Total
2865 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-24720 | 1 Readium | 1 Readium-js | 2025-02-11 | 9.8 Critical |
| An arbitrary file upload vulnerability in readium-js v0.32.0 allows attackers to execute arbitrary code via uploading a crafted EPUB file. | ||||
| CVE-2023-28731 | 1 Acymailing | 1 Acymailing | 2025-02-11 | 9.8 Critical |
| AnyMailing Joomla Plugin is vulnerable to unauthenticated remote code execution, when being granted access to the campaign's creation on front-office due to unrestricted file upload allowing PHP code to be injected. This issue affects AnyMailing Joomla Plugin Enterprise in versions below 8.3.0. | ||||
| CVE-2022-47190 | 1 Generex | 2 Cs141, Cs141 Firmware | 2025-02-11 | 10 Critical |
| Generex UPS CS141 below 2.06 version, could allow a remote attacker to upload a firmware file containing a webshell that could allow him to execute arbitrary code as root. | ||||
| CVE-2022-47191 | 1 Generex | 2 Cs141, Cs141 Firmware | 2025-02-11 | 4.3 Medium |
| Generex UPS CS141 below 2.06 version, could allow a remote attacker to upload a firmware file containing a file with modified permissions, allowing him to escalate privileges. | ||||
| CVE-2023-28833 | 1 Nextcloud | 1 Nextcloud Server | 2025-02-11 | 2.4 Low |
| Nextcloud server is an open source home cloud implementation. In affected versions admins of a server were able to upload a logo or a favicon and to provided a file name which was not restricted and could overwrite files in the appdata directory. Administrators may have access to overwrite these files by other means but this method could be exploited by tricking an admin into uploading a maliciously named file. It is recommended that the Nextcloud Server is upgraded to 24.0.10 or 25.0.4. Users unable to upgrade should avoid ingesting logo files from untrusted sources. | ||||
| CVE-2020-19802 | 1 Doyocms Project | 1 Doyocms | 2025-02-11 | 9.8 Critical |
| File Upload vulnerability found in Milken DoyoCMS v.2.3 allows a remote attacker to execute arbitrary code via the upload file type parameter. | ||||
| CVE-2024-5247 | 1 Netgear | 1 Prosafe Network Management System | 2025-02-11 | 8.8 High |
| NETGEAR ProSAFE Network Management System UpLoadServlet Unrestricted File Upload Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. Authentication is required to exploit this vulnerability. The specific flaw exists within the UpLoadServlet class. The issue results from the lack of proper validation of user-supplied data, which can allow the upload of arbitrary files. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-22923. | ||||
| CVE-2023-1728 | 1 Fernus | 1 Learning Management Systems | 2025-02-11 | 9.8 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in Fernus Informatics LMS allows OS Command Injection, Server Side Include (SSI) Injection.This issue affects LMS: before 23.04.03. | ||||
| CVE-2023-1826 | 1 Oretnom23 | 1 Online Computer And Laptop Store | 2025-02-11 | 6.3 Medium |
| A vulnerability, which was classified as critical, was found in SourceCodester Online Computer and Laptop Store 1.0. This affects an unknown part of the file php-ocls\admin\system_info\index.php. The manipulation of the argument img leads to unrestricted upload. It is possible to initiate the attack remotely. The identifier VDB-224841 was assigned to this vulnerability. | ||||
| CVE-2023-27179 | 1 Gdidees | 1 Gdidees Cms | 2025-02-11 | 7.5 High |
| GDidees CMS v3.9.1 and lower was discovered to contain an arbitrary file download vulenrability via the filename parameter at /_admin/imgdownload.php. | ||||
| CVE-2023-27178 | 1 Gdidees | 1 Gdidees Cms | 2025-02-11 | 9.8 Critical |
| An arbitrary file upload vulnerability in the upload function of GDidees CMS 3.9.1 allows attackers to execute arbitrary code via a crafted file. | ||||
| CVE-2024-4809 | 1 Nikhil-bhalerao | 1 Open Source Clinic Management System | 2025-02-11 | 6.3 Medium |
| A vulnerability has been found in SourceCodester Open Source Clinic Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file setting.php. The manipulation of the argument logo leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263929 was assigned to this vulnerability. | ||||
| CVE-2024-4820 | 1 Oretnom23 | 1 Online Computer And Laptop Store | 2025-02-11 | 6.3 Medium |
| A vulnerability was found in SourceCodester Online Computer and Laptop Store 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /classes/SystemSettings.php?f=update_settings. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263941 was assigned to this vulnerability. | ||||
| CVE-2024-5518 | 1 Emiloimagtolis | 1 Online Discussion Forum | 2025-02-11 | 6.3 Medium |
| A vulnerability classified as critical has been found in itsourcecode Online Discussion Forum 1.0. This affects an unknown part of the file change_profile_picture.php. The manipulation of the argument image leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-266589 was assigned to this vulnerability. | ||||
| CVE-2024-57408 | 2025-02-11 | 7.2 High | ||
| An arbitrary file upload vulnerability in the component /comm/upload of cool-admin-java v1.0 allows attackers to execute arbitrary code via uploading a crafted file. | ||||
| CVE-2024-3948 | 1 Library System Project | 1 Library System | 2025-02-10 | 6.3 Medium |
| A vulnerability was found in SourceCodester Home Clean Service System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file \admin\student.add.php of the component Photo Handler. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-261440. | ||||
| CVE-2024-3436 | 1 Fast5 | 1 Prison Management System | 2025-02-10 | 6.3 Medium |
| A vulnerability was found in SourceCodester Prison Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /Admin/edit-photo.php of the component Avatar Handler. The manipulation of the argument avatar leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-259630 is the identifier assigned to this vulnerability. | ||||
| CVE-2023-29625 | 1 Employee Performance Evaluation System Project | 1 Employee Performance Evaluation System | 2025-02-10 | 8.8 High |
| Employee Performance Evaluation System v1.0 was discovered to contain an arbitrary file upload vulnerability which allows attackers to execute arbitrary code via a crafted file uploaded to the server. | ||||
| CVE-2023-26852 | 1 Textpattern | 1 Textpattern | 2025-02-10 | 7.2 High |
| An arbitrary file upload vulnerability in the upload plugin of Textpattern v4.8.8 and below allows attackers to execute arbitrary code by uploading a crafted PHP file. | ||||
| CVE-2024-3437 | 1 Fast5 | 1 Prison Management System | 2025-02-10 | 7.3 High |
| A vulnerability was found in SourceCodester Prison Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /Admin/add-admin.php of the component Avatar Handler. The manipulation of the argument avatar leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259631. | ||||