django: Denial-of-service possibility in file uploads

A flaw was found in Django. The issue occurs when passing certain inputs to multipart forms, resulting in an infinite loop when parsing files...

django: Denial-of-service possibility in file uploads

A flaw was found in Django. The issue occurs when passing certain inputs to multipart forms, resulting in an infinite loop when parsing files...

Event Registration System 代码问题漏洞

Event Registration System is an event registration system with QR codes by Carlo Montero Personal Developer. A security vulnerability exists in the Event Registration System version 1.0, which stems from an incorrect manipulation of the parameter cmd leading to unrestricted file uploads...

CVE-2021-43258

CartView.php in ChurchInfo 1.3.0 allows attackers to achieve remote code execution through insecure uploads. This requires authenticated access tot he ChurchInfo application. Once authenticated, a user can add names to their cart, and compose an email. Uploading an attachment for the email stores...

PT-2022-20160 · Tinymce +1 · Tinymce +1

Name of the Vulnerable Software and Affected Versions: asith-eranga ISIC tour booking versions through the version published on Feb 13th 2018 Description: The issue allows attackers to upload arbitrary files via "/system/application/libs/js/tinymce/plugins/filemanager/dialog.php" and...

CVE-2022-40981

All versions of ETIC Telecom Remote Access Server RAS 4.5.0 and prior is vulnerable to malicious file upload. An attacker could take advantage of this to store malicious files on the server, which could override sensitive and useful existing files on the filesystem, fill the hard disk to full...

CVE-2022-3418

The Import any XML or CSV File to WordPress plugin before 3.6.9 is not properly filtering which file extensions are allowed to be imported on the server, which could allow administrators in multi-site WordPress installations to upload arbitrary files...

Cross site request forgery (csrf)

The Role Based Pricing for WooCommerce WordPress plugin before 1.6.2 does not have authorisation and proper CSRF checks, and does not validate files to be uploaded, allowing any authenticated users like subscriber to upload arbitrary files, such as PHP...

WordPress plugin Import any XML or CSV File to WordPress 代码注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code injection vulnerability exists in th...

PT-2022-22760 · WordPress · Role Based Pricing For Woocommerce

Name of the Vulnerable Software and Affected Versions: Role Based Pricing for WooCommerce WordPress plugin versions prior to 1.6.3 Description: The issue concerns a lack of authorization and proper CSRF checks, as well as inadequate validation of paths provided via user input. This allows...

WordPress plugin Role Based Pricing for WooCommerce 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on servers running PHP and MySQL. A code issue vulnerability exists in the...

PT-2022-22047 · WordPress · Import Any Xml/Csv File To Wordpress

Name of the Vulnerable Software and Affected Versions: Import any XML or CSV File to WordPress plugin versions prior to 3.6.9 Description: The issue arises from the plugin not properly filtering allowed file extensions for import on the server. This could allow administrators in multi-site...

PT-2022-26541 · Candidats · Candidats

Name of the Vulnerable Software and Affected Versions: CandidATS version 3.0.0 Description: The issue allows an external attacker to steal the cookie of arbitrary users. This is possible because the application does not correctly validate the files uploaded by the user. Recommendations: For...

CVE-2022-39019

Broken access controls on PDFtron WebviewerUI in M-Files Hubshare before 3.3.11.3 allows unauthenticated attackers to upload malicious files to the application server...

CVE-2021-38397

Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vulnerable to unrestricted file uploads, which may allow an attacker to remotely execute arbitrary code and cause a denial-of-service condition...

Canteen Management System 代码问题漏洞

Canteen Management System is a cafeteria management system by Mayuri K. Individual developer. Canteen Management System version 1.0 has a code issue vulnerability that originates from /youthappam/phpaction/editProductImage.php which is vulnerable to arbitrary file uploads...

PT-2022-21875 · Eaton · Eaton Foreseer Epms

Name of the Vulnerable Software and Affected Versions: Eaton Foreseer EPMS versions 4.x through 7.5 Description: A security issue was discovered in the Eaton Foreseer EPMS software, which connects devices to reduce energy consumption and prevent unplanned downtime. The problem allows a threat act...

Simple Exam Reviewer Management System 代码问题漏洞

Simple Exam Reviewer Management System is a Simple Exam Reviewer Management System by Carlo Montero Personal Developer. A security vulnerability exists in Simple Exam Reviewer Management System that originates from vulnerability to unsecured file uploads...

Gin-Vue-Admin 代码问题漏洞

Gin-Vue-Admin is a full-stack pre-development infrastructure platform based on Vue and Gin development. A code issue vulnerability exists in Gin-Vue-Admin versions v2.5.1 through v2.5.3b, which stems from not restricting file upload functionality. An attacker exploiting this vulnerability could...

CVE-2022-42029

Chamilo 1.11.16 is affected by an authenticated local file inclusion vulnerability which allows authenticated users with access to 'big file uploads' to copy/move files from anywhere in the file system into the web directory...