Lucene search

K

Enable SVG, WebP & ICO Upload Security Vulnerabilities

nvd
nvd

CVE-2024-34990

In the module "Help Desk - Customer Support Management System" (helpdesk) up to version 2.4.0 from FME Modules for PrestaShop, a customer can upload .php files. Methods HelpdeskHelpdeskModuleFrontController::submitTicket() and HelpdeskHelpdeskModuleFrontController::replyTicket() allow upload of...

0.0004EPSS

2024-06-19 09:15 PM
3
cve
cve

CVE-2024-34990

In the module "Help Desk - Customer Support Management System" (helpdesk) up to version 2.4.0 from FME Modules for PrestaShop, a customer can upload .php files. Methods HelpdeskHelpdeskModuleFrontController::submitTicket() and HelpdeskHelpdeskModuleFrontController::replyTicket() allow upload of...

7.2AI Score

0.0004EPSS

2024-06-19 09:15 PM
22
nvd
nvd

CVE-2024-33836

In the module "JA Marketplace" (jamarketplace) up to version 9.0.1 from JA Module for PrestaShop, a guest can upload files with extensions .php. In version 6.X, the method JmarketplaceproductModuleFrontController::init() and in version 8.X, the method...

0.0004EPSS

2024-06-19 09:15 PM
3
cve
cve

CVE-2024-33836

In the module "JA Marketplace" (jamarketplace) up to version 9.0.1 from JA Module for PrestaShop, a guest can upload files with extensions .php. In version 6.X, the method JmarketplaceproductModuleFrontController::init() and in version 8.X, the method...

6.7AI Score

0.0004EPSS

2024-06-19 09:15 PM
22
cve
cve

CVE-2024-22263

Spring Cloud Data Flow is a microservices-based Streaming and Batch data processing in Cloud Foundry and Kubernetes. The Skipper server has the ability to receive upload package requests. However, due to improper sanitization for upload path, a malicious user who has access to skipper server api...

8.8CVSS

8.7AI Score

0.0004EPSS

2024-06-19 03:15 PM
29
nvd
nvd

CVE-2024-22263

Spring Cloud Data Flow is a microservices-based Streaming and Batch data processing in Cloud Foundry and Kubernetes. The Skipper server has the ability to receive upload package requests. However, due to improper sanitization for upload path, a malicious user who has access to skipper server api...

8.8CVSS

0.0004EPSS

2024-06-19 03:15 PM
1
cvelist
cvelist

CVE-2024-22263 Arbitrary File Write Vulnerability in Spring Cloud Data Flow

Spring Cloud Data Flow is a microservices-based Streaming and Batch data processing in Cloud Foundry and Kubernetes. The Skipper server has the ability to receive upload package requests. However, due to improper sanitization for upload path, a malicious user who has access to skipper server api...

8.8CVSS

0.0004EPSS

2024-06-19 02:48 PM
5
vulnrichment
vulnrichment

CVE-2024-22263 Arbitrary File Write Vulnerability in Spring Cloud Data Flow

Spring Cloud Data Flow is a microservices-based Streaming and Batch data processing in Cloud Foundry and Kubernetes. The Skipper server has the ability to receive upload package requests. However, due to improper sanitization for upload path, a malicious user who has access to skipper server api...

8.8CVSS

7AI Score

0.0004EPSS

2024-06-19 02:48 PM
veracode
veracode

Arbitrary Code Execution

dolibarr/dolibarr is vulnerable to Arbitrary Code Execution. The vulnerability is due to improper validation of file types in the Upload Template function, allowing attackers to execute arbitrary code via uploading a crafted .SQL...

7.7AI Score

0.0004EPSS

2024-06-19 06:36 AM
1
nvd
nvd

CVE-2024-5853

The Image Optimizer, Resizer and CDN – Sirv plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the sirv_upload_file_by_chanks AJAX action in all versions up to, and including, 7.2.6. This makes it possible for authenticated attackers, with...

9.9CVSS

0.001EPSS

2024-06-19 06:15 AM
6
cve
cve

CVE-2024-6132

The Pexels: Free Stock Photos plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'pexels_fsp_images_options_validate' function in all versions up to, and including, 1.2.2. This makes it possible for authenticated attackers, with...

8.8CVSS

8.9AI Score

0.001EPSS

2024-06-19 06:15 AM
22
nvd
nvd

CVE-2024-6132

The Pexels: Free Stock Photos plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'pexels_fsp_images_options_validate' function in all versions up to, and including, 1.2.2. This makes it possible for authenticated attackers, with...

8.8CVSS

0.001EPSS

2024-06-19 06:15 AM
5
cve
cve

CVE-2024-5853

The Image Optimizer, Resizer and CDN – Sirv plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the sirv_upload_file_by_chanks AJAX action in all versions up to, and including, 7.2.6. This makes it possible for authenticated attackers, with...

