Enable SVG, WebP & ICO Upload Security Vulnerabilities

CVE-2024-34716

PrestaShop is an open source e-commerce web application. A cross-site scripting (XSS) vulnerability that only affects PrestaShops with customer-thread feature flag enabled is present starting from PrestaShop 8.1.0 and prior to PrestaShop 8.1.6. When the customer thread feature flag is enabled...

CVE-2024-33006

An unauthenticated attacker can upload a malicious file to the server which when accessed by a victim can allow an attacker to completely compromise...

CVE-2024-33006

An unauthenticated attacker can upload a malicious file to the server which when accessed by a victim can allow an attacker to completely compromise...

CVE-2024-32731

SAP My Travel Requests does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. On successful exploitation, the attacker can upload a malicious attachment to a business trip request which will lead to a low impact on the confidentiality,...

CVE-2024-32731

SAP My Travel Requests does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. On successful exploitation, the attacker can upload a malicious attachment to a business trip request which will lead to a low impact on the confidentiality,...

CVE-2024-27945

A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). The bulk import feature of the affected systems allow a privileged user to upload files to the root installation directory of the system. By replacing specific files, an attacker could tamper specific files or even....

CVE-2024-27945

A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). The bulk import feature of the affected systems allow a privileged user to upload files to the root installation directory of the system. By replacing specific files, an attacker could tamper specific files or even....

CVE-2024-27944

A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). The affected systems allow a privileged user to upload firmware files to the root installation directory of the system. By replacing specific files, an attacker could tamper specific files or even achieve remote cod...

CVE-2024-27944

A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). The affected systems allow a privileged user to upload firmware files to the root installation directory of the system. By replacing specific files, an attacker could tamper specific files or even achieve remote cod...

CVE-2024-27943

A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). The affected systems allow a privileged user to upload generic files to the root installation directory of the system. By replacing specific files, an attacker could tamper specific files or even achieve remote code...

CVE-2024-27943

A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). The affected systems allow a privileged user to upload generic files to the root installation directory of the system. By replacing specific files, an attacker could tamper specific files or even achieve remote code...

CVE-2024-27939

A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). The affected systems allow the upload of arbitrary files of any unauthenticated user. An attacker could leverage this vulnerability and achieve arbitrary code execution with system...

CVE-2024-27939

A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). The affected systems allow the upload of arbitrary files of any unauthenticated user. An attacker could leverage this vulnerability and achieve arbitrary code execution with system...

CVE-2024-34716 PrestaShop vulnerable to XSS via customer contact form in FO, through file upload

PrestaShop is an open source e-commerce web application. A cross-site scripting (XSS) vulnerability that only affects PrestaShops with customer-thread feature flag enabled is present starting from PrestaShop 8.1.0 and prior to PrestaShop 8.1.6. When the customer thread feature flag is enabled...

CVE-2024-34716 PrestaShop vulnerable to XSS via customer contact form in FO, through file upload

PrestaShop is an open source e-commerce web application. A cross-site scripting (XSS) vulnerability that only affects PrestaShops with customer-thread feature flag enabled is present starting from PrestaShop 8.1.0 and prior to PrestaShop 8.1.6. When the customer thread feature flag is enabled...

CVE-2024-4825

A vulnerability has been discovered in Agentejo Cockpit CMS v0.5.5 that consists in an arbitrary file upload in ‘/media/api’ parameter via post request. An attacker could upload files to the server, compromising the entire...

CVE-2024-4825

A vulnerability has been discovered in Agentejo Cockpit CMS v0.5.5 that consists in an arbitrary file upload in ‘/media/api’ parameter via post request. An attacker could upload files to the server, compromising the entire...

CVE-2024-4820

A vulnerability was found in SourceCodester Online Computer and Laptop Store 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /classes/SystemSettings.php?f=update_settings. The manipulation leads to unrestricted upload. The attack can be....

CVE-2024-4820

A vulnerability was found in SourceCodester Online Computer and Laptop Store 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /classes/SystemSettings.php?f=update_settings. The manipulation leads to unrestricted upload. The attack can be....

CVE-2024-4809

A vulnerability has been found in SourceCodester Open Source Clinic Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file setting.php. The manipulation of the argument logo leads to unrestricted upload. The attack can be launched...

CVE-2024-4809

A vulnerability has been found in SourceCodester Open Source Clinic Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file setting.php. The manipulation of the argument logo leads to unrestricted upload. The attack can be launched...

CVE-2024-4681

A vulnerability, which was classified as critical, was found in Campcodes Legal Case Management System 1.0. Affected is an unknown function of the file /admin/general-setting of the component Setting Handler. The manipulation of the argument favicon/logo leads to unrestricted upload. It is...

CVE-2024-4681

A vulnerability, which was classified as critical, was found in Campcodes Legal Case Management System 1.0. Affected is an unknown function of the file /admin/general-setting of the component Setting Handler. The manipulation of the argument favicon/logo leads to unrestricted upload. It is...

CVE-2024-4560

The Kognetiks Chatbot for WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the chatbot_chatgpt_upload_file_to_assistant function in all versions up to, and including, 1.9.9. This makes it possible for unauthenticated attackers, with to...

