SonicWALL Analytics和GMS 代码问题漏洞

SonicWALL Analytics and SonicWALL GMS are both products of SonicWALL, Inc. of the U.S. SonicWALL Analytics is a high-performance management and reporting engine for the Web.SonicWALL GMS is a global management system. A powerful and intuitive solution for organizations, distributed enterprises an...

SEMCMS code problem vulnerability

SEMCMS is a foreign trade web content management system CMS that supports multiple languages. A code issue vulnerability exists in SEMCMS PHP version 3.7, which can be exploited by remote attackers to upload arbitrary files and gain escalated privileges...

CVE-2023-37152

Projectworlds Online Art Gallery Project 1.0 allows unauthenticated users to perform arbitrary file uploads via the adminHome.php page. Note: This has been disputed as not a valid vulnerability...

Code injection

Projectworlds Online Art Gallery Project 1.0 allows unauthenticated users to perform arbitrary file uploads via the adminHome.php page...

CVE-2023-37206

Uploading files which contain symlinks may have allowed an attacker to trick a user into submitting sensitive data to a malicious website. This vulnerability affects Firefox 115...

PT-2023-8825 · Kiwi Tcms · Kiwi Tcms

Name of the Vulnerable Software and Affected Versions: Kiwi TCMS versions prior to 12.5 Description: The issue is related to the upload of attachments to test plans and test cases in Kiwi TCMS. Earlier versions of Kiwi TCMS had changes to serve all uploaded files as plain text to prevent browsers...

CVE-2023-3503

A vulnerability has been found in SourceCodester Shopping Website 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file insert-product.php. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been...

SourceCodester Shopping Website 代码问题漏洞

SourceCodester Shopping Website is a shopping website type CMS. A code issue vulnerability exists in SourceCodester Shopping Website version 1.0, which stems from a problem with the file insert-product.php that can lead to unrestricted file uploads...

PT-2023-24991 · Unknown · Guantang Equipment Management System

Name of the Vulnerable Software and Affected Versions: Guantang Equipment Management System version 4.12 Description: The Guantang Equipment Management System is affected by an issue that allows Arbitrary File Upload. This could potentially lead to unauthorized access or malicious activities...

CVE-2023-3295

The Unlimited Elements For Elementor Free Widgets, Addons, Templates for WordPress is vulnerable to arbitrary file uploads due to missing file type validation of files in the file manager functionality in versions up to, and including, 1.5.66 . This makes it possible for authenticated attackers,...

CVE-2023-3295 Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.66 - Authenticated (Contributor+) Arbitrary File Upload

The Unlimited Elements For Elementor Free Widgets, Addons, Templates for WordPress is vulnerable to arbitrary file uploads due to missing file type validation of files in the file manager functionality in versions up to, and including, 1.5.66 . This makes it possible for authenticated attackers,...

PT-2023-24098 · Elementor · Unlimited Elements For Elementor

Name of the Vulnerable Software and Affected Versions: The Unlimited Elements For Elementor versions up to, and including, 1.5.66 Description: The issue is related to arbitrary file uploads due to missing file type validation in the file manager functionality. This allows authenticated attackers...

L7 Networks InstantScan 和 InstantQoS 代码问题漏洞

L7 Networks InstantScan IS-8000 & InstantQoS IQ-8000 is a security software from L7 Networks, a Chinese company. A code issue vulnerability exists in L7 Networks InstantScan and InstantQoS that stems from the file upload feature not restricting the upload of dangerous types of files...

CKEditor 代码问题漏洞

CKEditor is an open source, web-based text editor. A security vulnerability exists in CKEditor v1.2.3, which stems from the Browse and upload images feature that allows arbitrary files to be uploaded to the server...

CVE-2023-2414

The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the vcitasavesettingscallback function in versions up to, and including, 4.4.6. This makes it possible for authenticated...

Design/Logic Flaw

alist =3.16.3 is vulnerable to Incorrect Access Control. Low privilege accounts can upload any file...

CVE-2020-36705

The Adning Advertising plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ninguploadimage function in versions up to, and including, 1.5.5. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites...

Design/Logic Flaw

The Adning Advertising plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ninguploadimage function in versions up to, and including, 1.5.5. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites...

EUVD-2020-24147

The Adning Advertising plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ninguploadimage function in versions up to, and including, 1.5.5. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites...

CVE-2020-36705 Adning Advertising <= 1.5.5 - Arbitrary File Upload

The Adning Advertising plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ninguploadimage function in versions up to, and including, 1.5.5. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites...