Lucene search
K

53 matches found

Positive Technologies
Positive Technologies
added 2024/04/30 12:0 a.m.5 views

PT-2024-30592 · Sourcecodester · Sourcecodester Pisay Online E-Learning System

Name of the Vulnerable Software and Affected Versions: SourceCodester Pisay Online E-Learning System version 1.0 Description: A critical vulnerability has been found in the SourceCodester Pisay Online E-Learning System, affecting an unknown functionality of the file /lesson/controller.php. The...

7.5CVSS7.4AI score0.01035EPSS
Exploits1References8
OSV
OSV
added 2024/04/09 6:52 p.m.19 views

GHSA-V24P-7P4J-QVVF Contao: Cross site scripting in the file manager

Impact Users can insert malicious code into file names when uploading files, which is then executed in tooltips and popups in the backend. Patches Update to Contao 4.13.40 or Contao 5.3.4. Workarounds Disable uploads for untrusted users. References...

5.4CVSS5.4AI score0.00502EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2024/04/09 6:52 p.m.24 views

Contao: Cross site scripting in the file manager

Impact Users can insert malicious code into file names when uploading files, which is then executed in tooltips and popups in the backend. Patches Update to Contao 4.13.40 or Contao 5.3.4. Workarounds Disable uploads for untrusted users. References...

5.4CVSS7.1AI score0.00502EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2024/04/09 1:48 p.m.21 views

CVE-2024-28190 Contao core bundle vulnerable to cross site scripting in the file manager

Contao is an open source content management system. Starting in version 4.0.0 and prior to version 4.13.40 and 5.3.4, users can inject malicious code in filenames when uploading files back end and front end, which is then executed in tooltips and popups in the back end. Contao versions 4.13.40 an...

5.4CVSS5.6AI score0.00502EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2024/03/25 12:0 a.m.4 views

PT-2024-22434 · Twenty · Twenty

Name of the Vulnerable Software and Affected Versions: Twenty version 0.3.0 Description: The CRM platform is vulnerable to stored cross-site scripting via file upload. A crafted svg file can trigger the execution of the javascript code. Recommendations: For version 0.3.0, consider disabling the...

7.6CVSS6.3AI score0.00674EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2024/03/23 12:0 a.m.4 views

PT-2024-22448 · Sourcecodester · Sourcecodester Simple File Manager

Name of the Vulnerable Software and Affected Versions: SourceCodester Simple File Manager version 1.0 Description: A critical vulnerability was found in the software, affecting unknown code. The manipulation of the photo argument leads to unrestricted upload. The attack can be initiated remotely...

9.8CVSS7.4AI score0.00909EPSS
Exploits1References9
Positive Technologies
Positive Technologies
added 2024/02/20 12:0 a.m.5 views

PT-2024-21248 · Openolat · Openolat

Name of the Vulnerable Software and Affected Versions: OpenOlat versions 18.1.5 and lower Description: The issue is a stored Cross-Site Scripting XSS vulnerability. It allows authenticated users to upload files within the Media Center without additional rights. Although file types are limited, an...

5.4CVSS5.2AI score0.0055EPSS
Exploits3References8
Positive Technologies
Positive Technologies
added 2024/01/29 12:0 a.m.5 views

PT-2024-2036 · Otrs · Otrs

Name of the Vulnerable Software and Affected Versions: OTRS versions 7.0.X through 7.0.48 OTRS versions 8.0.X through 8.0.37 OTRS versions 2023 through 2023.1.1 Description: The issue is related to an Improper Input Validation vulnerability in the upload functionality for user avatars, which allo...

10CVSS9.6AI score0.00253EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2024/01/04 12:0 a.m.5 views

PT-2024-13967 · Unknown · Online Notice Board System

Name of the Vulnerable Software and Affected Versions: Online Notice Board System version 1.0 Description: The issue is related to an Insecure File Upload vulnerability. This vulnerability is located in the f parameter of the "user/update profile pic.php" page, allowing an authenticated attacker ...

8.8CVSS7.4AI score0.01213EPSS
Exploits1References9
Positive Technologies
Positive Technologies
added 2023/10/04 12:0 a.m.5 views

PT-2023-29009 · Unknown · Prison Management System

Name of the Vulnerable Software and Affected Versions: Personal Management System version 1.4.64 Description: The issue allows attackers to execute arbitrary code via uploading a crafted SVG file into a user profile's avatar. Recommendations: For Personal Management System version 1.4.64, conside...

