14 matches found
CVE-2025-63748
QaTraq 6.9.2 allows authenticated users to upload arbitrary files via the "Add Attachment" feature in the "Test Script" module. The application fails to restrict file types, enabling the upload of executable PHP files. Once uploaded, the file can be accessed through the "View Attachment" option,...
CVE-2025-63748
QaTraq 6.9.2 allows authenticated users to upload arbitrary files via the "Add Attachment" feature in the "Test Script" module. The application fails to restrict file types, enabling the upload of executable PHP files. Once uploaded, the file can be accessed through the "View Attachment" option,...
PT-2025-47158
Name of the Vulnerable Software and Affected Versions QaTraq version 6.9.2 Description Authenticated users can upload arbitrary files through the "Add Attachment" feature within the "Test Script" module. The application does not restrict file types, allowing the upload of executable PHP files...
CVE-2025-63748
QaTraq 6.9.2 allows authenticated users to upload arbitrary files via the "Add Attachment" feature in the "Test Script" module. The application fails to restrict file types, enabling the upload of executable PHP files. Once uploaded, the file can be accessed through the "View Attachment" option,...
CVE-2024-9756
The Order Attachments for WooCommerce plugin for WordPress is vulnerable to unauthorized limited arbitrary file uploads due to a missing capability check on the wcoaaddattachment AJAX action in versions 2.0 to 2.4.1. This makes it possible for authenticated attackers, with subscriber-level access...
CVE-2023-7181
A vulnerability was found in Muyun DedeBIZ up to 6.2.12 and classified as critical. Affected by this issue is some unknown functionality of the component Add Attachment Handler. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to t...
CVE-2023-7181 Muyun DedeBIZ Add Attachment unrestricted upload
A vulnerability was found in Muyun DedeBIZ up to 6.2.12 and classified as critical. Affected by this issue is some unknown functionality of the component Add Attachment Handler. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to t...
CVE-2023-7181 Muyun DedeBIZ Add Attachment unrestricted upload
A vulnerability was found in Muyun DedeBIZ up to 6.2.12 and classified as critical. Affected by this issue is some unknown functionality of the component Add Attachment Handler. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to t...
PT-2023-32927 · Unknown · Muyun Dedebiz
Name of the Vulnerable Software and Affected Versions: Muyun DedeBIZ versions up to 6.2.12 Description: A critical issue was found in the component Add Attachment Handler, allowing for unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public. The vend...
DedeBIZ Code Issue Vulnerability
DedeBIZ is a content management system from the Chinese company Muyun Intelligent Technology DedeBIZ. A code issue vulnerability exists in Muyun DedeBIZ versions prior to 6.2.12, which stems from the component Add Attachment Handler that causes unrestricted uploads...
CVE-2023-42335
Unrestricted File Upload vulnerability in Fl3xx Dispatch 2.10.37 and fl3xx Crew 2.10.37 allows a remote attacker to execute arbitrary code via the add attachment function in the New Expense component...
CVE-2023-42335
Unrestricted File Upload vulnerability in Fl3xx Dispatch 2.10.37 and fl3xx Crew 2.10.37 allows a remote attacker to execute arbitrary code via the add attachment function in the New Expense component...
Fl3xx Dispatch Code Issue Vulnerability
Fl3xx Dispatch is a schedule scheduling checklist from Fl3xx, Inc. A security vulnerability exists in Fl3xx Dispatch version 2.10.37, fl3xx Crew version 2.10.37. A remote attacker could exploit this vulnerability to execute arbitrary code via the Add Attachment feature in the New Expense componen...
DEBIAN-CVE-2020-36326
PHPMailer 6.1.8 through 6.4.0 allows object injection through Phar Deserialization via addAttachment with a UNC pathname. NOTE: this is similar to CVE-2018-19296, but arose because 6.1.8 fixed a functionality problem in which UNC pathnames were always considered unreadable by PHPMailer, even in...