Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by CWE-706
Total 46 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-29445 1 Wow-estore 1 Popup Box 2022-05-26 6.5 MEDIUM 7.2 HIGH
Authenticated (administrator or higher role) Local File Inclusion (LFI) vulnerability in Wow-Company's Popup Box plugin <= 2.1.2 at WordPress.
CVE-2018-12020 4 Canonical, Debian, Gnupg and 1 more 9 Ubuntu Linux, Debian Linux, Gnupg and 6 more 2022-04-18 5.0 MEDIUM 7.5 HIGH
mainproc.c in GnuPG before 2.2.8 mishandles the original filename during decryption and verification actions, which allows remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the "--status-fd 2" option. For example, the OpenPGP data might represent an original filename that contains line feed characters in conjunction with GOODSIG or VALIDSIG status codes.
CVE-2022-0855 1 Microweber 1 Whmcs 2022-03-14 5.8 MEDIUM 6.1 MEDIUM
Improper Resolution of Path Equivalence in GitHub repository microweber-dev/whmcs_plugin prior to 0.0.4.
CVE-2019-19493 1 Kentico 1 Kentico 2022-02-19 3.5 LOW 5.4 MEDIUM
Kentico before 12.0.50 allows file uploads in which the Content-Type header is inconsistent with the file extension, leading to XSS.
CVE-2021-37144 1 Cszcms 1 Csz Cms 2021-08-09 6.4 MEDIUM 9.1 CRITICAL
CSZ CMS 1.2.9 is vulnerable to Arbitrary File Deletion. This occurs in PHP when the unlink() function is called and user input might affect portions of or the whole affected parameter, which represents the path of the file to remove, without sufficient sanitization.
CVE-2019-7731 1 Mywebsql 1 Mywebsql 2021-07-21 7.5 HIGH 9.8 CRITICAL
MyWebSQL 3.7 has a remote code execution (RCE) vulnerability after an attacker writes shell code into the database, and executes the Backup Database function with a .php filename for the backup's archive file.
CVE-2019-12837 1 Gencat 1 Portal D\'acces A La Universitat 2021-07-21 4.0 MEDIUM 4.3 MEDIUM
The Java API in accesuniversitat.gencat.cat 1.7.5 allows remote attackers to get personal information of all registered students via several API endpoints.
CVE-2019-17575 1 Wbce 1 Wbce Cms 2021-07-21 6.5 MEDIUM 7.2 HIGH
A file-rename filter bypass exists in admin/media/rename.php in WBCE CMS 1.4.0 and earlier. This can be exploited by an authenticated user with admin privileges to rename a media filename and extension. (For example: place PHP code in a .jpg file, and then change the file's base name to filename.ph and change the file's extension to p. Because of concatenation, the name is then treated as filename.php.) At the result, remote attackers can execute arbitrary PHP code.
CVE-2019-6289 1 Dedecms 1 Dedecms 2021-07-21 6.5 MEDIUM 8.8 HIGH
uploads/include/dialog/select_soft.php in DedeCMS V57_UTF8_SP2 allows remote attackers to execute arbitrary PHP code by uploading with a safe file extension and then renaming with a mixed-case variation of the .php extension, as demonstrated by the 1.pHP filename.
CVE-2019-8908 1 Wtcms Project 1 Wtcms 2021-07-21 7.5 HIGH 9.8 CRITICAL
An issue was discovered in WTCMS 1.0. It allows remote attackers to execute arbitrary PHP code by going to the "Setting -> Mailbox configuration -> Registration email template" screen, and uploading an image file, as demonstrated by a .php filename and the "Content-Type: image/gif" header.
CVE-2020-13311 1 Gitlab 1 Gitlab 2021-07-21 4.0 MEDIUM 4.3 MEDIUM
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Wiki was vulnerable to a parser attack that prohibits anyone from accessing the Wiki functionality through the user interface.
