3575 matches found
CVE-2022-0889
The Ninja Forms - File Uploads Extension WordPress plugin is vulnerable to reflected cross-site scripting due to missing sanitization of the files filename parameter found in the /includes/ajax/controllers/uploads.php file which can be used by unauthenticated attackers to add malicious web script...
CVE-2022-0889
The Ninja Forms - File Uploads Extension WordPress plugin is vulnerable to reflected cross-site scripting due to missing sanitization of the files filename parameter found in the /includes/ajax/controllers/uploads.php file which can be used by unauthenticated attackers to add malicious web script...
Input validation
The Ninja Forms - File Uploads Extension WordPress plugin is vulnerable to arbitrary file uploads due to insufficient input file type validation found in the /includes/ajax/controllers/uploads.php file which can be bypassed making it possible for unauthenticated attackers to upload malicious file...
Cross site scripting
The Ninja Forms - File Uploads Extension WordPress plugin is vulnerable to reflected cross-site scripting due to missing sanitization of the files filename parameter found in the /includes/ajax/controllers/uploads.php file which can be used by unauthenticated attackers to add malicious web script...
CVE-2022-0888 Ninja Forms - File Uploads Extension <= 3.3.0 - Arbitrary File Upload
The Ninja Forms - File Uploads Extension WordPress plugin is vulnerable to arbitrary file uploads due to insufficient input file type validation found in the /includes/ajax/controllers/uploads.php file which can be bypassed making it possible for unauthenticated attackers to upload malicious file...
EUVD-2022-15924
The Ninja Forms - File Uploads Extension WordPress plugin is vulnerable to arbitrary file uploads due to insufficient input file type validation found in the /includes/ajax/controllers/uploads.php file which can be bypassed making it possible for unauthenticated attackers to upload malicious file...
CVE-2022-0888
The CVE-2022-0888 entry concerns the WordPress Ninja Forms - File Uploads Extension plugin. Affected component: uploads handling (uploads.php) in the plugin’s codebase. Root cause: insufficient input file type validation allows bypass, enabling unauthenticated attackers to upload arbitrary files....
CVE-2022-0889
CVE-2022-0889 concerns the WordPress plugin Ninja Forms – File Uploads Extension. Affected: Ninja Forms File Uploads Extension for WordPress; vulnerable file: ~/includes/ajax/controllers/uploads.php; root cause: missing sanitization of the filename parameter allows reflected Cross-Site Scripting....
CVE-2022-0889 Ninja Forms - File Uploads Extension <= 3.3.12 - Reflected Cross-Site Scripting
The Ninja Forms - File Uploads Extension WordPress plugin is vulnerable to reflected cross-site scripting due to missing sanitization of the files filename parameter found in the /includes/ajax/controllers/uploads.php file which can be used by unauthenticated attackers to add malicious web script...
WordPress plugin Ninja Forms - File Uploads Extension 跨站脚本漏洞
WordPress is a set of blogging platforms developed by the Wordpress Foundation using the PHP language. The platform supports the hosting of personal blog sites on PHP and MySQL servers. WordPress plugin is an application plugin for WordPress. WordPress Ninja Forms - File Uploads Extension Plugin...
Taocms 代码问题漏洞
taoCMS is a file management system. taoCMS is vulnerable to file uploads, which can be exploited by attackers to execute arbitrary code via carefully crafted PHP files...
PT-2022-4185 · Unknown +1 · Passwork On-Premise Edition +1
Name of the Vulnerable Software and Affected Versions: Passwork On-Premise Edition versions prior to 4.6.13 Description: The issue is related to incorrect restriction of the path name to a directory with limited access. This allows a remote attacker to upload arbitrary files to the system. The...
PT-2022-13504 · WordPress · Ninja Forms - File Uploads Extension
Name of the Vulnerable Software and Affected Versions: Ninja Forms - File Uploads Extension WordPress plugin versions up to and including 3.3.12 Description: The issue is related to reflected cross-site scripting due to missing sanitization of the filename parameter found in the...
PT-2022-13503 · WordPress · Ninja Forms - File Uploads Extension
Name of the Vulnerable Software and Affected Versions: Ninja Forms - File Uploads Extension WordPress plugin versions up to and including 3.3.0 Description: The issue is related to insufficient input file type validation found in the /includes/ajax/controllers/uploads.php file, which can be...
WordPress plugin Ninja Forms - File Uploads Extension 代码问题漏洞
WordPress is a set of blogging platforms developed by the Wordpress Foundation using the PHP language. The platform supports the hosting of personal blog sites on PHP and MySQL servers. WordPress plugin is an application plugin for WordPress. WordPress Ninja Forms - File Uploads Extension Plugin...
CVE-2021-45040
The Spatie media-library-pro library through 1.17.10 and 2.x through 2.1.6 for Laravel allows remote attackers to upload executable files via the uploads route...
GHSA-CR8C-972V-RMP3 pgAdmin 4 Path Traversal vulnerability
When run in server mode, pgAdmin 4 allows users to store files on the server under individual storage directories. Files such as SQL scripts may be uploaded through the user interface. The URI to which upload requests are made fails to validate the upload path to prevent path traversal techniques...
pgAdmin 4 Path Traversal vulnerability
When run in server mode, pgAdmin 4 allows users to store files on the server under individual storage directories. Files such as SQL scripts may be uploaded through the user interface. The URI to which upload requests are made fails to validate the upload path to prevent path traversal techniques...
showdoc .properties file upload vulnerability (CNVD-2022-20508)
showdoc is an open source tool for IT teams to share documents online. showdoc versions prior to v2.10.4 are vulnerable to file uploads, which stem from the lack of effective detection of .properties file extensions in the application's file upload feature. An attacker could use this vulnerabilit...
GHSA-9FCC-7G44-MXRJ Cross-site Scripting in ShowDoc
ShowDoc prior to 2.10.4 is vulnerable to stored cross-site scripting via uploading files with files in .xsd, .asa, and .aspx formats...