PT-2024-24155 · Thinkcmf · Thinkcmf

Name of the Vulnerable Software and Affected Versions: ThinkCMF version 6.0.9 Description: The issue concerns a file upload vulnerability via the UeditorController.php. Recommendations: For ThinkCMF version 6.0.9, consider disabling the file upload functionality via UeditorController.php until a...

WordPress plugin Unlimited Elements For Elementor 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code issue vulnerability exists in...

Royal Elementor Addons and Templates < 1.3.95 - Unauthenticated Limited File Upload

Description The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to limited file uploads due to missing file type validation in the 'filevalidity' function in all versions up to, and including, 1.3.94. This makes it possible for unauthenticated attackers to upload dangerous...

PT-2024-3040 · WordPress · Forminator

Name of the Vulnerable Software and Affected Versions: Forminator versions prior to 1.29.0 Description: The issue is related to an unrestricted upload of files with dangerous types in the Forminator plugin for WordPress. This could allow a remote attacker to upload arbitrary files to the server,...

FileBird < 5.6.4 - Author+ Users Folder Deletion

Description The plugin is vulnerable to Insecure Direct Object Reference via folder deletion due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with author access or higher, to delete folders created by other users and make their file uploads...

BMC Software Compuware iStrobe Web 安全漏洞

BMC Software Compuware iStrobe Web is a product from BMC Software designed for use on workstations in conjunction with the Strobe MVS Application Performance Measurement System. A security vulnerability exists in BMC Software Compuware iStrobe Web version 20.13 that stems from a remote shell uplo...

PT-2024-3356 · Netcat · Netcat

Name of the Vulnerable Software and Affected Versions: Netcat affected versions not specified Description: The issue is related to a lack of restrictions on file uploads in the Netcat CMS system. This can be exploited by a remote attacker to execute arbitrary code or cause a denial of service...

Local File Inclusion (LFI)

gradio is vulnerable to a Local File Inclusion. This vulnerability is due to improper validation of user-supplied input in the UploadButton component, specifically in the handling of file paths during file uploads to the /queue/join endpoint, which allows attackers to read arbitrary files on the...

Traccar 代码问题漏洞

Traccar is a Java-based website builder that provides GPS tracking functionality from Traccar Inc. in the United States. The software supports more than 170 GPS protocols and more than 1500 models of GPS tracking devices.Traccar can be used with any major SQL database system . It also provides an...

PT-2024-18846 · WordPress · Envíalosimple

Name of the Vulnerable Software and Affected Versions: EnvíaloSimple: Email Marketing y Newsletters plugin for WordPress versions up to, and including, 2.3 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the gallery add function. Thi...

CVE-2024-2296

The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG file uploads in all versions up to, and including, 1.8.21 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

PT-2024-19630 · 10Web · The Photo Gallery

Name of the Vulnerable Software and Affected Versions: The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress versions up to, and including, 1.8.21 Description: The issue is related to Stored Cross-Site Scripting via SVG file uploads due to insufficient input sanitization...

PT-2024-24087

Name of the Vulnerable Software and Affected Versions PsiTransfer versions prior to 2.2.0 Description The issue arises from the absence of restrictions on the "POST /files" endpoint, which allows users to create a path for uploading a file in a file distribution. This enables an attacker to add...

CVE-2024-3022

The BookingPress plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient filename validation in the 'bookingpressprocessupload' function in all versions up to, and including 1.0.87. This allows an authenticated attacker with administrator-level capabilities or higher to...

CVE-2024-3022

The BookingPress plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient filename validation in the 'bookingpressprocessupload' function in all versions up to, and including 1.0.87. This allows an authenticated attacker with administrator-level capabilities or higher to...

CVE-2024-3022

BookingPress for WordPress (all versions

CVE-2024-3022 BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin <= 1.0.87 - Authenticated (Admin+) Arbitrary File Upload

The BookingPress plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient filename validation in the 'bookingpressprocessupload' function in all versions up to, and including 1.0.87. This allows an authenticated attacker with administrator-level capabilities or higher to...

BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin < 1.0.88 - Authenticated (Admin+) Arbitrary File Upload

Description The BookingPress plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient filename validation in the 'bookingpressprocessupload' function in all versions up to, and including 1.0.87. This allows an authenticated attacker with administrator-level capabilities or...

CVE-2024-30500

Unrestricted Upload of File with Dangerous Type vulnerability in CubeWP CubeWP – All-in-One Dynamic Content Framework.This issue affects CubeWP – All-in-One Dynamic Content Framework: from n/a through 1.1.12...

Unspecified Vulnerability in Palo Alto Networks GlobalProtect (CNVD-2024-20756)

Palo Alto Networks GlobalProtect is a suite of network protection software from Palo Alto Networks, USA. The software provides firewall monitoring and threat prevention. A security vulnerability exists in Palo Alto Networks GlobalProtect that originates from the ability of an authenticated,...