users because the course import endpoint mishandles .tar.gz files. | |||||
| CVE-2013-4796 | 1 Reviewboard | 1 Reviewboard | 2020-01-07 | 6.5 MEDIUM | 8.8 HIGH |
| ReviewBoard 1.6.17 allows code execution by attaching PHP scripts to review request | |||||
| CVE-2019-16790 | 1 Tiny File Manager Project | 1 Tiny File Manager | 2020-01-07 | 6.5 MEDIUM | 8.8 HIGH |
| In Tiny File Manager before 2.3.9, there is a remote code execution via Upload from URL and Edit/Rename files. Only authenticated users are impacted. | |||||
| CVE-2019-8293 | 1 Abcprintf | 1 Upload-image-with-ajax | 2020-01-02 | 7.5 HIGH | 9.8 CRITICAL |
| Due to a logic error in the code, upload-image-with-ajax v1.0 allows arbitrary files to be uploaded to the web root allowing code execution. | |||||
| CVE-2019-19634 | 2 Getk2, Verot Project | 2 K2, Verot | 2019-12-21 | 7.5 HIGH | 9.8 CRITICAL |
| class.upload.php in verot.net class.upload through 1.0.3 and 2.x through 2.0.4, as used in the K2 extension for Joomla! and other products, omits .pht from the set of dangerous file extensions, a similar issue to CVE-2019-19576. | |||||
| CVE-2019-19745 | 1 Contao | 1 Contao | 2019-12-18 | 6.5 MEDIUM | 8.8 HIGH |
| Contao 4.0 through 4.8.5 allows PHP local file inclusion. A back end user with access to the form generator can upload arbitrary files and execute them on the server. | |||||
| CVE-2019-19576 | 2 Getk2, Verot Project | 2 K2, Verot | 2019-12-18 | 7.5 HIGH | 9.8 CRITICAL |
| class.upload.php in verot.net class.upload before 1.0.3 and 2.x before 2.0.4, as used in the K2 extension for Joomla! and other products, omits .phar from the set of dangerous file extensions. | |||||
| CVE-2019-11216 | 1 Bmc | 1 Remedy Smart Reporting | 2019-12-13 | 5.5 MEDIUM | 6.5 MEDIUM |
| BMC Smart Reporting 7.3 20180418 allows authenticated XXE within the import functionality. One can import a malicious XML file and perform XXE attacks to download local files from the server, or do DoS attacks with XML expansion attacks. XXE with direct response and XXE OOB are allowed. | |||||
| CVE-2019-15936 | 1 Intesync | 1 Solismed | 2019-12-13 | 7.5 HIGH | 9.8 CRITICAL |
| Intesync Solismed 3.3sp allows Insecure File Upload. | |||||