WooCommerce Checkout Field Manager < 18.0 - Arbitrary File Upload

The WooCommerce Checkout Field Manager WordPress plugin before 18.0 does not validate files to be uploaded, which could allow unauthenticated attackers to upload arbitrary files such as PHP on the server. id: CVE-2022-4328 info: name: WooCommerce Checkout Field Manager 18.0 - Arbitrary File Uploa...

RHSA-2023:4328

creationtimestamp| type| source ---|---|--- 2025-08-30 05:19:30+00:00| seen| Telegram/ORjytOUnJ6OdIr9jvK8mYAxcX7ZF6MJ8DscWx1gU9xTGos...

CVE-2025-4328

A vulnerability was found in fp2952 spring-cloud-base up to 7f050dc6db9afab82c5ce1d41cd74ed255ec9bfa. It has been declared as problematic. Affected by this vulnerability is the function sendBack of the file...

CVE-2025-4328

creationtimestamp| type| source ---|---|--- 2025-05-06 07:20:29+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/15068 2025-05-06 10:17:51+00:00| seen| https://t.me/cvedetector/24563...

CVE-2025-4328

CVE-2025-4328 affects the Spring Cloud Base project (component: HTTP Header Handler), specifically the function sendBack in MvcController.java. The vulnerability arises from improper handling of the Referer parameter, enabling an open redirect. Impact is described as remote exploitation with the ...

CVE-2025-4328 fp2952 spring-cloud-base HTTP Header MvcController.java sendBack redirect

A vulnerability was found in fp2952 spring-cloud-base up to 7f050dc6db9afab82c5ce1d41cd74ed255ec9bfa. It has been declared as problematic. Affected by this vulnerability is the function sendBack of the file...

CVE-2025-4328 fp2952 spring-cloud-base HTTP Header MvcController.java sendBack redirect

A vulnerability was found in fp2952 spring-cloud-base up to 7f050dc6db9afab82c5ce1d41cd74ed255ec9bfa. It has been declared as problematic. Affected by this vulnerability is the function sendBack of the file...

CVE-2023-4328

Broadcom RAID Controller web interface is vulnerable to exposure of sensitive data and the keys used for encryption are accessible to any local user on Windows...

CVE-2023-4328

CVE-2023-4328 affects the Broadcom RAID Controller web interface. The vulnerability allows exposure of encryption keys and other sensitive data to any local user on Windows through the web interface, with impact to confidentiality (C:H) and local attack vector. CVSS: Local access, low privileges,...

Oracle Linux 8 : samba (ELSA-2023-4328)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-4328 advisory. 4.17.5-3.0.1 - Fix memleak in nsswinbindinitgroupsdyn Orabug: 34727815 - Gluster volumes not accessible via Samba due to missing samba-vfs-glusterfs in OL8...

RHEL 8 : samba (RHSA-2023:4328)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:4328 advisory. Samba is an open-source implementation of the Server Message Block SMB protocol and the related Common Internet File System CIFS protocol, which allo...

WordPress WooCommerce Checkout Field Manager Plugin < 18.0 is vulnerable to Arbitrary File Upload

Software WooCommerce Checkout Field Manager Type Plugin Vulnerable versions 18.0 Fixed in 18.0 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2022-4328 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 8dcb3ac5c4ef Credits cydave Required privilege...

CVE-2022-4328

creationtimestamp| type| source ---|---|--- 2023-03-06 16:12:49+00:00| seen| https://t.me/cibsecurity/59475 2025-01-26 00:00:00+00:00| seen| The Shadowserver honeypot/common-vulnerabilities - 2025-01-26 2025-01-31 00:00:00+00:00| seen| The Shadowserver honeypot/common-vulnerabilities - 2025-01-31...

CVE-2022-4328

The CVE-2022-4328 entry concerns the WordPress plugin WooCommerce Checkout Field Manager (before 18.0). The vulnerability arises from failure to validate uploaded files in the cfom_upload_file action, enabling unauthenticated remote arbitrary file uploads (e.g., PHP) to the server. Impact is desc...

CVE-2022-4328 WooCommerce Checkout Field Manager < 18.0 - Unauthenticated Arbitrary File Upload

The WooCommerce Checkout Field Manager WordPress plugin before 18.0 does not validate files to be uploaded, which could allow unauthenticated attackers to upload arbitrary files such as PHP on the server...

CVE-2021-4328

creationtimestamp| type| source ---|---|--- 2023-03-02 22:34:39+00:00| seen| https://t.me/cibsecurity/59337...

CVE-2021-4328

CVE-2021-4328 affects 狮子鱼CMS; the SQL injection vulnerability resides in goods_detail (ApiController.class.php) via the goods_id parameter. Exploitation can be performed remotely, and public exploit details have been disclosed. The product does not use versioning, so information about affected/un...

Wordfence Intelligence CE Weekly Vulnerability Report (Feb 13, 2023 to Feb 19, 2023)

Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence Community Edition. This database is continuously updated, maintained, and populated by Wordfences highly credentialed and experienced...

SUSE CVE-2011-4328

plugin/npapi/plugin.cpp in Gnash before 0.8.10 uses weak permissions world readable for cookie files with predictable names in /tmp, which allows local users to obtain sensitive information...

Security Bulletin: Financial Transaction Manager for Digital Payments is affected by a potential SQL Injection CVE-2020-4328

Summary Financial Transaction Manager for Digital Payments FTM DP for Multi-Platform has addressed the following vulnerability. SQL Injection on some of the screens. Vulnerability Details CVEID: CVE-2020-4328 DESCRIPTION: IBM Financial Transaction Manager is vulnerable to SQL injection. A remote...