143 matches found
CVE-2025-69906
Monstra CMS v3.0.4 contains an arbitrary file upload vulnerability in the Files Manager plugin. The application relies on blacklist-based file extension validation and stores uploaded files directly in a web-accessible directory. Under typical server configurations, this can allow an attacker to...
FPDF 安全漏洞
FPDF is a PDF file generation tool developed by Setasign GmbH & Co. KG. Versions of FPDF prior to 1.86 contain security vulnerabilities; these vulnerabilities stem from the AddFont function, which allows arbitrary file uploads, potentially enabling the execution of arbitrary code...
python-multipart path traversal vulnerability
Python-Multipart is a Python-based streaming multipart parser developed by Marcelo Trylesinski. Versions of Python-Multipart prior to 0.0.22 contained a path traversal vulnerability. This vulnerability occurred when non-default configuration options such as UPLOADDIR and UPLOADKEEPFILENAME=True...
WordPress plugin Hustle – Email Marketing, Lead Generation, Optin, Popup: Code issues and vulnerabilities
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
CVE-2026-0927
The KiviCare – Clinic & Patient Management System EHR plugin for WordPress is vulnerable to arbitrary file uploads due to missing authorization checks in the uploadMedicalReport function in all versions up to, and including, 3.6.15. This makes it possible for unauthenticated attackers to upload...
PT-2026-4325
The KiviCare – Clinic & Patient Management System EHR plugin for WordPress is vulnerable to arbitrary file uploads due to missing authorization checks in the uploadMedicalReport function in all versions up to, and including, 3.6.15. This makes it possible for unauthenticated attackers to upload...
EUVD-2025-206314
SQLBot is an intelligent data query system based on a large language model and RAG. Versions prior to 1.5.0 contain a missing authentication vulnerability in the /api/v1/datasource/uploadExcel endpoint, allowing a remote unauthenticated attacker to upload arbitrary Excel/CSV files and inject data...
CVE-2012-10064
Omni Secure Files plugin versions prior to 0.1.14 contain an arbitrary file upload vulnerability in the bundled plupload example endpoint. The /wp-content/plugins/omni-secure-files/plupload/examples/upload.php handler allows unauthenticated uploads without enforcing safe file type restrictions,...
CVE-2025-14457
The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing ownership check in the dndcodedropzuploaddelete function in all versions up to, and including, 1.3.9.2. This makes it possible for unauthenticated...
WordPress plugin Uploadify 代码问题漏洞
WordPress Uploadify plugin is a jQuery-based multi-file upload plugin that allows webmasters or users to implement intuitive and customizable file uploading features on web pages. A code issue vulnerability exists in WordPress Uploadify plugin that stems from a lack of file type validation in...
CVE-2025-67706
ArcGIS Server version 11.5 and earlier on Windows and Linux does not properly validate uploaded files file, which allows remote attackers to upload arbitrary files...
EUVD-2025-206101
ArcGIS Server version 11.5 and earlier on Windows and Linux does not properly validate uploaded files file, which allows remote attackers to upload arbitrary files...
CVE-2025-67706
ArcGIS Server (Windows/Linux) 11.5 and earlier exposes a vulnerability where uploaded files are not properly validated, allowing remote unauthenticated arbitrary file uploads to designated directories. The server architecture prevents execution of uploaded files and enforces non-executable storag...
Computer Laboratory System File Upload Vulnerability
Computer Laboratory System is a computer laboratory system. Computer Laboratory System has a file upload vulnerability that originates from a misbehavior of the parameter image in the file technicalstaffpic.php, which can be exploited by an attacker to cause an arbitrary file upload...
Arbitrary File Upload
Overview cadmium-org/cadmium-cms is a Сontent management system for PHP7 Affected versions of this package are vulnerable to Arbitrary File Upload via the admin/content/filemanager/uploads endpoint. An attacker can execute arbitrary code or upload malicious files by submitting crafted files to th...
EUVD-2025-204624
The File Uploader for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the callback function for the 'add-image-data' REST API endpoint in all versions up to, and including, 1.0.3. This makes it possible for unauthenticated attackers ...
WordPress plugin File Uploader for WooCommerce 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A code issue...
PT-2025-52536
Name of the Vulnerable Software and Affected Versions File Uploader for WooCommerce versions up to and including 1.0.3 Description The File Uploader for WooCommerce plugin for WordPress is susceptible to arbitrary file uploads because of a lack of file type validation within the callback function...
CVE-2025-67728 Fireshare Public Uploads feature is vulnerable to OS Command Injection (RCE)
Fireshare facilitates self-hosted media and link sharing. Versions 1.2.30 and below allow an authenticated user, or unauthenticated user if the Public Uploads setting is enabled, to craft a malicious filename when uploading a video file. The malicious filename is then concatenated directly into a...
hfly 代码问题漏洞
hfly is a travel website by baowzh individual developer. A code issue vulnerability exists in hfly, which stems from the incorrect manipulation of the parameter imgFile in the file /Public/Kindeditor/php/uploadjson.php, which could lead to arbitrary file uploads...