Total
1580 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-14911 | 1 Ukcms | 1 Ukcms | 2018-10-10 | 6.5 MEDIUM | 7.2 HIGH |
| A file upload vulnerability exists in ukcms v1.1.7 and earlier. The vulnerability is due to the system not strictly filtering the file upload type. An attacker can exploit the vulnerability to upload a script Trojan to admin.php/admin/configset/index/group/upload.html to gain server control by composing a request for a .txt upload and then changing it to a .php upload. The attacker must have admin access to change the upload_file_ext (aka "Allow upload file suffix") setting, and must use "php,php" in this setting to bypass the "php" restriction. | |||||
| CVE-2018-14028 | 1 Wordpress | 1 Wordpress | 2018-10-10 | 6.5 MEDIUM | 7.2 HIGH |
| In WordPress 4.9.7, plugins uploaded via the admin area are not verified as being ZIP files. This allows for PHP files to be uploaded. Once a PHP file is uploaded, the plugin extraction fails, but the PHP file remains in a predictable wp-content/uploads location, allowing for an attacker to then execute the file. This represents a security risk in limited scenarios where an attacker (who does have the required capabilities for plugin uploads) cannot simply place arbitrary PHP code into a valid plugin ZIP file and upload that plugin, because a machine's wp-content/plugins directory permissions were set up to block all new plugins. | |||||
| CVE-2017-7357 | 1 Atlassian | 1 Hipchat Server | 2018-10-09 | 6.5 MEDIUM | 9.1 CRITICAL |
| Hipchat Server before 2.2.3 allows remote authenticated users with Server Administrator level privileges to execute arbitrary code by importing a file. | |||||
| CVE-2015-7571 | 1 Yeager | 1 Yeager Cms | 2018-10-09 | 6.8 MEDIUM | 7.8 HIGH |
| Unrestricted file upload vulnerability in Yeager CMS 1.2.1 allows remote attackers to execute arbitrary code by uploading a file with an executable extension. | |||||
| CVE-2018-12940 | 1 Seeddms | 1 Seeddms | 2018-10-01 | 6.5 MEDIUM | 8.8 HIGH |
| Unrestricted file upload vulnerability in "op/op.UploadChunks.php" in SeedDMS (formerly LetoDMS and MyDMS) before 5.1.8 allows remote attackers to execute arbitrary code by uploading a file with an executable extension specified by the "qqfile" parameter. This allows an authenticated attacker to upload a malicious file containing PHP code to execute operating system commands to the web root of the application. | |||||
| CVE-2018-14570 | 1 Niushop | 1 B2b2c Multi-business | 2018-09-20 | 6.5 MEDIUM | 8.8 HIGH |
| A file upload vulnerability in application/shop/controller/member.php in Niushop B2B2C Multi-business basic version V1.11 allows any remote member to upload a .php file to the web server via a profile avatar field, by using an image Content-Type (e.g., image/jpeg) with a modified filename and file content. This results in arbitrary code execution by requesting that .php file. | |||||
| CVE-2018-14334 | 1 Joyplus-cms Project | 1 Joyplus-cms | 2018-09-17 | 7.5 HIGH | 9.8 CRITICAL |
| manager/editor/upload.php in joyplus-cms 1.6.0 allows arbitrary file upload because detection of a prohibited file extension simply sets the $errm value, and does not otherwise alter the flow of control. Consequently, one can upload and execute a .php file, a similar issue to CVE-2018-8766. | |||||
| CVE-2018-10577 | 1 Watchguard | 8 Ap100, Ap100 Firmware, Ap102 and 5 more | 2018-09-16 | 9.0 HIGH | 8.8 HIGH |
| An issue was discovered on WatchGuard AP100, AP102, and AP200 devices with firmware before 1.2.9.15, and AP300 devices with firmware before 2.0.0.10. File upload functionality allows any users authenticated on the web interface to upload files containing code to the web root, allowing these files to be executed as root. | |||||
| CVE-2018-14441 | 1 Ssh Companywebsite Project | 1 Ssh Companywebsite | 2018-09-14 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in cckevincyh SSH CompanyWebsite through 2018-05-03. admin/admin/fileUploadAction_fileUpload.action allows arbitrary file upload, as demonstrated by a .jsp file with the image/jpeg content type. | |||||