9.9CVSS

9.7AI Score

0.001EPSS

2024-06-19 06:15 AM
27
nvd
nvd

CVE-2024-5208

An uncontrolled resource consumption vulnerability exists in the upload-link endpoint of mintplex-labs/anything-llm. This vulnerability allows attackers to cause a denial of service (DOS) by shutting down the server through sending invalid upload requests. Specifically, the server can be made to...

6.5CVSS

0.0004EPSS

2024-06-19 06:15 AM
4
osv
osv

CVE-2024-5208

An uncontrolled resource consumption vulnerability exists in the upload-link endpoint of mintplex-labs/anything-llm. This vulnerability allows attackers to cause a denial of service (DOS) by shutting down the server through sending invalid upload requests. Specifically, the server can be made to...

6.5CVSS

6.9AI Score

0.0004EPSS

2024-06-19 06:15 AM
cve
cve

CVE-2024-5208

An uncontrolled resource consumption vulnerability exists in the upload-link endpoint of mintplex-labs/anything-llm. This vulnerability allows attackers to cause a denial of service (DOS) by shutting down the server through sending invalid upload requests. Specifically, the server can be made to...

6.5CVSS

6.5AI Score

0.0004EPSS

2024-06-19 06:15 AM
24
vulnrichment
vulnrichment

CVE-2024-5208 Uncontrolled Resource Consumption in mintplex-labs/anything-llm

An uncontrolled resource consumption vulnerability exists in the upload-link endpoint of mintplex-labs/anything-llm. This vulnerability allows attackers to cause a denial of service (DOS) by shutting down the server through sending invalid upload requests. Specifically, the server can be made to...

6.5CVSS

7.2AI Score

0.0004EPSS

2024-06-19 06:13 AM
cvelist
cvelist

CVE-2024-5208 Uncontrolled Resource Consumption in mintplex-labs/anything-llm

An uncontrolled resource consumption vulnerability exists in the upload-link endpoint of mintplex-labs/anything-llm. This vulnerability allows attackers to cause a denial of service (DOS) by shutting down the server through sending invalid upload requests. Specifically, the server can be made to...

6.5CVSS

0.0004EPSS

2024-06-19 06:13 AM
5
cvelist
cvelist

CVE-2024-6132 Pexels: Free Stock Photos <= 1.2.2 - Authenticated (Contributor+) Arbitrary File Upload

The Pexels: Free Stock Photos plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'pexels_fsp_images_options_validate' function in all versions up to, and including, 1.2.2. This makes it possible for authenticated attackers, with...

8.8CVSS

0.001EPSS

2024-06-19 05:37 AM
8
cvelist
cvelist

CVE-2024-5853 Image Optimizer, Resizer and CDN – Sirv <= 7.2.6 - Authenticated (Contributor+) Arbitrary File Upload

The Image Optimizer, Resizer and CDN – Sirv plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the sirv_upload_file_by_chanks AJAX action in all versions up to, and including, 7.2.6. This makes it possible for authenticated attackers, with...

9.9CVSS

0.001EPSS

2024-06-19 05:37 AM
4
vulnrichment
vulnrichment

CVE-2024-6132 Pexels: Free Stock Photos <= 1.2.2 - Authenticated (Contributor+) Arbitrary File Upload

The Pexels: Free Stock Photos plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'pexels_fsp_images_options_validate' function in all versions up to, and including, 1.2.2. This makes it possible for authenticated attackers, with...

8.8CVSS

8AI Score

0.001EPSS

2024-06-19 05:37 AM
cve
cve

CVE-2024-3229

The Salon booking system plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the SLN_Action_Ajax_ImportAssistants function along with missing authorization checks in all versions up to, and including, 10.2. This makes it possible for unauthenticated.....

9.8CVSS

9.8AI Score

0.001EPSS

2024-06-19 05:15 AM
27
nvd
nvd

CVE-2024-3229

The Salon booking system plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the SLN_Action_Ajax_ImportAssistants function along with missing authorization checks in all versions up to, and including, 10.2. This makes it possible for unauthenticated.....

9.8CVSS

0.001EPSS

2024-06-19 05:15 AM
2
vulnrichment
vulnrichment

CVE-2024-3229 Salon Booking System <= 10.2 - Unauthenticated Arbitrary File Upload

The Salon booking system plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the SLN_Action_Ajax_ImportAssistants function along with missing authorization checks in all versions up to, and including, 10.2. This makes it possible for unauthenticated.....

9.8CVSS

8AI Score

0.001EPSS

2024-06-19 04:31 AM
cvelist
cvelist

CVE-2024-3229 Salon Booking System <= 10.2 - Unauthenticated Arbitrary File Upload

The Salon booking system plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the SLN_Action_Ajax_ImportAssistants function along with missing authorization checks in all versions up to, and including, 10.2. This makes it possible for unauthenticated.....

