51 matches found
Incorrect Authorization
Overview github.com/mattermost/mattermost/server/channels/app is a private-cloud Slack alternative Affected versions of this package are vulnerable to Incorrect Authorization via the upload process. An attacker can bypass team-specific file upload restrictions by uploading files in a team where...
WordPress plugin AI Engine 代码问题漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application plugin. There is a...
FreeScout 安全漏洞
FreeScout is a lightweight and powerful free open-source help desk and shared inbox built using PHP Laravel framework by FreeScout Inc. Versions of FreeScout prior to 1.8.206 contained security vulnerabilities; these vulnerabilities were due to an incomplete list of file upload restrictions, whic...
CVE-2020-37113
GUnet OpenEclass 1.7.3 allows authenticated users to bypass file extension restrictions when uploading files. By renaming a PHP file to .php3 or .PhP, an attacker can upload a web shell and execute arbitrary code on the server. This vulnerability enables remote code execution by bypassing the...
QloApps 安全漏洞
QloApps is a hotel management and reservation system from QloApps open source. A security vulnerability exists in QloApps version 1.7.0 and prior versions, which stems from improper file upload restrictions and could lead to remote code execution...
EUVD-2015-9180
Malware in sbrugna...
EUVD-2015-4483
Malware in sbrugna...
EUVD-2015-0353
Malware in sbrugna...
EUVD-2022-4309
Malicious code in bioql PyPI...
EUVD-2025-0234
Malicious code in bioql PyPI...
PT-2025-23160 · Huocms · Huocms
Name of the Vulnerable Software and Affected Versions: HuoCMS version 3.5.1 Description: The issue allows an attacker to exploit a flaw and bypass whitelist restrictions, enabling them to craft malicious files with specific suffixes and potentially gain control of the server. Recommendations: For...
CVE-2015-9340
The wp-file-upload plugin before 3.0.0 for WordPress has insufficient restrictions on upload of php, js, pht, php3, php4, php5, phtml, htm, html, and htaccess files...
PT-2025-21594 · Unknown · Campcodes Sales/Inventory System
Name of the Vulnerable Software and Affected Versions: Campcodes Sales and Inventory System version 1.0 Description: A critical vulnerability has been found in the Campcodes Sales and Inventory System, affecting an unknown functionality of the file /pages/product.php. The manipulation of the...
PT-2025-14441 · Onlyoffice · Onlyoffice Document Server
Name of the Vulnerable Software and Affected Versions: ONLYOFFICE Document Server versions 7.5.0 and earlier Description: The issue allows a remote attacker to obtain sensitive information via a crafted file upload. This is a result of a Directory Traversal vulnerability. Recommendations: For...
GHSA-7PQ5-QCP6-MCWW CKAN has an XSS vector in user uploaded images in group/org and user profiles
Impact Using a specially crafted file, a user could potentially upload a file containing code that when executed could send arbitrary requests to the server. If that file was opened by an administrator, it could lead to escalation of privileges of the original submitter or other malicious actions...
PT-2024-38594 · Unknown · Gaizhenbiao/Chuanhuchatgpt
Name of the Vulnerable Software and Affected Versions: gaizhenbiao/chuanhuchatgpt version 20240628 Description: A Denial of Service DOS attack can be performed by appending a large number of characters to the end of a multipart boundary when uploading a file. This causes the system to continuousl...
PT-2024-39646 · WordPress · Wp Builder
Name of the Vulnerable Software and Affected Versions: WP Builder plugin for WordPress versions up to, and including, 3.0.7 Description: The issue is related to Stored Cross-Site Scripting via SVG File uploads due to insufficient input sanitization and output escaping. This allows authenticated...
CVE-2024-29368
CVE-2024-29368 affects moziloCMS v2.0, targeting the file handling module. The vulnerability enables an attacker to bypass extension restrictions by renaming uploaded files, potentially allowing arbitrary code execution or storage of malicious content. Public documentation from multiple sources c...
Arbitrary File Upload
zoujingli/thinkadmin is vulnerable to Arbitrary File Upload. The vulnerability exists because the library does not properly validate files uploaded via api/upload.php, which allows an attacker to bypass the file upload restrictions and execute malicious code on the system...
PT-2023-23964 · Unknown · Parse Javascript Sdk +1
Name of the Vulnerable Software and Affected Versions: Parse Server versions prior to 5.4.4 and 6.1.1 Description: The issue involves a phishing attack vulnerability where a malicious user can upload an HTML file to Parse Server via its public API. This uploaded HTML file can then be accessed at...