Lucene search
K

16 matches found

Packet Storm News
Packet Storm News
added 2026/04/03 12:0 a.m.16 views

OWASP CRS Arbitrary File Upload

A vulnerability was identified in OWASP CRS where whitespace padding in filenames can bypass file upload extension checks, allowing uploads of dangerous files such as .php, .phar, .jsp, and .jspx. This has been addressed in versions 3.3.9, 4.25.x LTS, and 4.8.x...

6.8CVSS5.8AI score0.02172EPSS
Exploits0
Cvelist
Cvelist
added 2026/03/24 11:27 a.m.20 views

CVE-2019-25647 PhreeBooks ERP 5.2.3 Remote Code Execution via Image Manager

PhreeBooks ERP 5.2.3 contains a remote code execution vulnerability in the image manager that allows authenticated attackers to upload and execute arbitrary PHP files by bypassing file extension controls. Attackers can upload malicious PHP files through the image manager endpoint and execute them...

8.8CVSS0.00798EPSS
Exploits1References4
CVE
CVE
added 2026/01/30 10:7 p.m.37 views

CVE-2020-37023

Koken CMS 0.22.24 has an arbitrary file upload vulnerability. Authenticated attackers can bypass extension checks by renaming PHP files and upload them with system command execution capabilities, via manipulated file upload requests (e.g., through a web proxy). The impact is high (C/V). No remedi...

8.8CVSS6AI score0.00601EPSS
Exploits0References5
NVD
NVD
added 2026/01/15 4:16 p.m.15 views

CVE-2021-47753

phpKF CMS 3.00 Beta y6 contains an unauthenticated file upload vulnerability that allows remote attackers to execute arbitrary code by bypassing file extension checks. Attackers can upload a PHP file disguised as a PNG, rename it, and execute system commands through a crafted web shell parameter...

9.8CVSS0.00671EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/01/15 12:0 a.m.7 views

phpKF CMS security vulnerability

phpKF CMS is a content management system developed by the Turkish company phpKF. The phpKF CMS 3.00 Beta y6 version contains a security vulnerability. This vulnerability stems from an unverified file upload function, which may bypass file extension checks, allowing remote code execution...

9.8CVSS6.1AI score0.00671EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/12/22 7:21 a.m.13 views

CVE-2023-53950

InnovaStudio WYSIWYG Editor 5.4 contains an unrestricted file upload vulnerability that allows attackers to bypass file extension restrictions through filename manipulation. Attackers can upload malicious ASP shells by using null byte techniques and alternate file extensions to circumvent upload...

9.8CVSS7AI score0.00559EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/19 9:30 p.m.5 views

EUVD-2025-204602

InnovaStudio WYSIWYG Editor 5.4 contains an unrestricted file upload vulnerability that allows attackers to bypass file extension restrictions through filename manipulation. Attackers can upload malicious ASP shells by using null byte techniques and alternate file extensions to circumvent upload...

9.8CVSS6.5AI score0.00559EPSS
Exploits0References4
NVD
NVD
added 2025/12/19 9:15 p.m.67 views

CVE-2023-53950

InnovaStudio WYSIWYG Editor 5.4 contains an unrestricted file upload vulnerability that allows attackers to bypass file extension restrictions through filename manipulation. Attackers can upload malicious ASP shells by using null byte techniques and alternate file extensions to circumvent upload...

9.8CVSS0.00559EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2005-1958

Malware in sbrugna...

5CVSS6.4AI score0.01398EPSS
Exploits0References3
NVD
NVD
added 2025/09/12 11:15 a.m.3 views

CVE-2025-10267

NUP Portal developed by NewType Infortech has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to directly upload files. If the attacker manages to bypass the file extension restrictions, they could upload a webshell and execute it on the server side...

6.9CVSS0.00385EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/08/15 9:29 p.m.11 views

CVE-2011-10009

S40 CMS v0.4.2 contains a path traversal vulnerability in its index.php page handler. The p parameter is not properly sanitized, allowing attackers to traverse the file system and access arbitrary files outside the web root. This can be exploited remotely without authentication by appending...

8.7CVSS7.6AI score0.0156EPSS
Exploits0References1
Snyk
Snyk
added 2025/06/03 6:43 p.m.2 views

Arbitrary File Upload

Overview Affected versions of this package are vulnerable to Arbitrary File Upload through a manipulated API request. An attacker can upload unauthorized files by crafting a request that bypasses the configured file extension checks. Remediation Upgrade Umbraco.Cms.Core to version 15.4.2,...

7.1CVSS7.1AI score0.00159EPSS
Exploits0References2
OSV
OSV
added 2025/01/06 5:15 p.m.2 views

UBUNTU-CVE-2023-6601

A flaw was found in FFmpeg's HLS demuxer. This vulnerability allows bypassing unsafe file extension checks and triggering arbitrary demuxers via base64-encoded data URIs appended with specific file extensions...

4.7CVSS6.7AI score0.0039EPSS
Exploits1References3
CNNVD
CNNVD
added 2023/04/11 12:0 a.m.4 views

Mozilla Firefox ESR 安全漏洞

Mozilla Firefox ESR is an extended support release of Firefox web browser from the Mozilla Foundation in the United States. A security vulnerability exists in Mozilla Firefox ESR prior to version 102.10, which originates from a line break in a filename that can bypass the file extension security...

9.8CVSS7.9AI score0.0094EPSS
Exploits0References8
OSV
OSV
added 2022/06/24 3:15 p.m.5 views

CVE-2022-2102

Controls limiting uploads to certain file extensions may be bypassed. This could allow an attacker to intercept the initial file upload page response and modify the associated code. This modified code can be forwarded and used by a script loaded later in the sequence, allowing for arbitrary file...

7.5CVSS5.9AI score0.00847EPSS
Exploits0References1
CNVD
CNVD
added 2017/05/18 12:0 a.m.3 views

Arbitrary File Upload Vulnerability in KesionCms Latest Version X2.0.170329 Backend

KesionCMS intelligent website building system is a set of intelligent website building system developed by Xiamen Kesion Software Ltd. using ASP+ACCESS/MSSQL database architecture. KesionCms latest version X2.0.170329 there are arbitrary file upload vulnerability, the vulnerability stems from the...

7.1AI score
Exploits0
Rows per page
Query Builder