PT-2024-25704

Name of the Vulnerable Software and Affected Versions WP STAGING WordPress Backup Plugin – Migration Backup Restore plugin for WordPress versions up to, and including, 3.4.3 Description The issue is related to arbitrary file uploads due to missing file type validation in the wpstg processing AJAX...

Remote Code Execution (RCE)

ezsystems/ezpublish-kernel is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper handling of file uploads, which can lead to remote code execution...

IBM Security Guardium Code Issue Vulnerability (CNVD-2024-24727)

IBM Security Guardium is a suite of platforms from International Business Machines IBM that provide data protection capabilities. The platform includes features such as custom UI, report management and streamlined audit process building. IBM Security Guardium suffers from a code issue vulnerabili...

PT-2024-26563 · O2Oa · O2Oa

Name of the Vulnerable Software and Affected Versions: O2OA version 8.3.8 Description: The issue allows attackers to execute arbitrary code by uploading a crafted PDF file, exploiting an arbitrary file upload vulnerability. Recommendations: For O2OA version 8.3.8, consider restricting file upload...

CVE-2024-5084

The Hash Form – Drag & Drop Form Builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'fileuploadaction' function in all versions up to, and including, 1.1.0. This makes it possible for unauthenticated attackers to upload arbitrary files ...

CVE-2024-5084 Hash Form – Drag & Drop Form Builder <= 1.1.0 - Unauthenticated Arbitrary File Upload to Remote Code Execution

The Hash Form – Drag & Drop Form Builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'fileuploadaction' function in all versions up to, and including, 1.1.0. This makes it possible for unauthenticated attackers to upload arbitrary files ...

Hash Form – Drag & Drop Form Builder < 1.1.1 - Unauthenticated Arbitrary File Upload to Remote Code Execution

Description The Hash Form – Drag & Drop Form Builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'fileuploadaction' function in all versions up to, and including, 1.1.0. This makes it possible for unauthenticated attackers to upload...

CVE-2024-33529

ILIAS 7 before 7.30 and ILIAS 8 before 8.11 as well as ILIAS 9.0 allow remote authenticated attackers with administrative privileges to execute operating system commands via file uploads with dangerous types...

CVE-2024-33529

ILIAS 7 before 7.30 and ILIAS 8 before 8.11 as well as ILIAS 9.0 allow remote authenticated attackers with administrative privileges to execute operating system commands via file uploads with dangerous types...

Gradio applications running locally vulnerable to 3rd party websites accessing routes and uploading files

Impact This CVE covers the ability of 3rd party websites to access routes and upload files to users running Gradio applications locally. For example, the malicious owners of www.dontvisitme.com could put a script on their website that uploads a large file to http://localhost:7860/upload and anyon...

PT-2024-25299 · Ilias · Ilias

Name of the Vulnerable Software and Affected Versions: ILIAS versions 7.0 through 7.29 ILIAS versions 8.0 through 8.10 ILIAS version 9.0 Description: The issue allows remote authenticated attackers with administrative privileges to execute operating system commands via file uploads with dangerous...

WordPress plugin ActiveDEMAND 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A code issue...

WordPress plugin XStore Core 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue...

PT-2024-23995 · Unknown · Copymatic – Ai Content Writer & Generator

Name of the Vulnerable Software and Affected Versions: Copymatic – AI Content Writer & Generator versions 1.6 and earlier Description: The issue is related to an Unrestricted Upload of File with Dangerous Type, which affects the Copymatic – AI Content Writer & Generator. This allows for the uploa...

Simple Online Bidding System Code Issue Vulnerability

Simple Online Bidding System is an online bidding system by oretnom23 individual developers. A code issue vulnerability exists in Simple Online Bidding System version 1.0, which stems from not limiting the number of file uploads...

LoLLMs Security Vulnerabilities

LoLLMs is a Web UI for a large language multimodal system by the individual developer Saifeddine ALOUI. A security vulnerability exists in LoLLMs that stems from the installmodel function in lollmscore/lollms/binding.py that does not properly clean up the file protocol and other inputs, resulting...

PT-2024-28041 · Unknown · Imartinez/Privategpt

Name of the Vulnerable Software and Affected Versions: imartinez/privategpt affected versions not specified Description: A stored Cross-Site Scripting XSS issue exists due to improper validation of file uploads. Attackers can exploit this by uploading malicious HTML files containing JavaScript...

EZsystems Remote code execution in file uploads

This Security Advisory is about a vulnerability in the way eZ Platform and eZ Publish Legacy handles file uploads, which can in the worst case lead to remote code execution RCE, a very serious threat. An attacker would need access to uploading files to be able to exploit the vulnerability, so if...

GHSA-9895-26WR-4FGV EZsystems Remote code execution in file uploads

This Security Advisory is about a vulnerability in the way eZ Platform and eZ Publish Legacy handles file uploads, which can in the worst case lead to remote code execution RCE, a very serious threat. An attacker would need access to uploading files to be able to exploit the vulnerability, so if...

GHSA-3VWR-JJ4F-H98X eZ Publish Remote code execution in file uploads

This Security Advisory is about a vulnerability in the way eZ Platform and eZ Publish Legacy handles file uploads, which can in the worst case lead to remote code execution RCE, a very serious threat. An attacker would need access to uploading files to be able to exploit the vulnerability, so if...