53 matches found
PT-2024-30592 · Sourcecodester · Sourcecodester Pisay Online E-Learning System
Name of the Vulnerable Software and Affected Versions: SourceCodester Pisay Online E-Learning System version 1.0 Description: A critical vulnerability has been found in the SourceCodester Pisay Online E-Learning System, affecting an unknown functionality of the file /lesson/controller.php. The...
GHSA-V24P-7P4J-QVVF Contao: Cross site scripting in the file manager
Impact Users can insert malicious code into file names when uploading files, which is then executed in tooltips and popups in the backend. Patches Update to Contao 4.13.40 or Contao 5.3.4. Workarounds Disable uploads for untrusted users. References...
Contao: Cross site scripting in the file manager
Impact Users can insert malicious code into file names when uploading files, which is then executed in tooltips and popups in the backend. Patches Update to Contao 4.13.40 or Contao 5.3.4. Workarounds Disable uploads for untrusted users. References...
CVE-2024-28190 Contao core bundle vulnerable to cross site scripting in the file manager
Contao is an open source content management system. Starting in version 4.0.0 and prior to version 4.13.40 and 5.3.4, users can inject malicious code in filenames when uploading files back end and front end, which is then executed in tooltips and popups in the back end. Contao versions 4.13.40 an...
PT-2024-22434 · Twenty · Twenty
Name of the Vulnerable Software and Affected Versions: Twenty version 0.3.0 Description: The CRM platform is vulnerable to stored cross-site scripting via file upload. A crafted svg file can trigger the execution of the javascript code. Recommendations: For version 0.3.0, consider disabling the...
PT-2024-22448 · Sourcecodester · Sourcecodester Simple File Manager
Name of the Vulnerable Software and Affected Versions: SourceCodester Simple File Manager version 1.0 Description: A critical vulnerability was found in the software, affecting unknown code. The manipulation of the photo argument leads to unrestricted upload. The attack can be initiated remotely...
PT-2024-21248 · Openolat · Openolat
Name of the Vulnerable Software and Affected Versions: OpenOlat versions 18.1.5 and lower Description: The issue is a stored Cross-Site Scripting XSS vulnerability. It allows authenticated users to upload files within the Media Center without additional rights. Although file types are limited, an...
PT-2024-2036 · Otrs · Otrs
Name of the Vulnerable Software and Affected Versions: OTRS versions 7.0.X through 7.0.48 OTRS versions 8.0.X through 8.0.37 OTRS versions 2023 through 2023.1.1 Description: The issue is related to an Improper Input Validation vulnerability in the upload functionality for user avatars, which allo...
PT-2024-13967 · Unknown · Online Notice Board System
Name of the Vulnerable Software and Affected Versions: Online Notice Board System version 1.0 Description: The issue is related to an Insecure File Upload vulnerability. This vulnerability is located in the f parameter of the "user/update profile pic.php" page, allowing an authenticated attacker ...
PT-2023-29009 · Unknown · Prison Management System
Name of the Vulnerable Software and Affected Versions: Personal Management System version 1.4.64 Description: The issue allows attackers to execute arbitrary code via uploading a crafted SVG file into a user profile's avatar. Recommendations: For Personal Management System version 1.4.64, conside...
PT-2023-26619 · Boidcms · Boidcms
Name of the Vulnerable Software and Affected Versions: BoidCMS version 2.0.0 Description: A remote attacker can execute arbitrary code by exploiting a file upload vulnerability in BoidCMS. This is achieved by adding a GIF header to bypass MIME type checks, allowing the attacker to execute code vi...
PT-2023-4160 · Webmin +1 · Webmin +1
Name of the Vulnerable Software and Affected Versions: Webmin version 2.021 Description: A Cross-site Scripting XSS Bypass vulnerability was discovered in the file upload functionality of Webmin. Normally, the application restricts the upload of certain file types such as .svg, .php, etc., and...
PT-2023-15100 · Vocera · Vocera Voice Server +1
Name of the Vulnerable Software and Affected Versions: Vocera Report Server and Voice Server versions 5.x through 5.8 Description: An issue was discovered that allows for Arbitrary File Upload. The BaseController class, which each of the service controllers derives from, permits the upload of...
PT-2023-20940 · Pluck Cms · Pluck Cms
Name of the Vulnerable Software and Affected Versions: Pluck CMS versions 4.7.15 through 4.7.16-dev4 Description: The issue is related to a Cross Site Scripting XSS vulnerability. It affects the /admin.php endpoint, allowing remote attackers to run arbitrary code via the upload of a crafted html...
PT-2023-11588 · Unknown · Nucleus Cms
Name of the Vulnerable Software and Affected Versions: NucleusCMS version 3.71 Description: The issue allows a remote attacker to execute arbitrary code. This is achieved via the "https://example.com/nucleus/plugins/skinfiles/?dir=rsd" API endpoint, where the dir parameter is set to rsd...
PT-2023-11592 · Feehicms · Feehicms
Name of the Vulnerable Software and Affected Versions: Feehicms version 2.0.8 Description: The issue allows a remote attacker to execute arbitrary code via the "/admin/index.php?r=admin-user%2Fupdate-self" component. This is a File Upload vulnerability, which can be exploited by a remote attacker...
PT-2023-24327 · Marsctf · Marsctf
Name of the Vulnerable Software and Affected Versions: MarsCTF version 1.2.1 Description: The issue is related to an arbitrary file upload vulnerability in the interface for uploading attachments in the background. This allows for potential malicious file uploads. Recommendations: For MarsCTF...
PT-2023-23492 · Unknown · Sourcecodester Online Computer/Laptop Store
Name of the Vulnerable Software and Affected Versions: Sourcecodester Online Computer and Laptop Store version 1.0 Description: The issue allows unrestricted file upload, which can lead to remote code execution. The vulnerability path is "/classes/Users.php?f=save". Recommendations: For version...
PT-2023-22336 · Unknown · Employee Performance Evaluation System
Name of the Vulnerable Software and Affected Versions: Employee Performance Evaluation System version 1.0 Description: The issue allows attackers to execute arbitrary code via a crafted file uploaded to the server. This is due to an arbitrary file upload vulnerability in the system...
PT-2023-16441 · Ulearn · Ulearn
Name of the Vulnerable Software and Affected Versions: Ulearn version a5a7ca20de859051ea0470542844980a66dfc05d Description: The issue allows an attacker with administrator permissions to obtain remote code execution on the server through the image upload functionality. This occurs because the...