The vulnerability of OMICARD’s marketing mailing system lies in the improper restriction on the name of the path to the restricted catalog. This allows attackers to bypass the authentication process and upload arbitrary files.

The vulnerability of OMICARD’s marketing email system is related to incorrect restrictions on the path name to the restricted catalog during the processing of the FileName parameter. Exploiting this vulnerability allows a malicious actor to bypass authentication procedures and upload arbitrary...

PT-2023-19325 · Woorockets · Woorockets Corsa

Name of the Vulnerable Software and Affected Versions: WooRockets Corsa versions 1.5 and earlier Description: The issue is related to an Unrestricted Upload of File with Dangerous Type vulnerability. This allows for the upload of files with potentially dangerous types, which could lead to securit...

CVE-2023-46263

An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.4.1 and below that could allow an attacker to achieve a remote code execution...

Wavelink Avalanche Security Vulnerability

Wavelink Avalanche is a mobile device management system from Wavelink, Inc. in the United States. A security vulnerability exists in Wavelink Avalanche version 6.4.1 and earlier versions, which stems from not limiting the number of uploads of dangerous types of files. An attacker can exploit the...

WordPress Plugin Vrm 360 3D Model Viewer Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

CVE-2023-48394

Kaifa Technology WebITR is an online attendance system, its file uploading function does not restrict upload of file with dangerous type. A remote attacker with regular user privilege can exploit this vulnerability to upload arbitrary files to perform arbitrary command or disrupt service...

CVE-2023-6826

The E2Pdf plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation on the 'importaction' function in versions up to, and including, 1.20.25. This makes it possible for authenticated attackers with a role that the administrator previously granted access...

Input validation

The E2Pdf plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation on the 'importaction' function in versions up to, and including, 1.20.25. This makes it possible for authenticated attackers with a role that the administrator previously granted access...

CVE-2023-6827 Essential Real Estate <= 4.3.5 - Authenticated (Subscriber+) Arbitrary File Upload

The Essential Real Estate plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation on the 'ajaxUploadFonts' function in versions up to, and including, 4.3.5. This makes it possible for authenticated attackers with subscriber-level capabilities or above...

CVE-2023-6827

The CVE concerns the WordPress plugin Essential Real Estate (

CVE-2023-6826 E2Pdf <= 1.20.25 - Authenticated (Administrator+) Arbitrary File Upload

The E2Pdf plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation on the 'importaction' function in versions up to, and including, 1.20.25. This makes it possible for authenticated attackers with a role that the administrator previously granted access...

CVE-2023-6826 E2Pdf <= 1.20.25 - Authenticated (Administrator+) Arbitrary File Upload

The E2Pdf plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation on the 'importaction' function in versions up to, and including, 1.20.25. This makes it possible for authenticated attackers with a role that the administrator previously granted access...

WordPress Plugin Essential Real Estate Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

Stored Cross Site Scripting

Umbraco is vulnerable to Stored Cross Site Scripting. The vulnerability is due to improper validation on SVG file uploads. This issue can be exploited by an attacker via uploading malicious SVG file containing JavaScript...

CVE-2023-6120 Welcart e-Commerce <= 2.9.6 - Authenticated (Administrator+) Directory Traversal

The Welcart e-Commerce plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.9.6 via the uploadcertificatefile function. This makes it possible for administrators to upload .pem or .crt files to arbitrary locations on the server...

PT-2023-22026 · Filerun · Filerun

Name of the Vulnerable Software and Affected Versions: Filerun versions through Update 20220202 Description: A Broken Access Control issue in comments to uploaded files allows attackers to delete comments on files uploaded by other users. Recommendations: For versions through Update 20220202,...

ThinkAdmin 安全漏洞

ThinkAdmin is a general purpose backend management system based on the ThinkPHP framework. A security vulnerability exists in ThinkAdmin version v6.1.53, which originates from allowing arbitrary file uploads. An attacker can exploit the vulnerability to execute arbitrary code via a specially...

PT-2023-32441 · WordPress · Welcart E-Commerce

Name of the Vulnerable Software and Affected Versions: Welcart e-Commerce WordPress plugin versions prior to 2.9.5 Description: The issue arises from the lack of file validation for uploads and the absence of authorization and CSRF protection in an AJAX action handling file uploads. This allows a...

CVE-2023-5636

Unrestricted Upload of File with Dangerous Type vulnerability in ArslanSoft Education Portal allows Command Injection.This issue affects Education Portal: before v1.1...

CVE-2023-6449

The Contact Form 7 plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'validate' function and insufficient blocklisting on the 'wpcf7antiscriptfilename' function in versions up to, and including, 5.8.3. This makes it possible for...