EUVD-2020-0608

Malware in sbrugna...

EUVD-2022-1848

Malicious code in bioql PyPI...

CVE-2022-27261

An arbitrary file write vulnerability in Express-FileUpload v1.3.1 allows attackers to upload multiple files with the same name, causing an overwrite of files in the web application server...

CVE-2022-27140

An arbitrary file upload vulnerability in the file upload module of express-fileupload 1.3.1 allows attackers to execute arbitrary code via a crafted PHP file. NOTE: the vendor's position is that the observed behavior can only occur with "intentional misusing of the API": the express-fileupload...

Arbitrary File Upload

express-fileupload is vulnerable to arbitrary file upload. It does not restrict an attacker from uploading a malicious PHP file to execute arbitrary code...

@aarconada/urserver (>=0.0.1 <=0.0.990), @alterior/core (>=0.0.1 <=2.0.0-b1) +195 more potentially affected by CVE-2022-27261 via express-fileupload (>=0.0.5 <=1.3.1)

express-fileupload NPM version =0.0.5, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.1.155, =2.0.0-alpha.0, =1.0.0, =0.12.0, =0.0.2-90, =0.0.1-alpha.151, =0.0.1-alpha.44, =0.0.1, =1.0.0, =1.0.0, =1.0.1 and more Source cves: CVE-2022-27261 Source advisory: OSV:GHSA-W4M6-X6C2-J5C9...

Express-FileUpload Arbitrary File Overwrite

An arbitrary file write vulnerability in Express-FileUpload v1.3.1 allows attackers to upload multiple files with the same name, causing an overwrite of files in the web application server. This vulnerability is debated by the package author...

CVE-2022-27261

An arbitrary file write vulnerability in Express-FileUpload v1.3.1 allows attackers to upload multiple files with the same name, causing an overwrite of files in the web application server...

CVE-2022-27140

An arbitrary file upload vulnerability in the file upload module of express-fileupload 1.3.1 allows attackers to execute arbitrary code via a crafted PHP file. NOTE: the vendor's position is that the observed behavior can only occur with "intentional misusing of the API": the express-fileupload...

CVE-2022-27261

An arbitrary file write vulnerability in Express-FileUpload v1.3.1 allows attackers to upload multiple files with the same name, causing an overwrite of files in the web application server...

CVE-2022-27140

An arbitrary file upload vulnerability in the file upload module of express-fileupload 1.3.1 allows attackers to execute arbitrary code via a crafted PHP file. NOTE: the vendor's position is that the observed behavior can only occur with "intentional misusing of the API": the express-fileupload...

Design/Logic Flaw

An arbitrary file upload vulnerability in the file upload module of express-fileupload 1.3.1 allows attackers to execute arbitrary code via a crafted PHP file. NOTE: the vendor's position is that the observed behavior can only occur with "intentional misusing of the API": the express-fileupload...

Arbitrary file deletion

An arbitrary file write vulnerability in Express-FileUpload v1.3.1 allows attackers to upload multiple files with the same name, causing an overwrite of files in the web application server...

CVE-2022-27261

An arbitrary file write vulnerability in Express-FileUpload v1.3.1 allows attackers to upload multiple files with the same name, causing an overwrite of files in the web application server...

CVE-2022-27261

CVE-2022-27261 describes an arbitrary file write vulnerability in Express-FileUpload v1.3.1. The issue allows uploading multiple files with the same name, leading to overwriting existing files on the web application server. Connected documents corroborate the affected product/version and impact, ...

express-fileupload 代码问题漏洞

express-fileupload is a file upload middleware by Richard Girges, an individual developer in the United States. A code issue vulnerability exists in express-fileupload v1.3.1 that allows attackers to execute arbitrary code via a crafted PHP file...

express-fileupload 代码问题漏洞

express-fileupload is a file upload middleware by Richard Girges, an individual developer in the United States. A security vulnerability exists in express-fileupload v1.3.1, which allows an attacker to upload multiple files with the same name, resulting in the overwriting of files in the web...

CVE-2022-27140

An arbitrary file upload vulnerability in the file upload module of express-fileupload 1.3.1 allows attackers to execute arbitrary code via a crafted PHP file. NOTE: the vendor's position is that the observed behavior can only occur with "intentional misusing of the API": the express-fileupload...

PT-2022-18246 · Unknown · Express-Fileupload

Name of the Vulnerable Software and Affected Versions: express-fileupload version 1.3.1 Description: An arbitrary file upload vulnerability in the file upload module of express-fileupload allows attackers to execute arbitrary code via a crafted PHP file. The vendor's position is that the observed...

CVE-2022-27140

CVE-2022-27140 affects the express-fileupload module (version 1.3.1). The vulnerability arises from improper validation in the file upload mechanism, allowing an attacker to upload a crafted PHP file and potentially execute arbitrary code. Vendor notes this behavior can occur only with intentiona...