Total
2866 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-30264 | 1 Cltphp | 1 Cltphp | 2025-01-29 | 9.8 Critical |
| CLTPHP <=6.0 is vulnerable to Unrestricted Upload of File with Dangerous Type via application/admin/controller/Template.php:update. | ||||
| CVE-2023-30090 | 1 Sem-cms | 1 Semcms | 2025-01-29 | 9.8 Critical |
| Semcms Shop v4.2 was discovered to contain an arbitrary file uplaod vulnerability via the component SEMCMS_Upfile.php. This vulnerability allows attackers to execute arbitrary code via uploading a crafted PHP file. | ||||
| CVE-2023-30122 | 1 Online Food Ordering System Project | 1 Online Food Ordering System | 2025-01-29 | 9.8 Critical |
| An arbitrary file upload vulnerability in the component /admin/ajax.php?action=save_menu of Online Food Ordering System v2.0 allows attackers to execute arbitrary code via uploading a crafted PHP file. | ||||
| CVE-2021-27280 | 1 Mblog Project | 1 Mblog | 2025-01-29 | 7.8 High |
| OS Command injection vulnerability in mblog 3.5.0 allows attackers to execute arbitrary code via crafted theme when it gets selected. | ||||
| CVE-2020-22755 | 1 Mingsoft | 1 Mcms | 2025-01-29 | 8.8 High |
| File upload vulnerability in MCMS 5.0 allows attackers to execute arbitrary code via a crafted thumbnail. A different vulnerability than CVE-2022-31943. | ||||
| CVE-2023-24507 | 1 Agilepoint | 1 Agilepoint Nx | 2025-01-29 | 8.8 High |
| AgilePoint NX v8.0 SU2.2 & SU2.3 – Insecure File Upload - Vulnerability allows insecure file upload, by an unspecified request. | ||||
| CVE-2021-28998 | 1 Cmsmadesimple | 1 Cms Made Simple | 2025-01-29 | 7.2 High |
| File upload vulnerability in CMS Made Simple through 2.2.15 allows remote authenticated attackers to gain a webshell via a crafted phar file. | ||||
| CVE-2024-55926 | 2025-01-29 | 6.3 Medium | ||
| A vulnerability found in Xerox Workplace Suite allows arbitrary file read, upload, and deletion on the server through crafted header manipulation. By exploiting improper validation of headers, attackers can gain unauthorized access to data | ||||
| CVE-2023-28128 | 1 Ivanti | 1 Avalanche | 2025-01-28 | 7.2 High |
| An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.3.x and below that could allow an attacker to achieve a remove code execution. | ||||
| CVE-2023-48777 | 1 Elementor | 1 Website Builder | 2025-01-28 | 9.9 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in Elementor.Com Elementor Website Builder.This issue affects Elementor Website Builder: from 3.3.0 through 3.18.1. | ||||
| CVE-2025-23213 | 2025-01-28 | 8.7 High | ||
| Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. The file upload feature allows to upload arbitrary files, including html and svg. Both can contain malicious content (XSS Payloads). This vulnerability is fixed in 1.5.28. | ||||
| CVE-2023-31689 | 1 Wcms | 1 Wcms | 2025-01-28 | 9.8 Critical |
| In Wcms 0.3.2, an attacker can send a crafted request from a vulnerable web application backend server /wcms/wex/html.php via the finish parameter and the textAreaCode parameter. It can write arbitrary strings into custom file names and upload any files, and write malicious code to execute scripts to trigger command execution. | ||||
| CVE-2023-31903 | 1 Freeguppy | 1 Guppy | 2025-01-27 | 9.8 Critical |
| GuppY CMS 6.00.10 is vulnerable to Unrestricted File Upload which allows remote attackers to execute arbitrary code by uploading a php file. | ||||
| CVE-2023-29930 | 1 Genesys | 1 Tftp Server | 2025-01-27 | 8.8 High |
| An issue was found in Genesys CIC Polycom phone provisioning TFTP Server all version allows a remote attacker to execute arbitrary code via the login crednetials to the TFTP server configuration page. | ||||
| CVE-2021-34076 | 1 Phpok | 1 Phpok | 2025-01-27 | 8.8 High |
| File Upload vulnerability in PHPOK 5.7.140 allows remote attackers to run arbitrary code and gain escalated privileges via crafted zip file upload. | ||||
| CVE-2025-0357 | 2025-01-27 | 9.8 Critical | ||
| The WPBookit plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'WPB_Profile_controller::handle_image_upload' function in versions up to, and including, 1.6.9. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. | ||||
| CVE-2023-2648 | 1 Weaver | 1 E-office | 2025-01-24 | 6.3 Medium |
| A vulnerability was found in Weaver E-Office 9.5. It has been classified as critical. This affects an unknown part of the file /inc/jquery/uploadify/uploadify.php. The manipulation of the argument Filedata leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-228777 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-30247 | 1 Storage Unit Rental Management System Project | 1 Storage Unit Rental Management System | 2025-01-24 | 9.8 Critical |
| File Upload vulnerability found in Oretnom23 Storage Unit Rental Management System v.1.0 allows a remote attacker to execute arbitrary code via the update_settings parameter. | ||||
| CVE-2023-29657 | 1 Extplorer | 1 Extplorer | 2025-01-24 | 8.8 High |
| eXtplorer 2.1.15 is vulnerable to Insecure Permissions. File upload in file manager allows uploading zip file containing php pages with arbitrary code executions. | ||||
| CVE-2025-24650 | 2025-01-24 | 9.1 Critical | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in Themefic Tourfic allows Upload a Web Shell to a Web Server. This issue affects Tourfic: from n/a through 2.15.3. | ||||