Lucene search
K

45731 matches found

Snyk
Snyk
added 2026/05/29 9:14 p.m.3 views

Incomplete List of Disallowed Inputs

Overview Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs via the defaultSanitizer function in FileAdder.php. An attacker can upload files with double extensions or omitted executable extensions, potentially leading to remote code execution by bypassing fil...

8.8CVSS6.4AI score0.0044EPSS
Exploits0References2
NVD
NVD
added 2026/05/29 8:16 p.m.13 views

CVE-2026-48557

Spatie Laravel Media Library before version 11.23.0 contains a file upload restriction bypass in FileAdder::defaultSanitizer. The sanitizer checks only the final filename suffix, allowing double-extension filenames such as shell.php.jpg to bypass the blocklist, with pathinfo preserving inner .php...

8.8CVSS0.0044EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/05/29 8:13 p.m.9 views

CVE-2026-30761

An arbitrary file upload vulnerability in the pages/admin.uploadmapimg.php component of SourceBans Material Admin v1.1.6 allows attackers to execute arbitrary code via uploading a crafted image file...

7.3CVSS6.2AI score0.00358EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/29 7:49 p.m.36 views

CVE-2026-48557 Spatie Laravel Media Library < 11.23.0 File Upload Restriction Bypass via FileAdder.php

Spatie Laravel Media Library before version 11.23.0 contains a file upload restriction bypass in FileAdder::defaultSanitizer. The sanitizer checks only the final filename suffix, allowing double-extension filenames such as shell.php.jpg to bypass the blocklist, with pathinfo preserving inner .php...

8.8CVSS0.0044EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/29 7:49 p.m.10 views

CVE-2026-48557

Spatie Laravel Media Library before version 11.23.0 contains a file upload restriction bypass in FileAdder::defaultSanitizer. The sanitizer checks only the final filename suffix, allowing double-extension filenames such as shell.php.jpg to bypass the blocklist, with pathinfo preserving inner .php...

8.8CVSS5.8AI score0.0044EPSS
Exploits0References5
CVE
CVE
added 2026/05/29 7:49 p.m.42 views

CVE-2026-48557

The CVE affects Spatie Laravel Media Library prior to 11.23.0. In FileAdder::defaultSanitizer(), the file upload filter only checks the final filename suffix, allowing double-extension names like shell.php.jpg to bypass the blocklist, since inner .php stems are preserved by pathinfo(). The blockl...

8.8CVSS5.8AI score0.0044EPSS
Exploits0References4
NVD
NVD
added 2026/05/29 4:16 p.m.13 views

CVE-2018-25388

HaPe PKH 1.1 contains an arbitrary file upload vulnerability that allows authenticated attackers to upload malicious files by bypassing file type validation. Attackers can upload PHP files through multiple endpoints including aksifoto.php, aksiuser.php, and aksikecamatan.php to execute arbitrary...

8.8CVSS0.00519EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/29 4:3 p.m.10 views

CVE-2026-45663 Dokploy: Remote Code Execution via destinationPath in Container File Upload

Dokploy is a free, self-hostable Platform as a Service PaaS. In 0.29.1 and earlier, a command injection vulnerability exists in the Docker file upload functionality. When an authenticated user uploads a file to a container, the destinationPath parameter is not properly sanitized and is directly...

9.9CVSS6.1AI score0.00866EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/29 4:3 p.m.9 views

EUVD-2026-33348

Dokploy is a free, self-hostable Platform as a Service PaaS. In 0.29.1 and earlier, a command injection vulnerability exists in the Docker file upload functionality. When an authenticated user uploads a file to a container, the destinationPath parameter is not properly sanitized and is directly...

9.9CVSS6.1AI score0.00866EPSS
Exploits0References1
CVE
CVE
added 2026/05/29 4:3 p.m.17 views

CVE-2026-45663

Dokploy (PaaS) contains a command injection vulnerability in the Docker file upload flow prior to 0.29.1. The destinationPath parameter is not sanitized and is interpolated into a shell command, allowing an authenticated user who uploads a file to a container to inject shell metacharacters (e.g.,...