9.8CVSS

0.001EPSS

2024-06-19 04:31 AM
5
nvd
nvd

CVE-2024-2381

The AliExpress Dropshipping with AliNext Lite plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ajax_save_image function in all versions up to, and including, 3.3.5. This makes it possible for authenticated attackers, with subscriber-level...

8.8CVSS

0.001EPSS

2024-06-19 04:15 AM
4
cve
cve

CVE-2024-2381

The AliExpress Dropshipping with AliNext Lite plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ajax_save_image function in all versions up to, and including, 3.3.5. This makes it possible for authenticated attackers, with subscriber-level...

8.8CVSS

8.9AI Score

0.001EPSS

2024-06-19 04:15 AM
25
cvelist
cvelist

CVE-2024-2381 AliExpress Dropshipping with AliNext Lite <= 3.3.5 - Authenticated (Subscriber+) Arbitrary File Upload

The AliExpress Dropshipping with AliNext Lite plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ajax_save_image function in all versions up to, and including, 3.3.5. This makes it possible for authenticated attackers, with subscriber-level...

8.8CVSS

0.001EPSS

2024-06-19 03:12 AM
4
cvelist
cvelist

CVE-2024-34990

In the module "Help Desk - Customer Support Management System" (helpdesk) up to version 2.4.0 from FME Modules for PrestaShop, a customer can upload .php files. Methods HelpdeskHelpdeskModuleFrontController::submitTicket() and HelpdeskHelpdeskModuleFrontController::replyTicket() allow upload of...

0.0004EPSS

2024-06-19 12:00 AM
cvelist
cvelist

CVE-2024-33836

In the module "JA Marketplace" (jamarketplace) up to version 9.0.1 from JA Module for PrestaShop, a guest can upload files with extensions .php. In version 6.X, the method JmarketplaceproductModuleFrontController::init() and in version 8.X, the method...

0.0004EPSS

2024-06-19 12:00 AM
packetstorm

7.4AI Score

2024-06-19 12:00 AM
83
vulnrichment
vulnrichment

CVE-2024-33836

In the module "JA Marketplace" (jamarketplace) up to version 9.0.1 from JA Module for PrestaShop, a guest can upload files with extensions .php. In version 6.X, the method JmarketplaceproductModuleFrontController::init() and in version 8.X, the method...

7AI Score

0.0004EPSS

2024-06-19 12:00 AM
osv
osv

Dolibarr arbitrary file upload vulnerability

An arbitrary file upload vulnerability in the Upload Template function of Dolibarr ERP CRM up to v19.0.1 allows attackers to execute arbitrary code via uploading a crafted .SQL...

7.7AI Score

0.0004EPSS

2024-06-18 09:30 PM
4
github
github

Dolibarr arbitrary file upload vulnerability

An arbitrary file upload vulnerability in the Upload Template function of Dolibarr ERP CRM up to v19.0.1 allows attackers to execute arbitrary code via uploading a crafted .SQL...

7.7AI Score

0.0004EPSS

2024-06-18 09:30 PM
2
cve
cve

CVE-2024-37821

An arbitrary file upload vulnerability in the Upload Template function of Dolibarr ERP CRM up to v19.0.1 allows attackers to execute arbitrary code via uploading a crafted .SQL...

8AI Score

0.0004EPSS

2024-06-18 08:15 PM
22
nvd
nvd

CVE-2024-37821

An arbitrary file upload vulnerability in the Upload Template function of Dolibarr ERP CRM up to v19.0.1 allows attackers to execute arbitrary code via uploading a crafted .SQL...

0.0004EPSS

2024-06-18 08:15 PM
3
thn
thn

Signal Foundation Warns Against EU's Plan to Scan Private Messages for CSAM

A controversial proposal put forth by the European Union to scan users' private messages for detection of child sexual abuse material (CSAM) poses severe risks to end-to-end encryption (E2EE), warned Meredith Whittaker, president of the Signal Foundation, which maintains the privacy-focused...

6.8AI Score

2024-06-18 04:22 PM
20
cve
cve

CVE-2024-6116

A vulnerability, which was classified as critical, has been found in itsourcecode Simple Online Hotel Reservation System 1.0. Affected by this issue is some unknown functionality of the file edit_room.php. The manipulation of the argument photo leads to unrestricted upload. The attack may be...

7.3CVSS

7.2AI Score

0.0004EPSS

2024-06-18 02:15 PM
25
nvd
nvd

CVE-2024-6116

A vulnerability, which was classified as critical, has been found in itsourcecode Simple Online Hotel Reservation System 1.0. Affected by this issue is some unknown functionality of the file edit_room.php. The manipulation of the argument photo leads to unrestricted upload. The attack may be...