| CVE-2018-13981 | 1 Zeta-producer | 1 Zeta Producer Desktop Cms | 2018-09-12 | 7.5 HIGH | 9.8 CRITICAL |
| The websites that were built from Zeta Producer Desktop CMS before 14.2.1 are vulnerable to unauthenticated remote code execution due to a default component that permits arbitrary upload of PHP files, because the formmailer widget blocks .php files but not .php5 or .phtml files. This is related to /assets/php/formmailer/SendEmail.php and /assets/php/formmailer/functions.php. | |||||
| CVE-2018-1000619 | 1 Ovidentia | 1 Ovidentia | 2018-09-11 | 6.5 MEDIUM | 8.8 HIGH |
| Ovidentia version 8.4.3 and earlier contains a Unsanitized User Input vulnerability in utilit.php, bab_getAddonFilePathfromTg that can result in Authenticated Remote Code Execution. This attack appear to be exploitable via The attacker must have permission to upload addons. | |||||
| CVE-2017-16251 | 1 Mitel | 1 St14.2 | 2018-09-07 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability in the conferencing component of Mitel ST 14.2, release GA28 and earlier, could allow an authenticated user to upload a malicious script to the Personal Library by a crafted POST request. Successful exploit could allow an attacker to execute arbitrary code within the context of the application. | |||||
| CVE-2018-12528 | 1 Intex | 2 N150, N150 Firmware | 2018-09-05 | 7.5 HIGH | 8.1 HIGH |
| An issue was discovered on Intex N150 devices. The backup/restore option does not check the file extension uploaded for importing a configuration files backup, which can lead to corrupting the router firmware settings or even the uploading of malicious files. In order to exploit the vulnerability, an attacker can upload any malicious file and force reboot the router with it. | |||||
| CVE-2018-11638 | 1 Dialogic | 1 Powermedia Xms | 2018-09-05 | 9.0 HIGH | 7.2 HIGH |
| Unrestricted Upload of a File with a Dangerous Type in the administrative console in Dialogic PowerMedia XMS through 3.5 allows remote authenticated users to upload malicious code to the web root to gain code execution. | |||||
| CVE-2018-13024 | 1 Metinfo | 1 Metinfo | 2018-08-24 | 6.5 MEDIUM | 7.2 HIGH |
| Metinfo v6.0.0 allows remote attackers to write code into a .php file, and execute that code, via the module parameter to admin/column/save.php in an editor upload action. | |||||
| CVE-2018-0571 | 1 Basercms | 1 Basercms | 2018-08-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers with a site operator privilege to upload arbitrary files. | |||||
| CVE-2018-13021 | 1 Hongcms Project | 1 Hongcms | 2018-08-21 | 9.0 HIGH | 7.2 HIGH |
| An issue was discovered in HongCMS 3.0.0. There is an Arbitrary Script File Upload issue that can result in PHP code execution via the admin/index.php/template/upload URI. | |||||
| CVE-2018-12914 | 1 Publiccms | 1 Publiccms | 2018-08-20 | 7.5 HIGH | 9.8 CRITICAL |
| A remote code execution issue was discovered in PublicCMS V4.0.20180210. An attacker can upload a ZIP archive that contains a .jsp file with a directory traversal pathname. After an unzip operation, the attacker can execute arbitrary code by visiting a .jsp URI. | |||||
| CVE-2018-11221 | 1 Artica | 1 Pandora Fms | 2018-08-14 | 7.5 HIGH | 9.8 CRITICAL |
| Unauthenticated untrusted file upload in Artica Pandora FMS through version 7.23 allows an attacker to upload an arbitrary plugin via include/ajax/update_manager.ajax in the update system. | |||||
| CVE-2018-12519 | 1 Codenx | 1 Shopnx | 2018-08-13 | 4.0 MEDIUM | 8.8 HIGH |
| An issue was discovered in ShopNx through 2017-11-17. The vulnerability allows a remote attacker to upload any malicious file to a Node.js application. An attacker can upload a malicious HTML file that contains a JavaScript payload to steal a user's credentials. | |||||