14 matches found
EUVD-2021-15624
Malware in sbrugna...
PT-2023-26497 · Openrapid · Openrapid Rapidcms
Name of the Vulnerable Software and Affected Versions: OpenRapid RapidCMS versions up to 1.3.1 Description: A critical issue affects the file /admin/upload.php, where the manipulation of the file argument leads to unrestricted upload. The attack can be initiated remotely. The exploit has been...
CVE-2020-23572
CVE-2020-23572 concerns BEESCMS v4.0, where an arbitrary file upload vulnerability in the /admin/upload.php component enables attackers to execute arbitrary code via a crafted image file. Multiple sources (NVD, Red Hat, CNVD, CVE listings) confirm the issue and its impact; CVSSv3.1 base score is ...
GetSimple CMS Remote Code Execution Vulnerability (CNVD-2021-45301)
GetSimple CMS is an XML-based, completely self-contained, streamlined content management system. A remote code execution vulnerability exists in admin/upload.php in GetSimple CMS versions prior to 3.3.16. An attacker can exploit this vulnerability to achieve remote code execution via phar files...
GetSimple CMS Cross-Site Scripting Vulnerability (CNVD-2021-45142)
GetSimple CMS is an XML-based, completely self-contained, streamlined content management system. A cross-site scripting vulnerability exists in admin/upload.php in GetSimple CMS version 3.3.16. The vulnerability can be exploited to conduct cross-site scripting attacks by adding comments to the...
CVE-2021-28976
Remote Code Execution vulnerability in GetSimpleCMS before 3.3.16 in admin/upload.php via phar filess...
CVE-2021-28977
Cross Site Scripting vulnerability in GetSimpleCMS 3.3.16 in admin/upload.php by adding comments or jpg and other file header information to the content of xla, pages, and gzip files,...
CVE-2021-28977
Cross Site Scripting vulnerability in GetSimpleCMS 3.3.16 in admin/upload.php by adding comments or jpg and other file header information to the content of xla, pages, and gzip files,...
CVE-2021-28976
Remote Code Execution vulnerability in GetSimpleCMS before 3.3.16 in admin/upload.php via phar filess...
CVE-2015-9471
CVE-2015-9471 affects the WordPress plugin dzs-zoomsounds (2.0), where an admin/upload.php arbitrary file upload vulnerability exists. The issue is tied to the dzs-zoomsounds WordPress plugin and results in potential unauthorized file uploads via its admin interface. The initial description state...
CVE-2018-19421
In GetSimpleCMS 3.3.15, admin/upload.php blocks .html uploads but Internet Explorer render HTML elements in a .eml file, because of admin/upload-uploadify.php, and validatesafefile in admin/inc/securityfunctions.php...
CVE-2018-19421
CVE-2018-19421 affects GetSimpleCMS 3.3.15. The vulnerability arises in the upload handling: admin/upload-uploadify.php and the validation routine in admin/inc/security_functions.php interact with admin/upload.php, which blocks .html uploads but allows Internet Explorer to render HTML elements co...
Developed by vehement Upload Vulnerability
Exploit for php platform in category web applications ========================================== Developed by vehement Upload Vulnerability ========================================== Author : Emre5807 Homepage : http://www.1923turk.com Dork " Developed by www.vehement.in " Developed by...
CVE-2008-1273
CVE-2008-1273 concerns multiple XSS vulnerabilities in imageVue 1.7. The affected functionality is in the upload directory, with vulnerable entry points at popup.php, test/dir2.php, admin/upload.php, and dirxml.php. The underlying issue is that the path parameter is not properly sanitized, enabli...