CVE-2018-19196

An issue was discovered in XiaoCms 20141229. It allows remote attackers to execute arbitrary code by using the type parameter to bypass the standard admin\controller\uploadfile.php restrictions on uploaded file types jpg, jpeg, bmp, png, gif, as demonstrated by an...

CVE-2022-23043

Zenario CMS 9.2 allows an authenticated admin user to bypass the file upload restriction by creating a new 'File/MIME Types' using the '.phar' extension. Then an attacker can upload a malicious file, intercept the request and change the extension to '.phar' in order to run commands on the server...

CVE-2019-7861

Insufficient server-side validation of user input could allow an attacker to bypass file upload restrictions in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2...

EUVD-2019-3545

Malware in sbrugna...

EUVD-2015-9181

Malware in sbrugna...

EUVD-2002-2309

Malware in sbrugna...

EUVD-2019-17344

Malware in sbrugna...

EUVD-2015-0164

Malware in sbrugna...

EUVD-2022-1919

Malicious code in bioql PyPI...

EUVD-2022-0870

Malicious code in bioql PyPI...

EUVD-2022-2186

Malicious code in bioql PyPI...

EUVD-2022-1451

Malicious code in bioql PyPI...

PT-2025-30536 · Samsung · Magicinfo 9 Server

Name of the Vulnerable Software and Affected Versions: MagicINFO 9 Server versions prior to 21.1080.0 Description: A flaw exists in Samsung Electronics MagicINFO 9 Server that allows code injection through the unrestricted upload of files with dangerous types. Recommendations: Update MagicINFO 9...

PT-2025-27923 · Unknown · Fw Gallery

Name of the Vulnerable Software and Affected Versions: FW Gallery versions n/a through 8.0.0 Description: The issue allows for the unrestricted upload of files with dangerous types, enabling the use of malicious files. Recommendations: For FW Gallery versions n/a through 8.0.0, consider restricti...

CVE-2024-22724

An issue was discovered in osCommerce v4, allows local attackers to bypass file upload restrictions and execute arbitrary code via administrator profile photo upload feature...

CVE-2023-52044

Studio-42 eLfinder 2.1.62 is vulnerable to Remote Code Execution RCE as there is no restriction for uploading files with the .php8 extension...

CVE-2021-44912

In XE 1.116, when uploading the Normal button, there is no restriction on the file suffix, which leads to any file uploading to the files directory. Since .htaccess only restricts the PHP type, uploading HTML-type files leads to stored XSS vulnerabilities. If the .htaccess configuration is...

CVE-2019-7930

A file upload restriction bypass exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with administrator privileges to the import feature can make modifications to a configuration file, resulting in potentially unauthorized removal o...

CVE-2015-9339

The wp-file-upload plugin before 2.7.1 for WordPress has insufficient restrictions on upload of .js files...

PT-2025-22055 · Dkszone · Dkszone Eximius

Name of the Vulnerable Software and Affected Versions: dkszone Eximius versions n/a through 2.2 Description: The issue allows for the unrestricted upload of files with dangerous types, enabling the use of malicious files. Recommendations: For versions n/a through 2.2, consider restricting file...