CVE-2022-1206

CVE-2022-1206 concerns the WordPress plugin AdRotate Banner Manager. The vulnerability is an arbitrary file upload caused by missing file extension sanitization in the adrotate_insert_media() function, affecting all versions up to and including 5.13.2. It requires authenticated access at administ...

CVE-2024-7775 Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder 2.0 - 2.13.9 - Authenticated (Administrator+) Arbitrary JavaScript File Uploads

The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to arbitrary JavaScript file uploads due to missing input validation in the addCustomCode function in versions 2.0 to 2.13.9. This makes i...

Security Bulletin: Multiple Apache Solr Vulerabilities Affect IBM OpenPages

Summary Apache Solr package is used by IBM OpenPages for the Search Server. Multiple vulnerabilties are being disclosed from Apache Solr within this bulletin. These vulnerabilities are addressed. Vulnerability Details CVEID:CVE-2023-50386 DESCRIPTION: Apache Solr could allow a remote attacker to...

CVE-2024-40705 IBM InfoSphere Information Server denial of service

IBM InfoSphere Information Server could allow an authenticated user to consume file space resources due to unrestricted file uploads. IBM X-Force ID: 298279...

CVE-2024-40705

CVE-2024-40705 : IBM InfoSphere Information Server (InfoSphere Information Governance Catalog) contains an unrestricted file upload vulnerability that could allow an authenticated user to exhaust file space resources. The primary impact is resource depletion (availability impact). Affected produc...

CVE-2024-4389

The Slider and Carousel slider by Depicter plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the uploadFile function in all versions up to, and including, 3.1.1. This makes it possible for authenticated attackers, with contributor access or higher...

CVE-2024-4389 Slider & Popup Builder by Depicter – Add Image Slider, Carousel Slider, Exit Intent Popup, Popup Modal, Coupon Popup, Post Slider Carousel <= 3.1.1 - Authenticated (Contributor+) Arbitrary File Upload

The Slider and Carousel slider by Depicter plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the uploadFile function in all versions up to, and including, 3.1.1. This makes it possible for authenticated attackers, with contributor access or higher...

CVE-2024-4389

CVE-2024-4389 affects Slider & Carousel Slider (Depicter) for WordPress; all versions up to 3.1.1 permit arbitrary file uploads due to missing file type validation in uploadFile, enabling authenticated users with Contributor+ access to upload files and potentially achieve remote code execution. T...

CVE-2024-6823

The Media Library Assistant plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation involving the mla-inline-edit-upload-scripts AJAX action in all versions up to, and including, 3.18. This makes it possible for authenticated attackers, with Author-level...

EUVD-2024-47839

The Media Library Assistant plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation involving the mla-inline-edit-upload-scripts AJAX action in all versions up to, and including, 3.18. This makes it possible for authenticated attackers, with Author-level...

WordPress plugin Media Library Assistant 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in the...

PT-2024-6010 · Adobe · Commerce

Name of the Vulnerable Software and Affected Versions: Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier Description: The issue is related to an Unrestricted Upload of File with Dangerous Type, which could result in arbitrary code execution by an attacker. An attacker cou...

CVE-2024-6315

The Blox Page Builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'handleUploadFile' function in all versions up to, and including, 1.0.65. This makes it possible for authenticated attackers, with contributor-level and above permissions,...

CVE-2024-7484

The CRM Perks Forms plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file validation on the 'handleuploadedfiles' function in versions up to, and including, 1.1.3. This makes it possible for authenticated attackers with administrator-level capabilities or above, to...

CVE-2024-6315

CVE-2024-6315 concerns Blox Page Builder for WordPress. The vulnerability stems from missing file-type validation in the handleUploadFile function across versions up to 1.0.65, enabling authenticated users with contributor+ permissions to upload arbitrary files to the server; this could enable re...

itsourcecode Laravel Accounting System 代码问题漏洞

itsourcecode Laravel Accounting System is an accounting system from itsourcecode, Inc. A code issue vulnerability exists in version 1.0 of itsourcecode Laravel Accounting System, which stems from an incorrect manipulation of the parameter image that can lead to unrestricted file uploads...

itsourcecode Airline Reservation System 代码问题漏洞

itsourcecode Airline Reservation System is an airline reservation system from itsourcecode, Inc. A code issue vulnerability exists in version 1.0 of itsourcecode Airline Reservation System, which stems from an incorrect manipulation of the parameter img that can lead to unlimited file uploads...

PT-2024-5834 · Poly · Poly Clariti Manager

Name of the Vulnerable Software and Affected Versions: Poly Clariti Manager versions up to 10.10.2.2 Description: A vulnerability was discovered in the Poly Clariti Manager devices, related to the firmware not properly sanitizing user input. This issue is also associated with an unlimited upload ...

CVE-2024-7257

CVE-2024-7257 affects YayExtra – WooCommerce Extra Product Options (WordPress plugin) versions up to 1.3.7, with unauthenticated arbitrary file uploads via handle_upload_file. This user‑level vulnerability could enable remote code execution on affected sites. A patch is available in version 1.3.8...

WordPress plugin YayExtra 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...