9.9CVSS6.1AI score0.00866EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/29 4:3 p.m.8 views

CVE-2026-45663

Dokploy is a free, self-hostable Platform as a Service PaaS. In 0.29.1 and earlier, a command injection vulnerability exists in the Docker file upload functionality. When an authenticated user uploads a file to a container, the destinationPath parameter is not properly sanitized and is directly...

9.9CVSS6.1AI score0.00866EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2026/05/29 3:16 p.m.10 views

CVE-2026-39292

Falco Solutions PHPPageBuilder v0.31.0 contains an unrestricted file upload vulnerability in the pagemanager/pagebuilder module that allows remote attackers to upload arbitrary files and achieve remote code execution. The vulnerability exists due to insufficient validation of uploaded file types...

7.3CVSS0.00472EPSS
Exploits1References2
CVE
CVE
added 2026/05/29 2:46 p.m.13 views

CVE-2018-25388

HaPe PKH 1.1 has an arbitrary file upload vulnerability that bypasses file type validation, allowing authenticated attackers to upload PHP files and execute arbitrary code on the server. Affected endpoints include aksi_foto.php, aksi_user.php, and aksi_kecamatan.php. CVSS metrics indicate high im...

8.8CVSS6.3AI score0.00519EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/29 2:46 p.m.10 views

EUVD-2018-21910

HaPe PKH 1.1 contains an arbitrary file upload vulnerability that allows authenticated attackers to upload malicious files by bypassing file type validation. Attackers can upload PHP files through multiple endpoints including aksifoto.php, aksiuser.php, and aksikecamatan.php to execute arbitrary...

8.8CVSS6.3AI score0.00519EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/29 2:46 p.m.8 views

CVE-2018-25388 HaPe PKH 1.1 Arbitrary File Upload via aksi_foto.php

HaPe PKH 1.1 contains an arbitrary file upload vulnerability that allows authenticated attackers to upload malicious files by bypassing file type validation. Attackers can upload PHP files through multiple endpoints including aksifoto.php, aksiuser.php, and aksikecamatan.php to execute arbitrary...

8.8CVSS6.3AI score0.00519EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/29 2:46 p.m.30 views

CVE-2018-25388 HaPe PKH 1.1 Arbitrary File Upload via aksi_foto.php

HaPe PKH 1.1 contains an arbitrary file upload vulnerability that allows authenticated attackers to upload malicious files by bypassing file type validation. Attackers can upload PHP files through multiple endpoints including aksifoto.php, aksiuser.php, and aksikecamatan.php to execute arbitrary...

8.8CVSS0.00519EPSS
Exploits0References4
NVD
NVD
added 2026/05/29 2:16 p.m.18 views

CVE-2026-10072

DreamMaker developed by Interinfo has an Arbitrary File Upload vulnerability, allowing privileged remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server...

8.6CVSS0.00456EPSS
Exploits0References2
NVD
NVD
added 2026/05/29 1:16 p.m.14 views

CVE-2026-10071

DreamMaker developed by Interinfo has an Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server...

9.8CVSS0.00508EPSS
Exploits0References2
CVE
CVE
added 2026/05/29 12:36 p.m.21 views

CVE-2026-10072

DreamMaker (Interinfo) is affected by an Arbitrary File Upload vulnerability that enables privileged remote attackers to upload and execute web shell backdoors, resulting in arbitrary code execution on the server. The issue is documented in CVE-2026-10072 with CVSS metrics indicating high severit...

8.6CVSS6.4AI score0.00456EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/29 12:36 p.m.12 views

CVE-2026-10072 Interinfo|DreamMaker - Arbitrary File Upload

DreamMaker developed by Interinfo has an Arbitrary File Upload vulnerability, allowing privileged remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server...

8.6CVSS6.4AI score0.00456EPSS
Exploits0References2
Rows per page
Query Builder