CVE-2021-41921

novel-plus V3.6.1 allows unrestricted file uploads. Unrestricted file suffixes and contents can lead to server attacks and arbitrary code execution...

CVE-2021-41921

novel-plus V3.6.1 allows unrestricted file uploads. Unrestricted file suffixes and contents can lead to server attacks and arbitrary code execution...

CVE-2021-41921

novel-plus V3.6.1 allows unrestricted file uploads. Unrestricted file suffixes and contents can lead to server attacks and arbitrary code execution...

CVE-2021-41921

CVE-2021-41921 affects novel-plus v3.6.1, where unrestricted uploads (suffixes and contents) enable server attacks and arbitrary code execution. The connected PT-2022-11503 entry confirms the issue stems from allowing unrestricted file uploads and recommends strict file type validation, content c...

PT-2022-11503 · Unknown · Novel-Plus

Name of the Vulnerable Software and Affected Versions: novel-plus version 3.6.1 Description: The issue allows unrestricted file uploads, which can lead to server attacks and arbitrary code execution due to unrestricted file suffixes and contents. Recommendations: For novel-plus version 3.6.1,...

Unrestricted File Upload

NopCommerce.Core is vulnerable to unrestricted file upload. The vulnerability exists because the UploadAvatar function of CustomerController.cs does not properly check the file type before uploading the file, allowing an attacker to perform arbitrary file uploads...

CVE-2021-4225

The SP Project & Document Manager WordPress plugin before 4.24 allows any authenticated users, such as subscribers, to upload files. The plugin attempts to prevent PHP and other similar files that could be executed on the server from being uploaded by checking the file extension. It was discovere...

pikachu

It is an offensive tool for web application security training. The primary CVE ID is not explicitly stated, but the tool is designed to demonstrate various web application vulnerabilities, including but not limited to: Burt Force brute force, XSS cross-site scripting, CSRF cross-site request...

Cross site scripting

GLPI is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In versions prior to 10.0.0 one can exploit a lack of sanitization on SVG file uploads and inject javascript into their user avatar. As a result any user...

WordPress E4J s.r.l. VikBooking Hotel Booking Engine & PMS plugin代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. The WordPress plugin is an application plugin. The WordPress VikBooking Hotel Booking Engine & PMS plugin is vulnerable to arbitrary file uploads due to...

WSO2 API Manager 路径遍历漏洞

WSO2 API Manager is an API lifecycle management solution from US-based WSO2. WSO2 API Manager suffers from a path traversal vulnerability that allows unlimited file uploads and remote code execution...

Simple House Rental System 代码问题漏洞

House Rental System is a house rental management system that allows you to add, modify and delete property information, and to place bookings. A security vulnerability exists in Simple House Rental System v1.0, which stems from the lack of restrictions on the type of files that can be uploaded in...

Denial Of Service (DoS)

mediawiki is vulnerable to denial of service DoS attacks. NewFiles on a wiki with many file uploads with actor as a condition leads to denial of service conditions...

CVE-2022-26619

Halo Blog CMS v1.4.17 was discovered to allow attackers to upload arbitrary files via the Attachment Upload function...

Halo 代码问题漏洞

Halo is a personal blog system for individual developers. A security vulnerability exists in Halo Blog CMS version 1.4.17, which can be exploited by attackers to upload arbitrary files via the attachment upload feature...

Remote code execution

DISPUTED The web management console of CheckMK Enterprise Edition versions 1.5.0 to 2.0.0p9 does not properly sanitise the uploading of ".mkp" files, which are Extension Packages, making remote code execution possible. Successful exploitation requires access to the web management interface, eithe...

WordPress Ninja Forms-File Uploads Extension Plugin Arbitrary File Uploads Vulnerability

WordPress is a set of blogging platforms developed by the Wordpress Foundation using the PHP language. The platform supports the hosting of personal blog sites on PHP and MySQL servers. WordPress plugin is an application plugin for WordPress. WordPress Ninja Forms - File Uploads Extension Plugin...

WordPress Ninja Forms-File Uploads Extension Plugin Cross-Site Scripting Vulnerability

WordPress is a set of blogging platforms developed by the Wordpress Foundation using the PHP language. The platform supports the hosting of personal blog sites on PHP and MySQL servers. WordPress plugin is an application plugin for WordPress. WordPress Ninja Forms - File Uploads Extension Plugin...

CVE-2022-0888

The Ninja Forms - File Uploads Extension WordPress plugin is vulnerable to arbitrary file uploads due to insufficient input file type validation found in the /includes/ajax/controllers/uploads.php file which can be bypassed making it possible for unauthenticated attackers to upload malicious file...

CVE-2022-0889

The Ninja Forms - File Uploads Extension WordPress plugin is vulnerable to reflected cross-site scripting due to missing sanitization of the files filename parameter found in the /includes/ajax/controllers/uploads.php file which can be used by unauthenticated attackers to add malicious web script...