PT-2025-42751

Name of the Vulnerable Software and Affected Versions Galaxy Software Services Corporation Vitals ESP Forum Module versions through 1.3 Description An unrestricted upload of file with dangerous type flaw exists in the upload file function. This allows remote authenticated users to execute arbitra...

PT-2025-16787 · Sourcecodester · Sourcecodester Online Id Generator System

Name of the Vulnerable Software and Affected Versions: Sourcecodester Online ID Generator System version 1.0 Description: The issue allows attackers to execute arbitrary code via a crafted PHP file, exploiting an arbitrary file upload vulnerability. This is achieved through the id...

PT-2025-6075 · Unknown · Cool-Admin-Java

Name of the Vulnerable Software and Affected Versions: cool-admin-java version 1.0 Description: An arbitrary file upload vulnerability in the component /comm/upload allows attackers to execute arbitrary code via uploading a crafted file. This issue enables attackers to upload malicious files,...

PT-2025-6008 · Unknown · Taisan Tarzan-Cms

Name of the Vulnerable Software and Affected Versions: taisan tarzan-cms versions up to 1.0.0 Description: This issue affects the function upload of the file "/adminthemes" of the component Add Theme Handler. The manipulation leads to deserialization. The attack may be initiated remotely...

PT-2025-3065 · Flatnotes · Flatnotes

Name of the Vulnerable Software and Affected Versions: Flatnotes versions prior to 5.3.1 Description: The issue is related to a denial of service through the upload image function. There is no information provided about the estimated number of potentially affected devices worldwide or real-world...

PT-2025-2059 · Wander Chu · Springboot-Blog

Name of the Vulnerable Software and Affected Versions: wander-chu SpringBoot-Blog version 1.0 Description: A critical vulnerability has been found in the Admin Attachment Handler component, specifically affecting the upload function of the AttachtController.java file. The manipulation of the file...

PT-2025-2031 · Unknown · Zhenfeng13 My-Blog

Name of the Vulnerable Software and Affected Versions: zhenfeng13 My-Blog version 1.0 Description: A critical vulnerability was found in the upload function of the file src/main/java/com/site/blog/my/core/controller/admin/uploadController.java. The manipulation of the file argument leads to...

PT-2025-2024 · Unknown · Mysiteforme

Name of the Vulnerable Software and Affected Versions: wangl1989 mysiteforme version 1.0 Description: A critical issue has been found in the file upload function of the LocalUploadServiceImpl class, located at src/main/java/com/mysiteform/admin/service/ipl/. The manipulation of the test argument...

PT-2024-35793 · Spip · Spip

Name of the Vulnerable Software and Affected Versions: SPIP version 4.3.3 Description: The issue concerns an authenticated arbitrary file upload vulnerability in the Documents module. This allows attackers to execute arbitrary code by uploading a crafted PDF file. There is no information provided...

PT-2024-33023 · Icecms · Icecms

Name of the Vulnerable Software and Affected Versions: icecms versions 3.4.7 and earlier Description: The issue is related to a File Upload vulnerability. It affects the uploadFile function in FileUtils.java. Recommendations: For versions 3.4.7 and earlier, update to a version later than 3.4.7 to...

PT-2024-16257 · Sourcecodester · Sourcecodester Online Hotel Reservation System

Name of the Vulnerable Software and Affected Versions: SourceCodester Online Hotel Reservation System version 1.0 Description: A critical issue has been found in the function upload of the file /guest/update.php, where the manipulation of the image argument leads to unrestricted upload. This issu...

PT-2024-39860 · Codezips · Codezips Tourist Management System

Name of the Vulnerable Software and Affected Versions: Codezips Tourist Management System version 1.0 Description: A critical issue has been found in the system, affecting an unknown functionality of the file /admin/create-package.php. The manipulation of the packageimage argument leads to...

PT-2024-38708 · Unknown · Laravel Property Management System

Name of the Vulnerable Software and Affected Versions: Laravel Property Management System version 1.0 Description: A critical issue affects the upload function of the PropertiesController.php file, allowing for unrestricted file upload through the manipulation of the file argument. This can be...

PT-2024-5476 · Totolink · Totolink A3300R

Name of the Vulnerable Software and Affected Versions: TOTOLINK A3300R version 17.0.0cu.557 B20221024 Description: A critical issue was found in the UploadCustomModule function of the /cgi-bin/cstecgi.cgi file, which can be exploited remotely. The manipulation of the File argument leads to a buff...

PT-2024-21813 · Zohocorp · Manageengine Ddi Central

Name of the Vulnerable Software and Affected Versions: Zohocorp ManageEngine DDI Central versions 4001 and prior Description: The issue allows a user to upload new files to the server folder due to a directory traversal vulnerability. Recommendations: For versions 4001 and prior, consider...

PT-2024-37374 · Bethesda · Bethesda Online Reservation System

Name of the Vulnerable Software and Affected Versions: Bethesda Online Reservation System version 1.0 Description: A critical issue has been found in the Bethesda Online Reservation System, affecting the uploadImage function of the file /admin/mod room/controller.php?action=add. The manipulation ...

PT-2024-26230 · Unknown · Itsourcecode Payroll Management System

Name of the Vulnerable Software and Affected Versions: Sourcecodester Payroll Management System version 1.0 Description: The issue allows an unauthenticated attacker to upload a malicious PHP file via the "save settings" page, which is intended for image uploads. This can lead to the execution of...

PT-2024-37117 · Itsourcecode · Itsourcecode Bakery Online Ordering System

Name of the Vulnerable Software and Affected Versions: itsourcecode Bakery Online Ordering System version 1.0 Description: A critical issue has been found in the itsourcecode Bakery Online Ordering System, affecting an unknown function of the file /admin/modules/product/controller.php?action=add...

PT-2024-35436

Name of the Vulnerable Software and Affected Versions gaizhenbiao/chuanhuchatgpt versions prior to the fixed version Description The issue is related to an unrestricted file upload vulnerability due to insufficient validation of uploaded file types in the "/upload" endpoint. Specifically, the...

PT-2024-40089 · Silverstripe · Silverstripe-Secureassets +1

Name of the Vulnerable Software and Affected Versions: silverstripe-userforms versions prior to 3.0.0 silverstripe-userforms version 3.0.0 when used with silverstripe-secureassets module Description: The issue allows CMS administrators to create public-facing forms with file upload abilities, whi...