CVE-2024-4560

The Kognetiks Chatbot for WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the chatbot_chatgpt_upload_file_to_assistant function in all versions up to, and including, 1.9.9. This makes it possible for unauthenticated attackers, with to...

CVE-2024-4487

The Blocksy Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG uploads in versions up to, and including, 2.0.45 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and...

CVE-2024-4487

The Blocksy Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG uploads in versions up to, and including, 2.0.45 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and...

CVE-2024-4397

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'save_post_materials' function in versions up to, and including, 4.2.6.5. This makes it possible for authenticated attackers, with Instructor-level...

CVE-2024-4397

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'save_post_materials' function in versions up to, and including, 4.2.6.5. This makes it possible for authenticated attackers, with Instructor-level...

CVE-2024-34555

Unrestricted Upload of File with Dangerous Type vulnerability in URBAN BASE Z-Downloads.This issue affects Z-Downloads: from n/a through...

CVE-2024-34555

Unrestricted Upload of File with Dangerous Type vulnerability in URBAN BASE Z-Downloads.This issue affects Z-Downloads: from n/a through...

CVE-2024-34440

Unrestricted Upload of File with Dangerous Type vulnerability in Jordy Meow AI Engine: ChatGPT Chatbot.This issue affects AI Engine: ChatGPT Chatbot: from n/a through...

CVE-2024-34440

Unrestricted Upload of File with Dangerous Type vulnerability in Jordy Meow AI Engine: ChatGPT Chatbot.This issue affects AI Engine: ChatGPT Chatbot: from n/a through...

CVE-2024-34416

Unrestricted Upload of File with Dangerous Type vulnerability in Pk Favicon Manager.This issue affects Pk Favicon Manager: from n/a through...

CVE-2024-34416

Unrestricted Upload of File with Dangerous Type vulnerability in Pk Favicon Manager.This issue affects Pk Favicon Manager: from n/a through...

CVE-2024-34411

Unrestricted Upload of File with Dangerous Type vulnerability in Thomas Scholl canvasio3D Light.This issue affects canvasio3D Light: from n/a through...

CVE-2024-34411

Unrestricted Upload of File with Dangerous Type vulnerability in Thomas Scholl canvasio3D Light.This issue affects canvasio3D Light: from n/a through...

CVE-2024-32700

Unrestricted Upload of File with Dangerous Type vulnerability in Kognetiks Kognetiks Chatbot for WordPress.This issue affects Kognetiks Chatbot for WordPress: from n/a through...

CVE-2024-32700

Unrestricted Upload of File with Dangerous Type vulnerability in Kognetiks Kognetiks Chatbot for WordPress.This issue affects Kognetiks Chatbot for WordPress: from n/a through...

CVE-2024-31377

Unrestricted Upload of File with Dangerous Type vulnerability in J.N. Breetvelt a.K.A. OpaJaap WP Photo Album Plus.This issue affects WP Photo Album Plus: from n/a through...

CVE-2024-31377

Unrestricted Upload of File with Dangerous Type vulnerability in J.N. Breetvelt a.K.A. OpaJaap WP Photo Album Plus.This issue affects WP Photo Album Plus: from n/a through...

CVE-2024-2299

A stored Cross-Site Scripting (XSS) vulnerability exists in the parisneo/lollms-webui application due to improper validation of uploaded files in the profile picture upload functionality. Attackers can exploit this vulnerability by uploading malicious HTML files containing JavaScript code, which...

CVE-2024-2299

A stored Cross-Site Scripting (XSS) vulnerability exists in the parisneo/lollms-webui application due to improper validation of uploaded files in the profile picture upload functionality. Attackers can exploit this vulnerability by uploading malicious HTML files containing JavaScript code, which...

Exploit for CVE-2024-27956

WordPress Admin Account Creation and Reverse Shell...

Exploit for CVE-2024-27956

WordPress Admin Account Creation and Reverse Shell...

CVE-2023-50717

NocoDB is software for building databases as spreadsheets. Starting in verson 0.202.6 and prior to version 0.202.10, an attacker can upload a html file with malicious content. If user tries to open that file in browser malicious scripts can be executed leading stored cross-site scripting attack....

CVE-2023-50717

NocoDB is software for building databases as spreadsheets. Starting in verson 0.202.6 and prior to version 0.202.10, an attacker can upload a html file with malicious content. If user tries to open that file in browser malicious scripts can be executed leading stored cross-site scripting attack....

CVE-2023-47711

IBM Security Guardium 11.3, 11.4, 11.5, and 12.0 could allow an authenticated user to upload files that would cause a denial of service. IBM X-Force ID: ...

CVE-2023-47711

IBM Security Guardium 11.3, 11.4, 11.5, and 12.0 could allow an authenticated user to upload files that would cause a denial of service. IBM X-Force ID: ...

CVE-2024-27945

A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). The bulk import feature of the affected systems allow a privileged user to upload files to the root installation directory of the system. By replacing specific files, an attacker could tamper specific files or even....