7.3CVSS

0.0004EPSS

2024-06-18 02:15 PM
1
vulnrichment
vulnrichment

CVE-2024-6116 itsourcecode Simple Online Hotel Reservation System edit_room.php unrestricted upload

A vulnerability, which was classified as critical, has been found in itsourcecode Simple Online Hotel Reservation System 1.0. Affected by this issue is some unknown functionality of the file edit_room.php. The manipulation of the argument photo leads to unrestricted upload. The attack may be...

7.3CVSS

7.1AI Score

0.0004EPSS

2024-06-18 01:31 PM
3
cvelist
cvelist

CVE-2024-6116 itsourcecode Simple Online Hotel Reservation System edit_room.php unrestricted upload

A vulnerability, which was classified as critical, has been found in itsourcecode Simple Online Hotel Reservation System 1.0. Affected by this issue is some unknown functionality of the file edit_room.php. The manipulation of the argument photo leads to unrestricted upload. The attack may be...

7.3CVSS

0.0004EPSS

2024-06-18 01:31 PM
2
cve
cve

CVE-2024-6115

A vulnerability classified as critical was found in itsourcecode Simple Online Hotel Reservation System 1.0. Affected by this vulnerability is an unknown functionality of the file add_room.php. The manipulation of the argument photo leads to unrestricted upload. The attack can be launched...

7.3CVSS

7.3AI Score

0.0004EPSS

2024-06-18 01:15 PM
22
nvd
nvd

CVE-2024-6115

A vulnerability classified as critical was found in itsourcecode Simple Online Hotel Reservation System 1.0. Affected by this vulnerability is an unknown functionality of the file add_room.php. The manipulation of the argument photo leads to unrestricted upload. The attack can be launched...

7.3CVSS

0.0004EPSS

2024-06-18 01:15 PM
1
cve
cve

CVE-2024-6114

A vulnerability classified as critical has been found in itsourcecode Monbela Tourist Inn Online Reservation System up to 1.0. Affected is an unknown function of the file controller.php. The manipulation of the argument image leads to unrestricted upload. It is possible to launch the attack...

7.3CVSS

7.3AI Score

0.0004EPSS

2024-06-18 01:15 PM
21
nvd
nvd

CVE-2024-6114

A vulnerability classified as critical has been found in itsourcecode Monbela Tourist Inn Online Reservation System up to 1.0. Affected is an unknown function of the file controller.php. The manipulation of the argument image leads to unrestricted upload. It is possible to launch the attack...

7.3CVSS

0.0004EPSS

2024-06-18 01:15 PM
1
nuclei
nuclei

Smart S210 Management Platform - Arbitary File Upload

A vulnerability has been found in Byzoro Smart S210 Management Platform up to 20240117 and classified as critical. This vulnerability affects unknown code of the file /Tool/uploadfile.php. The manipulation of the argument file_upload leads to unrestricted...

9.8CVSS

7.1AI Score

0.027EPSS

2024-06-18 01:05 PM
5
cvelist
cvelist

CVE-2024-6115 itsourcecode Simple Online Hotel Reservation System add_room.php unrestricted upload

A vulnerability classified as critical was found in itsourcecode Simple Online Hotel Reservation System 1.0. Affected by this vulnerability is an unknown functionality of the file add_room.php. The manipulation of the argument photo leads to unrestricted upload. The attack can be launched...

7.3CVSS

0.0004EPSS

2024-06-18 01:00 PM
1
vulnrichment
vulnrichment

CVE-2024-6115 itsourcecode Simple Online Hotel Reservation System add_room.php unrestricted upload

A vulnerability classified as critical was found in itsourcecode Simple Online Hotel Reservation System 1.0. Affected by this vulnerability is an unknown functionality of the file add_room.php. The manipulation of the argument photo leads to unrestricted upload. The attack can be launched...

7.3CVSS

7AI Score

0.0004EPSS

2024-06-18 01:00 PM
cvelist
cvelist

CVE-2024-6114 itsourcecode Monbela Tourist Inn Online Reservation System controller.php unrestricted upload

A vulnerability classified as critical has been found in itsourcecode Monbela Tourist Inn Online Reservation System up to 1.0. Affected is an unknown function of the file controller.php. The manipulation of the argument image leads to unrestricted upload. It is possible to launch the attack...

7.3CVSS

0.0004EPSS

2024-06-18 01:00 PM
1
nvd
nvd

CVE-2024-6110

A vulnerability was found in itsourcecode Magbanua Beach Resort Online Reservation System up to 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file controller.php. The manipulation of the argument image leads to unrestricted upload. The attack may...

7.3CVSS

0.0004EPSS

2024-06-18 12:15 PM
1
Total number of security vulnerabilities68757