94 matches found
CVE-2018-19196
An issue was discovered in XiaoCms 20141229. It allows remote attackers to execute arbitrary code by using the type parameter to bypass the standard admin\controller\uploadfile.php restrictions on uploaded file types jpg, jpeg, bmp, png, gif, as demonstrated by an...
CVE-2022-23043
Zenario CMS 9.2 allows an authenticated admin user to bypass the file upload restriction by creating a new 'File/MIME Types' using the '.phar' extension. Then an attacker can upload a malicious file, intercept the request and change the extension to '.phar' in order to run commands on the server...
CVE-2019-7861
Insufficient server-side validation of user input could allow an attacker to bypass file upload restrictions in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2...
EUVD-2002-2309
Malware in sbrugna...
EUVD-2015-9181
Malware in sbrugna...
EUVD-2019-3545
Malware in sbrugna...
EUVD-2019-17344
Malware in sbrugna...
EUVD-2015-0164
Malware in sbrugna...
EUVD-2022-2186
Malicious code in bioql PyPI...
EUVD-2022-1919
Malicious code in bioql PyPI...
EUVD-2022-1451
Malicious code in bioql PyPI...
EUVD-2022-0870
Malicious code in bioql PyPI...
PT-2025-30536 · Samsung · Magicinfo 9 Server
Name of the Vulnerable Software and Affected Versions: MagicINFO 9 Server versions prior to 21.1080.0 Description: A flaw exists in Samsung Electronics MagicINFO 9 Server that allows code injection through the unrestricted upload of files with dangerous types. Recommendations: Update MagicINFO 9...
PT-2025-27923 · Unknown · Fw Gallery
Name of the Vulnerable Software and Affected Versions: FW Gallery versions n/a through 8.0.0 Description: The issue allows for the unrestricted upload of files with dangerous types, enabling the use of malicious files. Recommendations: For FW Gallery versions n/a through 8.0.0, consider restricti...
CVE-2024-22724
An issue was discovered in osCommerce v4, allows local attackers to bypass file upload restrictions and execute arbitrary code via administrator profile photo upload feature...
CVE-2023-52044
Studio-42 eLfinder 2.1.62 is vulnerable to Remote Code Execution RCE as there is no restriction for uploading files with the .php8 extension...
CVE-2021-44912
In XE 1.116, when uploading the Normal button, there is no restriction on the file suffix, which leads to any file uploading to the files directory. Since .htaccess only restricts the PHP type, uploading HTML-type files leads to stored XSS vulnerabilities. If the .htaccess configuration is...
CVE-2019-7930
A file upload restriction bypass exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with administrator privileges to the import feature can make modifications to a configuration file, resulting in potentially unauthorized removal o...
CVE-2015-9339
The wp-file-upload plugin before 2.7.1 for WordPress has insufficient restrictions on upload of .js files...
PT-2025-22055 · Dkszone · Dkszone Eximius
Name of the Vulnerable Software and Affected Versions: dkszone Eximius versions n/a through 2.2 Description: The issue allows for the unrestricted upload of files with dangerous types, enabling the use of malicious files. Recommendations: For versions n/a through 2.2, consider restricting file...