Lucene search
K

177 matches found

Positive Technologies
Positive Technologies
added 2026/04/29 12:0 a.m.4 views

PT-2026-35934

Cockpit 2.13.5 and earlier is affected by a misconfiguration within the Bucket component isFileTypeAllowed function where a specially crafted filename bypasses an extension filter. This allows an authenticated attacker to rename arbitrary files with the .php file extension enabling arbitrary code...

5.5AI score0.00375EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/04/29 12:0 a.m.11 views

Cockpit 代码问题漏洞

Cockpit is an interactive server management interface developed by Cockpit OpenSource. Versions of Cockpit 2.13.5 and earlier had a code vulnerability caused by improper configuration of the isFileTypeAllowed function in the Bucket component. This vulnerability could lead to arbitrary file renami...

8.8CVSS6AI score0.00375EPSS
Exploits0References1
CVE
CVE
added 2026/04/29 12:0 a.m.14 views

CVE-2026-38991

CVE-2026-38991 affects Cockpit 2.13.5 and earlier, due to a misconfiguration in the Bucket component’s _isFileTypeAllowed function that bypasses the extension filter with a crafted filename. This allows an authenticated attacker to rename arbitrary files with the .php extension and can lead to ar...

8.8CVSS5.6AI score0.00375EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/20 7:9 p.m.5 views

CVE-2026-6257

Vvveb CMS v1.0.8.2 contains a remote code execution vulnerability in its media management functionality where a missing return statement in the file rename handler allows authenticated attackers to rename files to blocked extensions .php or .htaccess. Attackers can exploit this logic flaw by firs...

9.2CVSS6.6AI score0.00633EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/04/20 7:9 p.m.30 views

CVE-2026-6257 Vvveb CMS < v1.0.8.2 Remote Code Execution via Media Management

Vvveb CMS v1.0.8.2 contains a remote code execution vulnerability in its media management functionality where a missing return statement in the file rename handler allows authenticated attackers to rename files to blocked extensions .php or .htaccess. Attackers can exploit this logic flaw by firs...

9.2CVSS0.00633EPSS
Exploits0References2
CVE
CVE
added 2026/04/20 7:9 p.m.20 views

CVE-2026-6257

CVE-2026-6257 affects Vvveb CMS v1.0.8. A missing return in the file rename handler in the media management module enables an authenticated user to perform a two-step file-rename: first upload a text file, rename to “.htaccess” to inject PHP MIME-type directives, then rename another file to “.php...

9.2CVSS6.6AI score0.00633EPSS
Exploits0References2
CVE
CVE
added 2026/01/30 10:7 p.m.37 views

CVE-2020-37023

Koken CMS 0.22.24 has an arbitrary file upload vulnerability. Authenticated attackers can bypass extension checks by renaming PHP files and upload them with system command execution capabilities, via manipulated file upload requests (e.g., through a web proxy). The impact is high (C/V). No remedi...

8.8CVSS6AI score0.00601EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/01/28 12:29 p.m.3 views

CVE-2020-36988 PDW File Browser <= v1.3 - Cross-Site Scripting (XSS)

PDW File Browser version 1.3 contains stored and reflected cross-site scripting vulnerabilities that allow authenticated attackers to inject malicious scripts through file rename and path parameters. Attackers can craft malicious URLs or rename files with XSS payloads to execute arbitrary...

5.4CVSS6AI score0.00207EPSS
Exploits0References3
CVE
CVE
added 2026/01/28 12:29 p.m.11 views

CVE-2020-36988

PDW File Browser

5.4CVSS6AI score0.00207EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/01/28 12:29 p.m.4 views

CVE-2020-36988

PDW File Browser version 1.3 contains stored and reflected cross-site scripting vulnerabilities that allow authenticated attackers to inject malicious scripts through file rename and path parameters. Attackers can craft malicious URLs or rename files with XSS payloads to execute arbitrary...

5.4CVSS6AI score0.00207EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/01/28 12:29 p.m.33 views

CVE-2020-36988 PDW File Browser <= v1.3 - Cross-Site Scripting (XSS)

PDW File Browser version 1.3 contains stored and reflected cross-site scripting vulnerabilities that allow authenticated attackers to inject malicious scripts through file rename and path parameters. Attackers can craft malicious URLs or rename files with XSS payloads to execute arbitrary...

5.4CVSS0.00207EPSS
Exploits0References3
EUVD
EUVD
added 2026/01/28 12:29 p.m.5 views

EUVD-2020-30896

PDW File Browser version 1.3 contains stored and reflected cross-site scripting vulnerabilities that allow authenticated attackers to inject malicious scripts through file rename and path parameters. Attackers can craft malicious URLs or rename files with XSS payloads to execute arbitrary...

5.4CVSS6AI score0.00207EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/01/09 10:31 a.m.6 views

CVE-2017-18449

cPanel before 64.0.21 allows certain file-rename operations in the context of the root account via scripts/convertroundcubemysql2sqlite SEC-254...

5.5CVSS7AI score0.0034EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/05 1:29 p.m.5 views

CVE-2023-50897 WordPress Media File Renamer plugin <= 5.7.7 - Arbitrary File Rename lead to RCE vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Meow Apps Media File Renamer allows Using Malicious Files.This issue affects Media File Renamer: from n/a through 5.7.7...

9.1CVSS6.6AI score0.00282EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/01/05 1:29 p.m.28 views

CVE-2023-50897 WordPress Media File Renamer plugin <= 5.7.7 - Arbitrary File Rename lead to RCE vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Meow Apps Media File Renamer allows Using Malicious Files.This issue affects Media File Renamer: from n/a through 5.7.7...

9.1CVSS0.00282EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/15 12:0 a.m.6 views

PT-2025-51306

Name of the Vulnerable Software and Affected Versions Zomplog version 3.9 Description An authenticated attacker can inject and execute arbitrary PHP code through file manipulation endpoints. This is achieved by uploading malicious JavaScript files, renaming them to PHP, and then executing system...

8.8CVSS7.1AI score0.00824EPSS
Exploits1References6
NVD
NVD
added 2025/12/11 5:15 p.m.6 views

CVE-2025-65474

An arbitrary file rename vulnerability in the /admin/manager.php component of EasyImages 2.0 v2.8.6 and below allows attackers to execute arbitrary code via renaming a PHP file to a SVG format...

9.8CVSS0.00455EPSS
Exploits1References2
OSV
OSV
added 2025/12/11 5:15 p.m.4 views

CVE-2025-65474

An arbitrary file rename vulnerability in the /admin/manager.php component of EasyImages 2.0 v2.8.6 and below allows attackers to execute arbitrary code via renaming a PHP file to a SVG format...

9.8CVSS7.8AI score
Exploits0References2
NVD
NVD
added 2025/12/11 5:15 p.m.3 views

CVE-2025-65473

An arbitrary file rename vulnerability in the /admin/filer.php component of EasyImages 2.0 v2.8.6 and below allows attackers with Administrator privileges to execute arbitrary code via injecting a crafted payload into an uploaded file name...

9.1CVSS0.00489EPSS
Exploits1References2
EUVD
EUVD
added 2025/12/11 12:0 a.m.9 views

EUVD-2025-202703

An arbitrary file rename vulnerability in the /admin/filer.php component of EasyImages 2.0 v2.8.6 and below allows attackers with Administrator privileges to execute arbitrary code via injecting a crafted payload into an uploaded file name...

9.1CVSS7.2AI score0.00489EPSS
Exploits1References3
Rows per page
Query Builder