16 matches found
OWASP CRS Arbitrary File Upload
A vulnerability was identified in OWASP CRS where whitespace padding in filenames can bypass file upload extension checks, allowing uploads of dangerous files such as .php, .phar, .jsp, and .jspx. This has been addressed in versions 3.3.9, 4.25.x LTS, and 4.8.x...
CVE-2019-25647 PhreeBooks ERP 5.2.3 Remote Code Execution via Image Manager
PhreeBooks ERP 5.2.3 contains a remote code execution vulnerability in the image manager that allows authenticated attackers to upload and execute arbitrary PHP files by bypassing file extension controls. Attackers can upload malicious PHP files through the image manager endpoint and execute them...
CVE-2020-37023
Koken CMS 0.22.24 has an arbitrary file upload vulnerability. Authenticated attackers can bypass extension checks by renaming PHP files and upload them with system command execution capabilities, via manipulated file upload requests (e.g., through a web proxy). The impact is high (C/V). No remedi...
CVE-2021-47753
phpKF CMS 3.00 Beta y6 contains an unauthenticated file upload vulnerability that allows remote attackers to execute arbitrary code by bypassing file extension checks. Attackers can upload a PHP file disguised as a PNG, rename it, and execute system commands through a crafted web shell parameter...
phpKF CMS security vulnerability
phpKF CMS is a content management system developed by the Turkish company phpKF. The phpKF CMS 3.00 Beta y6 version contains a security vulnerability. This vulnerability stems from an unverified file upload function, which may bypass file extension checks, allowing remote code execution...
CVE-2023-53950
InnovaStudio WYSIWYG Editor 5.4 contains an unrestricted file upload vulnerability that allows attackers to bypass file extension restrictions through filename manipulation. Attackers can upload malicious ASP shells by using null byte techniques and alternate file extensions to circumvent upload...
EUVD-2025-204602
InnovaStudio WYSIWYG Editor 5.4 contains an unrestricted file upload vulnerability that allows attackers to bypass file extension restrictions through filename manipulation. Attackers can upload malicious ASP shells by using null byte techniques and alternate file extensions to circumvent upload...
CVE-2023-53950
InnovaStudio WYSIWYG Editor 5.4 contains an unrestricted file upload vulnerability that allows attackers to bypass file extension restrictions through filename manipulation. Attackers can upload malicious ASP shells by using null byte techniques and alternate file extensions to circumvent upload...
EUVD-2005-1958
Malware in sbrugna...
CVE-2025-10267
NUP Portal developed by NewType Infortech has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to directly upload files. If the attacker manages to bypass the file extension restrictions, they could upload a webshell and execute it on the server side...
CVE-2011-10009
S40 CMS v0.4.2 contains a path traversal vulnerability in its index.php page handler. The p parameter is not properly sanitized, allowing attackers to traverse the file system and access arbitrary files outside the web root. This can be exploited remotely without authentication by appending...
Arbitrary File Upload
Overview Affected versions of this package are vulnerable to Arbitrary File Upload through a manipulated API request. An attacker can upload unauthorized files by crafting a request that bypasses the configured file extension checks. Remediation Upgrade Umbraco.Cms.Core to version 15.4.2,...
UBUNTU-CVE-2023-6601
A flaw was found in FFmpeg's HLS demuxer. This vulnerability allows bypassing unsafe file extension checks and triggering arbitrary demuxers via base64-encoded data URIs appended with specific file extensions...
Mozilla Firefox ESR 安全漏洞
Mozilla Firefox ESR is an extended support release of Firefox web browser from the Mozilla Foundation in the United States. A security vulnerability exists in Mozilla Firefox ESR prior to version 102.10, which originates from a line break in a filename that can bypass the file extension security...
CVE-2022-2102
Controls limiting uploads to certain file extensions may be bypassed. This could allow an attacker to intercept the initial file upload page response and modify the associated code. This modified code can be forwarded and used by a script loaded later in the sequence, allowing for arbitrary file...
Arbitrary File Upload Vulnerability in KesionCms Latest Version X2.0.170329 Backend
KesionCMS intelligent website building system is a set of intelligent website building system developed by Xiamen Kesion Software Ltd. using ASP+ACCESS/MSSQL database architecture. KesionCms latest version X2.0.170329 there are arbitrary file upload vulnerability, the vulnerability stems from the...