CVE-2009-20011

ContentKeeper Web Appliance now maintained by Impero Software versions prior to 125.10 are vulnerable to remote command execution due to insecure handling of file uploads via the mimencode CGI utility. The vulnerability allows unauthenticated attackers to upload and execute arbitrary scripts as t...

ContentKeeper Web Appliance 安全漏洞

ContentKeeper Web Appliance is a web content filtering and security gateway appliance from ContentKeeper Australia. A security vulnerability exists in the ContentKeeper Web Appliance versions prior to 125.10 that stems from the mimencode CGI tool mishandling file uploads, which could lead to remo...

Linux Distros Unpatched Vulnerability : CVE-2021-28658

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Django 2.2 before 2.2.20, 3.0 before 3.0.14, and 3.1 before 3.1.8, MultiPartParser allowed directory traversal via uploaded files with suitably crafted file...

CVE-2025-58159

CVE-2025-58159 affects WeGIA Web manager for charitable institutions. Before version 3.4.11, uploaded files could be written to disk with arbitrary filenames, including PHP, due to improper validation and insufficient extension handling; a spreadsheet file followed by PHP code could be uploaded a...

PT-2025-35202

Name of the Vulnerable Software and Affected Versions: Booster for WooCommerce versions up to and including 7.2.4 Description: The Booster for WooCommerce plugin for WordPress is susceptible to arbitrary file uploads due to the absence of file type validation within the add files to order functio...

CVE-2025-58048 Paymenter Vulnerable to Remote Code Execution via Public File Uploads

Paymenter is a free and open-source webshop solution for hostings. Prior to version 1.2.11, the ticket attachments functionality in Paymenter allows a malicious authenticated user to upload arbitrary files. This could result in sensitive data extraction from the database, credentials being read...

CVE-2025-58048 Paymenter Vulnerable to Remote Code Execution via Public File Uploads

Paymenter is a free and open-source webshop solution for hostings. Prior to version 1.2.11, the ticket attachments functionality in Paymenter allows a malicious authenticated user to upload arbitrary files. This could result in sensitive data extraction from the database, credentials being read...

CVE-2024-9648

The WP ULike Pro plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the WPUlikeProFileUploader class in all versions up to, and including, 1.9.3. This makes it possible for unauthenticated attackers to upload limited arbitrary files like .php2...

CVE-2024-9648

CVE-2024-9648: WP ULike Pro for WordPress is vulnerable to unauthenticated arbitrary file uploads due to insufficient file-type validation in the WP_Ulike_Pro_File_Uploader class. Affected versions are up to and including 1.9.3; the patch is reportedly 1.9.4. Technical detail: the vulnerability a...

CVE-2024-9648 WP ULike Pro <= 1.9.3 - Unauthenticated Limited Arbitrary File Upload

The WP ULike Pro plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the WPUlikeProFileUploader class in all versions up to, and including, 1.9.3. This makes it possible for unauthenticated attackers to upload limited arbitrary files like .php2...

WordPress plugin WP ULike Pro 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue...

PT-2025-34960

Name of the Vulnerable Software and Affected Versions: WP ULike Pro versions prior to 1.9.4 Description: The WP ULike Pro plugin for WordPress is susceptible to arbitrary file uploads due to inadequate file type validation within the WP Ulike Pro File Uploader class. This allows unauthenticated...

Paymenter 代码问题漏洞

Paymenter is an online store hosting software from Paymenter open source. A code issue vulnerability exists in Paymenter versions prior to 1.2.11, which stems from the ticket attachment feature that allows the upload of arbitrary files, which could lead to sensitive data disclosure or system...

PT-2025-34945

Name of the Vulnerable Software and Affected Versions: Dongsheng Logistics Software affected versions not specified Description: Dongsheng Logistics Software exposes an unauthenticated endpoint at /CommMng/Print/UploadMailFile that does not enforce proper file type validation and access control. ...

Linux Distros Unpatched Vulnerability : CVE-2021-32708

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Flysystem is an open source file storage library for PHP. The whitespace normalisation using in 1.x and 2.x removes any unicode whitespace. Under certain specif...

Badaso 安全漏洞

Badaso is an open source Laravel Vue headless CMS from Uasoft Open Source. A security vulnerability exists in Badaso version 2.9.11, which stems from Media Manager allowing the upload of files containing PHP code, which could lead to arbitrary code execution...

CVE-2025-52130

File upload vulnerability in WebErpMesv2 1.17 in the app/Http/Controllers/FactoryController.php controller. This flaw allows an authenticated attacker to upload arbitrary files, including PHP scripts, which can be accessed via direct GET requests, potentially resulting in remote code execution RC...

Securden Unified PAM 安全漏洞

Securden Unified PAM is a privileged access management software from Securden, Inc. A security vulnerability exists in Securden Unified PAM that stems from an unauthenticated file upload feature that could lead to malicious file uploads...

Linux Distros Unpatched Vulnerability : CVE-2017-9061

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In WordPress before 4.7.5, a cross-site scripting XSS vulnerability exists when attempting to upload very large files, because the error message does not proper...

Linux Distros Unpatched Vulnerability : CVE-2016-6127

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cross-site scripting XSS vulnerability in Request Tracker RT 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x before 4.4.2, when the AlwaysDownloadAttachments...