35 matches found
CVE-2025-7895
The CVE-2025-7895 entry concerns harry0703 MoneyPrinterTurbo (up to 1.2.6). The vulnerable component is the File Extension Handler, specifically the function upload_bgm_file in app/controllers/v1/video.py. The root cause is manipulation of the File argument, enabling unrestricted (arbitrary) file...
CVE-2024-8338
A vulnerability was found in HFO4 shudong-share 2.4.7. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /includes/fileReceive.php of the component File Extension Handler. The manipulation of the argument file leads to unrestricted upload. Th...
CVE-2024-8338
CVE-2024-8338 affects HFO4 shudong-share 2.4.7. The vulnerability is in /includes/fileReceive.php of the File Extension Handler, where manipulating the file argument enables unrestricted remote upload. The exploit has been disclosed publicly and, per sources, this issue affects products no longer...
PT-2024-38953 · Unknown · Hfo4 Shudong-Share
Name of the Vulnerable Software and Affected Versions: HFO4 shudong-share version 2.4.7 Description: A critical vulnerability was found in the file /includes/fileReceive.php of the component File Extension Handler. The manipulation of the file argument leads to unrestricted upload. The attack can...
CVE-2024-7904
A vulnerability was found in DedeBIZ 6.3.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file admin/filemanagecontrol.php of the component File Extension Handler. The manipulation of the argument upfile1 leads to unrestricted upload. The attack may be...
CVE-2024-7904
A vulnerability was found in DedeBIZ 6.3.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file admin/filemanagecontrol.php of the component File Extension Handler. The manipulation of the argument upfile1 leads to unrestricted upload. The attack may be...
CVE-2024-7904
CVE-2024-7904 affects DedeBIZ 6.3.0. The vulnerability lies in the File Extension Handler’s admin/file_manage_control.php where the upfile1 parameter enables unrestricted file upload, enabling remote exploitation as disclosed. Evidence across multiple sources confirms the impact is unrestricted u...
CVE-2024-7904 DedeBIZ File Extension file_manage_control.php unrestricted upload
A vulnerability was found in DedeBIZ 6.3.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file admin/filemanagecontrol.php of the component File Extension Handler. The manipulation of the argument upfile1 leads to unrestricted upload. The attack may be...
CVE-2024-7903
A vulnerability was found in DedeBIZ 6.3.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file admin/mediaadd.php of the component File Extension Handler. The manipulation of the argument upfile1 leads to unrestricted upload. The attack can be...
CVE-2024-7903 DedeBIZ File Extension media_add.php unrestricted upload
A vulnerability was found in DedeBIZ 6.3.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file admin/mediaadd.php of the component File Extension Handler. The manipulation of the argument upfile1 leads to unrestricted upload. The attack can be...
CVE-2024-2565
A vulnerability was found in PandaXGO PandaX up to 20240310. It has been classified as critical. Affected is an unknown function of the file /apps/system/router/upload.go of the component File Extension Handler. The manipulation of the argument file leads to unrestricted upload. It is possible to...
CVE-2024-2565
A vulnerability was found in PandaXGO PandaX up to 20240310. It has been classified as critical. Affected is an unknown function of the file /apps/system/router/upload.go of the component File Extension Handler. The manipulation of the argument file leads to unrestricted upload. It is possible to...
CVE-2024-2565 PandaXGO PandaX File Extension upload.go unrestricted upload
A vulnerability was found in PandaXGO PandaX up to 20240310. It has been classified as critical. Affected is an unknown function of the file /apps/system/router/upload.go of the component File Extension Handler. The manipulation of the argument file leads to unrestricted upload. It is possible to...
CVE-2024-2565 PandaXGO PandaX File Extension upload.go unrestricted upload
A vulnerability was found in PandaXGO PandaX up to 20240310. It has been classified as critical. Affected is an unknown function of the file /apps/system/router/upload.go of the component File Extension Handler. The manipulation of the argument file leads to unrestricted upload. It is possible to...
SUSE CVE-2007-3845
Mozilla Firefox before 2.0.0.6, Thunderbird before 1.5.0.13 and 2.x before 2.0.0.6, and SeaMonkey before 1.1.4 allow remote attackers to execute arbitrary commands via certain vectors associated with launching "a file handling program based on the file extension at the end of the URI," a variant ...