3 matches found
CVE-2025-56399
alexusmai laravel-file-manager 3.3.1 and before allows an authenticated attacker to achieve Remote Code Execution RCE through a crafted file upload. A file with a '.png extension containing PHP code can be uploaded via the file manager interface. Although the upload appears to fail client-side...
PT-2024-29450 · Unknown +1 · Productinfoquick +1
Name of the Vulnerable Software and Affected Versions: productinfoquick version 1.0 Description: The issue allows attackers to execute arbitrary code by uploading a crafted PNG file, exploiting an arbitrary file upload vulnerability in the Ueditor component. Recommendations: For version 1.0, upda...
CVE-2023-37602
An arbitrary file upload vulnerability in the component /workplace!explorer of Alkacon OpenCMS v15.0 allows attackers to execute arbitrary code via uploading a crafted PNG file...