WordPress Plugin Big File Uploads Cross-Site Request Forgery Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress Plugin Big File Uploads - Increas...

Headwind MDM Cross-Site Scripting Vulnerability

Headwind MDM is a platform for managing Android devices in an organization. A cross-site scripting vulnerability exists in Headwind MDM Web panel version 5.22.1, which stems from unrestricted file uploads...

Multiple vulnerabilities in EXPRESSCLUSTER X

Overview WebManager/Cluster WebUI of EXPRESSCLUSTER X provided by NEC Corporation contains multiple vulnerabilities listed below. Missing authorization CWE-862 - CVE-2023-39544 Files or directories accessible to external parties CWE-552 - CVE-2023-39545 Use of password hash instead of password fo...

CVE-2023-6187

The Paid Memberships Pro plugin for WordPress is vulnerable to arbitrary file uploads to insufficient file type validation in the 'pmpropaypalexpresssessionvarsforuserfields' function in versions up to, and including, 2.12.3. This makes it possible for authenticated attackers with subscriber...

PT-2023-32556 · WordPress · Paid Memberships Pro

Name of the Vulnerable Software and Affected Versions: Paid Memberships Pro plugin for WordPress versions up to, and including, 2.12.3 Description: The issue arises from insufficient file type validation in the pmpro paypalexpress session vars for user fields function. This allows authenticated...

CVE-2023-6015

MLflow allowed arbitrary files to be PUT onto the server...

tomcat: FileUpload: DoS due to accumulation of temporary files on Windows

A flaw was found in Apache Tomcat. An incomplete cleanup vulnerability with the internal fork of the Commons FileUpload package exposed a potential denial of service on Windows if a web application opened a stream for an uploaded file but failed to close the stream. The file would never be delete...

CVE-2023-6133

The Forminator plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient blacklisting on the 'forminatorallowedmimetypes' function in versions up to, and including, 1.27.0. This makes it possible for authenticated attackers with administrator-level capabilities or above to...

Design/Logic Flaw

The Forminator plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient blacklisting on the 'forminatorallowedmimetypes' function in versions up to, and including, 1.27.0. This makes it possible for authenticated attackers with administrator-level capabilities or above to...

CVE-2023-6133 Forminator <= 1.27.0 - Authenticated (Administrator+) Arbitrary File Upload

The Forminator plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient blacklisting on the 'forminatorallowedmimetypes' function in versions up to, and including, 1.27.0. This makes it possible for authenticated attackers with administrator-level capabilities or above to...

The vulnerability of the GLPI system’s request, incident, and computer equipment inventory management system, related to the unlimited loading of dangerous type files, allows a violator to load any files into the system.

The vulnerability of the GLPI system for requests, incidents, and inventory management is related to the unlimited ability to upload dangerous files. Exploiting this vulnerability allows a malicious actor to upload any files into the system...

GHSA-RW82-MHMX-GRMJ Guest Entries Remote code execution via file uploads

Impact When using the file uploads feature, it was possible to upload PHP files. Patches The vulnerability is fixed in v3.1.2...

Guest Entries Remote code execution via file uploads

Impact When using the file uploads feature, it was possible to upload PHP files. Patches The vulnerability is fixed in v3.1.2...

WordPress Big File Uploads Plugin <= 2.1.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software Big File Uploads Type Plugin Vulnerable versions = 2.1.1 Fixed in 2.1.2 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-47792 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 3f74fe7bd86f Credits Abdi Pranata...

CVE-2023-47621

Guest Entries is a php library which allows users to create, update & delete entries from the front-end of a site. In affected versions the file uploads feature did not prevent the upload of PHP files. This may lead to code execution on the server by authenticated users. This vulnerability is fix...

Design/Logic Flaw

Guest Entries is a php library which allows users to create, update & delete entries from the front-end of a site. In affected versions the file uploads feature did not prevent the upload of PHP files. This may lead to code execution on the server by authenticated users. This vulnerability is fix...

CVE-2023-47621 Remote code execution via file uploads in guest-entries

Guest Entries is a php library which allows users to create, update & delete entries from the front-end of a site. In affected versions the file uploads feature did not prevent the upload of PHP files. This may lead to code execution on the server by authenticated users. This vulnerability is fix...

CVE-2023-47621 Remote code execution via file uploads in guest-entries

Guest Entries is a php library which allows users to create, update & delete entries from the front-end of a site. In affected versions the file uploads feature did not prevent the upload of PHP files. This may lead to code execution on the server by authenticated users. This vulnerability is fix...

Maiwei Safety Production Control Platform Security Breach

Maiwei Safety Production Control Platform is a safety production control platform from Maiwei. A security vulnerability exists in Maiwei Safety Production Control Platform version 4.1, which stems from a failure to limit the number of file uploads...

PT-2023-30518 · Unknown · Guest Entries

Name of the Vulnerable Software and Affected Versions: Guest Entries versions prior to 3.1.2 Description: The file uploads feature in Guest Entries did not prevent the upload of PHP files, which may lead to code execution on the server by authenticated users. Recommendations: For versions prior t...