CVE-2025-8859

CVE-2025-8859 affects code-projects’ eBlog Site 1.0, specifically the File Upload Module function in the file /native/admin/save-slider.php. The vulnerability involves unrestricted file upload, reported as exploitable remotely. Public disclosure exists, and multiple sources reinforce that an atta...

CVE-2023-3800

A vulnerability was found in EasyAdmin8 2.0.2.2. It has been classified as problematic. Affected is an unknown function of the file /admin/index/index.html/admin/mall.goods/index.html of the component File Upload Module. The manipulation leads to unrestricted upload. The complexity of an attack i...

Design/Logic Flaw

A vulnerability was found in EasyAdmin8 2.0.2.2. It has been classified as problematic. Affected is an unknown function of the file /admin/index/index.html/admin/mall.goods/index.html of the component File Upload Module. The manipulation leads to unrestricted upload. The complexity of an attack i...

CVE-2023-3800 EasyAdmin8 File Upload Module index.html unrestricted upload

A vulnerability was found in EasyAdmin8 2.0.2.2. It has been classified as problematic. Affected is an unknown function of the file /admin/index/index.html/admin/mall.goods/index.html of the component File Upload Module. The manipulation leads to unrestricted upload. The complexity of an attack i...

CVE-2023-3800 EasyAdmin8 File Upload Module index.html unrestricted upload

A vulnerability was found in EasyAdmin8 2.0.2.2. It has been classified as problematic. Affected is an unknown function of the file /admin/index/index.html/admin/mall.goods/index.html of the component File Upload Module. The manipulation leads to unrestricted upload. The complexity of an attack i...

PT-2023-26244 · Unknown · Easyadmin8

Name of the Vulnerable Software and Affected Versions: EasyAdmin8 version 2.0.2.2 Description: A vulnerability has been found in the File Upload Module of EasyAdmin8, affecting an unknown function of the file /admin/index/index.html/admin/mall.goods/index.html. This issue leads to unrestricted...

Connect-Multiparty allows arbitrary file upload

An arbitrary file upload vulnerability in the file upload module of Express Connect-Multiparty 2.2.0 allows attackers to execute arbitrary code via a crafted PDF file. NOTE: the Supplier has not verified this vulnerability report...

Design/Logic Flaw

An arbitrary file upload vulnerability in the file upload module of Tiddlywiki5 v5.2.2 allows attackers to execute arbitrary code via a crafted SVG file...

Design/Logic Flaw

An arbitrary file upload vulnerability in the file upload module of Graphql-upload v13.0.0 allows attackers to execute arbitrary code via a crafted filename...

CVE-2022-29354

CVE-2022-29354 concerns Keystone CMS, version 4.2.1. The vulnerability is in the File Upload module, where an arbitrary file upload allows an attacker to execute arbitrary code via a crafted file. The description and connected sources confirm the affected software/component and the risk of remote...

Keystone 代码问题漏洞

Keystone is a powerful CMS designed to help you build and scale faster than any other Cms or application framework. A security vulnerability exists in Keystone version 4.2.1, which stems from an arbitrary file upload issue in the File Upload module. An attacker can execute arbitrary code via a...

GHSA-9QGM-W87Q-HX89 Unrestricted Upload of File with Dangerous Type in Strapi

An arbitrary file upload vulnerability in the file upload module of Strapi v4.1.5 allows attackers to execute arbitrary code via a crafted file...

Unrestricted Upload of File with Dangerous Type in Strapi

An arbitrary file upload vulnerability in the file upload module of Strapi v4.1.5 allows attackers to execute arbitrary code via a crafted file...

Design/Logic Flaw

An arbitrary file upload vulnerability in the file upload module of express-fileupload 1.3.1 allows attackers to execute arbitrary code via a crafted PHP file. NOTE: the vendor's position is that the observed behavior can only occur with "intentional misusing of the API": the express-fileupload...

Design/Logic Flaw

An arbitrary file upload vulnerability in the file upload module of Ghost CMS v4.42.0 allows attackers to execute arbitrary code via a crafted file. NOTE: Vendor states as detailed in Ghost's security documentation, files can only be uploaded and published by trusted users, this is intentional...

Design/Logic Flaw

An arbitrary file upload vulnerability in the file upload module of Strapi v4.1.5 allows attackers to execute arbitrary code via a crafted file...

CVE-2022-27952

An arbitrary file upload vulnerability in the file upload module of PayloadCMS v0.15.0 allows attackers to execute arbitrary code via a crafted SVG file...

CVE-2022-27139

An arbitrary file upload vulnerability in the file upload module of Ghost v4.39.0 allows attackers to execute arbitrary code via a crafted SVG file. NOTE: Vendor states that as outlined in Ghost's security documentation, upload of SVGs is only possible by trusted authenticated users. The uploadin...

CVE-2022-27139

An arbitrary file upload vulnerability in the file upload module of Ghost v4.39.0 allows attackers to execute arbitrary code via a crafted SVG file. NOTE: Vendor states that as outlined in Ghost's security documentation, upload of SVGs is only possible by trusted authenticated users. The uploadin...

Photo Video Album Transfer 1.0 iOS - Multiple Vulnerabilities

Document Title: =============== Photo Video Album Transfer 1.0 iOS - Multiple Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1166 Release Date: ============= 2013-12-10 Vulnerability Laboratory ID VL-ID:...