7.8CVSS7.8AI score0.00576EPSS
Exploits1References10
Positive Technologies
Positive Technologies
added 2023/08/16 12:0 a.m.6 views

PT-2023-26619 · Boidcms · Boidcms

Name of the Vulnerable Software and Affected Versions: BoidCMS version 2.0.0 Description: A remote attacker can execute arbitrary code by exploiting a file upload vulnerability in BoidCMS. This is achieved by adding a GIF header to bypass MIME type checks, allowing the attacker to execute code vi...

8.8CVSS8.9AI score0.69003EPSS
Exploits8References13
Positive Technologies
Positive Technologies
added 2023/07/31 12:0 a.m.4 views

PT-2023-4160 · Webmin +1 · Webmin +1

Name of the Vulnerable Software and Affected Versions: Webmin version 2.021 Description: A Cross-site Scripting XSS Bypass vulnerability was discovered in the file upload functionality of Webmin. Normally, the application restricts the upload of certain file types such as .svg, .php, etc., and...

6.4CVSS5.8AI score0.00531EPSS
Exploits1References11
Positive Technologies
Positive Technologies
added 2023/07/25 12:0 a.m.6 views

PT-2023-15100 · Vocera · Vocera Voice Server +1

Name of the Vulnerable Software and Affected Versions: Vocera Report Server and Voice Server versions 5.x through 5.8 Description: An issue was discovered that allows for Arbitrary File Upload. The BaseController class, which each of the service controllers derives from, permits the upload of...

9.8CVSS6.8AI score0.00683EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2023/06/26 12:0 a.m.6 views

PT-2023-20940 · Pluck Cms · Pluck Cms

Name of the Vulnerable Software and Affected Versions: Pluck CMS versions 4.7.15 through 4.7.16-dev4 Description: The issue is related to a Cross Site Scripting XSS vulnerability. It affects the /admin.php endpoint, allowing remote attackers to run arbitrary code via the upload of a crafted html...

4.8CVSS5.1AI score0.00592EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2023/06/20 12:0 a.m.4 views

PT-2023-11588 · Unknown · Nucleus Cms

Name of the Vulnerable Software and Affected Versions: NucleusCMS version 3.71 Description: The issue allows a remote attacker to execute arbitrary code. This is achieved via the "https://example.com/nucleus/plugins/skinfiles/?dir=rsd" API endpoint, where the dir parameter is set to rsd...

9.8CVSS7.7AI score0.01169EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2023/06/20 12:0 a.m.7 views

PT-2023-11592 · Feehicms · Feehicms

Name of the Vulnerable Software and Affected Versions: Feehicms version 2.0.8 Description: The issue allows a remote attacker to execute arbitrary code via the "/admin/index.php?r=admin-user%2Fupdate-self" component. This is a File Upload vulnerability, which can be exploited by a remote attacker...

9.8CVSS7.7AI score0.01314EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2023/06/05 12:0 a.m.11 views

PT-2023-24327 · Marsctf · Marsctf

Name of the Vulnerable Software and Affected Versions: MarsCTF version 1.2.1 Description: The issue is related to an arbitrary file upload vulnerability in the interface for uploading attachments in the background. This allows for potential malicious file uploads. Recommendations: For MarsCTF...

9.8CVSS7AI score0.01007EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2023/05/16 12:0 a.m.4 views

PT-2023-23492 · Unknown · Sourcecodester Online Computer/Laptop Store

Name of the Vulnerable Software and Affected Versions: Sourcecodester Online Computer and Laptop Store version 1.0 Description: The issue allows unrestricted file upload, which can lead to remote code execution. The vulnerability path is "/classes/Users.php?f=save". Recommendations: For version...

9.8CVSS7.8AI score0.01519EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2023/04/14 12:0 a.m.3 views

PT-2023-22336 · Unknown · Employee Performance Evaluation System

Name of the Vulnerable Software and Affected Versions: Employee Performance Evaluation System version 1.0 Description: The issue allows attackers to execute arbitrary code via a crafted file uploaded to the server. This is due to an arbitrary file upload vulnerability in the system...

8.8CVSS8.8AI score0.00955EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2023/04/05 12:0 a.m.6 views

PT-2023-16441 · Ulearn · Ulearn

Name of the Vulnerable Software and Affected Versions: Ulearn version a5a7ca20de859051ea0470542844980a66dfc05d Description: The issue allows an attacker with administrator permissions to obtain remote code execution on the server through the image upload functionality. This occurs because the...

7.2CVSS8.2AI score0.01018EPSS
Exploits0References4
Rows per page
Query Builder