CVE-2020-23448 1 Newbee-mall Project 1 Newbee-mall 2021-07-21 7.5 HIGH 9.8 CRITICAL
newbee-mall all versions are affected by incorrect access control to remotely gain privileges through AdminLoginInterceptor.java. The authentication logic of the system's background /admin is in code AdminLoginInterceptor, which can be bypassed.
CVE-2020-35623 1 Mediawiki 1 Mediawiki 2021-07-21 5.0 MEDIUM 7.5 HIGH
An issue was discovered in the CasAuth extension for MediaWiki through 1.35.1. Due to improper username validation, it allowed user impersonation with trivial manipulations of certain characters within a given username. An ordinary user may be able to login as a "bureaucrat user" who has a similar username, as demonstrated by usernames that differ only in (1) bidirectional override symbols or (2) blank space.
CVE-2021-32054 1 Fire.ly 1 Spark 2021-05-27 4.3 MEDIUM 6.1 MEDIUM
Firely/Incendi Spark before 1.5.5-r4 lacks Content-Disposition headers in certain situations, which may cause crafted files to be delivered to clients such that they are rendered directly in a victim's web browser.
CVE-2020-4719 1 Ibm 1 Cloud Application Performance Management 2021-03-09 4.0 MEDIUM 4.9 MEDIUM
The IBM Cloud APM 8.1.4 server will issue a DNS request to resolve any hostname specified in the Cloud Event Management Webhook URL configuration definition. This could enable an authenticated user with admin authorization to create DNS query strings that are not hostnames. IBM X-Force ID: 187861.
CVE-2020-26233 1 Microsoft 1 Git Credential Manager Core 2021-02-18 3.6 LOW 7.3 HIGH
Git Credential Manager Core (GCM Core) is a secure Git credential helper built on .NET Core that runs on Windows and macOS. In Git Credential Manager Core before version 2.0.289, when recursively cloning a Git repository on Windows with submodules, Git will first clone the top-level repository and then recursively clone all submodules by starting new Git processes from the top-level working directory. If a malicious git.exe executable is present in the top-level repository then this binary will be started by Git Credential Manager Core when attempting to read configuration, and not git.exe as found on the %PATH%. This only affects GCM Core on Windows, not macOS or Linux-based distributions. GCM Core version 2.0.289 contains the fix for this vulnerability, and is available from the project's GitHub releases page. GCM Core 2.0.289 is also bundled in the latest Git for Windows release; version 2.29.2(3). As a workaround, users should avoid recursively cloning untrusted repositories with the --recurse-submodules option.
CVE-2020-35894 1 Obstack Project 1 Obstack 2021-01-07 5.0 MEDIUM 7.5 HIGH
An issue was discovered in the obstack crate before 0.1.4 for Rust. Unaligned references can occur.
CVE-2018-0237 1 Cisco 1 Advanced Malware Protection For Endpoints 2020-09-04 5.0 MEDIUM 5.8 MEDIUM
A vulnerability in the file type detection mechanism of the Cisco Advanced Malware Protection (AMP) for Endpoints macOS Connector could allow an unauthenticated, remote attacker to bypass malware detection. The vulnerability occurs because the software relies on only the file extension for detecting DMG files. An attacker could exploit this vulnerability by sending a DMG file with a nonstandard extension to a device that is running an affected AMP for Endpoints macOS Connector. An exploit could allow the attacker to bypass configured malware detection. Cisco Bug IDs: CSCve34034.
CVE-2019-9616 1 Ofcms Project 1 Ofcms 2020-08-24 6.5 MEDIUM 7.2 HIGH
An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider (for example) file.jsp::$DATA to the admin/ueditor/uploadScrawl URI.
CVE-2019-9901 1 Envoyproxy 1 Envoy 2020-08-24 7.5 HIGH 10.0 CRITICAL
Envoy 1.9.0 and before does not normalize HTTP URL paths. A remote attacker may craft a relative path, e.g., something/../admin, to bypass access control, e.g., a block on /admin. A backend server could then interpret the non-normalized path and provide an attacker access beyond the scope provided for by the access control policy.