73 matches found
Liferay Portal和Liferay DXP 代码问题漏洞
Liferay Portal and Liferay DXP are both products of Liferay, Inc.Liferay Portal is a J2EE-based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP...
Havalite CMS 安全漏洞
Havalite CMS is a content management system for Havalite Personal Developers. A security vulnerability exists in Havalite CMS version 1.1.7 and earlier, which stems from insufficient file upload validation and could lead to remote code execution...
Time Line 代码问题漏洞
Time Line is a timeline application from the Time Line Official individual developer. A code issue vulnerability exists in Time Line that stems from insufficient file upload validation, which could result in a malicious file upload or denial of service...
(0Day) Marvell QConvergeConsole getFileUploadBytes Directory Traversal Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Marvell QConvergeConsole. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the getFileUploadBytes method. The issue results...
CVE-2025-49135 CVAT missing validation for in-progress backup upload names
CVAT is an open source interactive video and image annotation tool for computer vision. Versions 2.2.0 through 2.39.0 have no validation during the import process of a project or task backup to check that the filename specified in the query parameter refers to a TUS-uploaded file belonging to the...
Exploit for Unrestricted Upload of File with Dangerous Type in Efrotech Timetrax
CVE-2025-46157 CVE-2025-46157 – Timetrax V1 2025 Remote Co...
CVE-2025-4954
The CVE-2025-4954 entry concerns the WordPress plugin Axle Demo Importer (up to version 1.0.3). The vulnerability arises because the plugin does not validate uploaded files, allowing authenticated users (author level and above) to upload arbitrary files such as PHP to the server. This is stated d...
CVE-2024-47823
Livewire is a full-stack framework for Laravel that allows for dynamic UI components without leaving PHP. In livewire/livewire prior to 2.12.7 and v3.5.2, the file extension of an uploaded file is guessed based on the MIME type. As a result, the actual file extension from the file name is not...
CVE-2025-29017
A Remote Code Execution RCE vulnerability exists in Code Astro Internet Banking System 2.0.0 due to improper file upload validation in the profilepic parameter within pagesviewclient.php...
CVE-2025-29017
A Remote Code Execution RCE vulnerability exists in Code Astro Internet Banking System 2.0.0 due to improper file upload validation in the profilepic parameter within pagesviewclient.php...
CVE-2025-29017
Code Astro Internet Banking System 2.0.0 is reported vulnerable via the profile_pic parameter in pages_view_client.php due to improper file upload validation, allowing an attacker to upload a malicious PHP file and achieve Remote Code Execution (RCE). The linked exploit/documentation describes by...
PT-2025-15988 · Unknown · Codeastro Internet Banking System
Name of the Vulnerable Software and Affected Versions: Code Astro Internet Banking System version 2.0.0 Description: A Remote Code Execution RCE vulnerability exists due to improper file upload validation in the profile pic parameter within pages view client.php. Recommendations: Code Astro...
CVE-2025-29017
A Remote Code Execution RCE vulnerability exists in Code Astro Internet Banking System 2.0.0 due to improper file upload validation in the profilepic parameter within pagesviewclient.php...
CVE-2025-29017
A Remote Code Execution RCE vulnerability exists in Code Astro Internet Banking System 2.0.0 due to improper file upload validation in the profilepic parameter within pagesviewclient.php...
WordPress plugin Inline Image Upload for BBPress 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability exists in...
IBM Security ReaQta Code Issue Vulnerability
IBM Security ReaQta is an AI autonomous detection and response platform from International Business Machines IBM. IBM Security ReaQta version 3.12 suffers from a code issue vulnerability that stems from the application's lack of effective validation of uploaded files. An attacker can exploit the...
CVE-2025-0526
In affected versions of Octopus Deploy it was possible to upload files to unexpected locations on the host using an API endpoint. The field lacked validation which could potentially result in ways to circumvent expected workflows...
CVE-2024-9422
The GEO my WP WordPress plugin before 4.5, gmw-premium-settings WordPress plugin before 3.1 does not sufficiently validate files to be uploaded, which could allow attackers to upload arbitrary files such as PHP on the server...
CVE-2024-9422 GEO My WordPress < 4.5 - Admin+ Arbitrary File Upload
The GEO my WP WordPress plugin before 4.5, gmw-premium-settings WordPress plugin before 3.1 does not sufficiently validate files to be uploaded, which could allow attackers to upload arbitrary files such as PHP on the server...
Shilpi Client Dashboard 代码问题漏洞
Shilpi Client Dashboard is a centralized dashboard from Shilpi. A code issue vulnerability exists in Shilpi Client Dashboard versions prior to 9.7.0 that stems from improper validation of uploaded files other than those with specified extensions, which could lead to remote code execution on the...