CVE-2025-69210

FacturaScripts is open-source enterprise resource planning and accounting software. Prior to version 2025.7, a stored cross-site scripting XSS vulnerability exists in the product file upload functionality. Authenticated users can upload crafted XML files containing executable JavaScript. These...

EUVD-2025-205844

FacturaScripts is Vulnerable to Stored Cross-Site Scripting XSS via XML File Upload...

FacturaScripts 跨站脚本漏洞

FacturaScripts is an open source ERP software from Carlos Garcia, an individual developer in Spain. A cross-site scripting vulnerability exists in FacturaScripts versions prior to 2025.7, which stems from insufficient product file upload feature cleanup and content type coercion, and could lead t...

CVE-2025-15226 Sunnet｜WMPro - Arbitrary File Upload

WMPro developed by Sunnet has a Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server...

CVE-2025-52691

Successful exploitation of the vulnerability could allow an unauthenticated attacker to upload arbitrary files to any location on the mail server, potentially enabling remote code execution...

CVE-2025-15067 Unrestricted File Upload and RCE in Innorix WP

Unrestricted Upload of File with Dangerous Type vulnerability in Innorix Innorix WP allows Upload a Web Shell to a Web Server.This issue affects Innorix WP from All versions If the "exam" directory exists under the directory where the product is installed ex: innorix/exam...

PT-2025-53797

Name of the Vulnerable Software and Affected Versions MapSVG versions through 8.7.3 Description The software contains a flaw that permits unrestricted file uploads of dangerous types. This allows for the upload of a web shell to a web server. The issue grants attackers webshell capabilities with...

PT-2025-53686

Name of the Vulnerable Software and Affected Versions SmarterTools SmarterMail versions prior to Build 9413 Description A critical vulnerability exists in SmarterTools SmarterMail that allows unauthenticated attackers to upload arbitrary files to any location on the mail server, potentially...

Improper Protection of Alternate Path

Overview Affected versions of this package are vulnerable to Improper Protection of Alternate Path due to insufficient validation in attachment editing APIs. An attacker can upload files with restricted extensions by modifying the attachment name, leading to unauthorized file uploads and further...

Echo Specto CM 代码问题漏洞

Echo Specto CM is a call center management system from Echo Turkey. A code issue vulnerability exists in versions prior to Echo Specto CM 17032025, which stems from an unrestricted upload of hazardous types of files, which could lead to remote code inclusion...

Riello UPS NetMan 208 安全漏洞

Riello UPS NetMan 208 is a network management card from Riello UPS, Italy. A security vulnerability exists in Riello UPS NetMan 208 versions prior to 1.12, which stems from the presence of directory traversal in cgi-bin/certsupload.cgi, which could lead to file uploads and code execution...

PT-2025-53295

Name of the Vulnerable Software and Affected Versions Specto CM versions prior to 17032025 Description Specto CM is susceptible to a flaw involving unrestricted file uploads, potentially leading to Remote Code Inclusion. The issue stems from the ability to upload files without proper restrictions...

CVE-2021-47736

CMSimpleXH 1.7.4 contains an authenticated remote code execution vulnerability in the content editing functionality that allows administrative users to upload malicious PHP files. Attackers with valid credentials can exploit the CSRF token mechanism to create a PHP shell file that enables arbitra...

CVE-2021-47734

CVE-2021-47734 affects CMSimple 5.4 and is described as an authenticated local file inclusion vulnerability that can lead to remote code execution by manipulating PHP session files. The root cause cited in connected sources is improper handling of template/function include paths, enabling an atta...

Arbitrary File Upload

Overview cadmium-org/cadmium-cms is a Сontent management system for PHP7 Affected versions of this package are vulnerable to Arbitrary File Upload via the admin/content/filemanager/uploads endpoint. An attacker can execute arbitrary code or upload malicious files by submitting crafted files to th...

CVE-2025-51511

Cadmium CMS v.0.4.9 has a background arbitrary file upload vulnerability in /admin/content/filemanager/uploads...

CVE-2025-14800

The Redirection for Contact Form 7 plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'movefiletoupload' function in all versions up to, and including, 3.2.7. This makes it possible for unauthenticated attackers to copy arbitrary files on the...

EUVD-2025-204668

The Redirection for Contact Form 7 plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'movefiletoupload' function in all versions up to, and including, 3.2.7. This makes it possible for unauthenticated attackers to copy arbitrary files on the...

PT-2025-52586

Name of the Vulnerable Software and Affected Versions Contact Form 7 Redirection plugin for WordPress versions up to and including 3.2.7 Description The plugin is susceptible to arbitrary file uploads because of a lack of file type validation within the move file to upload function. This allows...

WordPress plugin Redirection for Contact Form 7 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A code issue...