WordPress plugin School Management System 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A code issue vulnerability exists in WordPress plugin...

PT-2024-39955 · WordPress · Wpgym

Name of the Vulnerable Software and Affected Versions: WPGYM - Wordpress Gym Management System plugin for WordPress versions up to, and including, 67.1.0 Description: The issue is related to arbitrary file uploads due to missing file type validation in the MJ gmgt user avatar image upload functio...

WordPress plugin School Management System 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A code issue vulnerability exists in WordPress plugin...

CVE-2024-9422

The GEO my WP WordPress plugin (prior to v4.5) and its companion gmw-premium-settings (prior to v3.1) suffer from insufficient validation of uploaded files, allowing attackers to upload arbitrary files (e.g., PHP) to the server and potentially enable remote attacks. Remediation: update to GEO my ...

CVE-2024-8856

The Backup and Staging by WP Time Capsule plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the the UploadHandler.php file and no direct file access prevention in all versions up to, and including, 1.22.21. This makes it possible for unauthenticat...

CVE-2024-10820

The WooCommerce Upload Files plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the uploadfiles function in all versions up to, and including, 84.3. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site...

CVE-2024-8615

The JobSearch WP Job Board plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the jobsearchlocationloadexcelfilecallback function in all versions up to, and including, 2.6.7. This makes it possible for unauthenticated attackers to upload arbitrary...

CVE-2024-48646

An Unrestricted File Upload vulnerability exists in Sage 1000 v7.0.0, which allows authorized users to upload files without proper validation. An attacker could exploit this vulnerability by uploading malicious files, such as HTML, scripts, or other executable content, that may be executed on the...

CVE-2024-7985

The FileOrganizer – Manage WordPress and Website Files plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the "fileorganizerajaxhandler" function in all versions up to, and including, 1.0.9. This makes it possible for authenticated attackers, with...

CVE-2024-20485

A vulnerability in the VPN web server of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an authenticated, local attacker to execute arbitrary code with root-level privileges. Administrator-level privileges are required to exploit this...

GHSA-5955-CWV4-H7QH Umbraco has a Potential Code Execution Risk When Viewing SVG Files in Full Screen in Backoffice

Impact There is a potential risk of code execution for Backoffice users when they “preview” SVG files in full screen mode. Workarounds Server-side file validation is available to strip script tags from file's content during the file upload process...

CVE-2024-48927

Umbraco, a free and open source .NET content management system, has a remote code execution issue in versions on the 13.x branch prior to 13.5.2, 10.x prior to 10.8.7, and 8.x prior to 8.18.15. There is a potential risk of code execution for Backoffice users when they “preview” SVG files in full...

CVE-2024-48927 Potential Code Execution Risk When Viewing SVG Files in Full Screen in Backoffice

Umbraco, a free and open source .NET content management system, has a remote code execution issue in versions on the 13.x branch prior to 13.5.2, 10.x prior to 10.8.7, and 8.x prior to 8.18.15. There is a potential risk of code execution for Backoffice users when they “preview” SVG files in full...

CVE-2024-48927 Potential Code Execution Risk When Viewing SVG Files in Full Screen in Backoffice

Umbraco, a free and open source .NET content management system, has a remote code execution issue in versions on the 13.x branch prior to 13.5.2, 10.x prior to 10.8.7, and 8.x prior to 8.18.15. There is a potential risk of code execution for Backoffice users when they “preview” SVG files in full...

CVE-2024-48927

CVE-2024-48927 affects Umbraco CMS (a .NET-based open source CMS). A remote code execution risk exists for Backoffice users when they preview SVG files in full-screen mode. Affected versions: 13.x before 13.5.2; 10.x before 10.8.7; 8.x before 8.18.15. Patches are available in 13.5.2, 10.8.7 (and ...

CVE-2024-48927 Potential Code Execution Risk When Viewing SVG Files in Full Screen in Backoffice

Umbraco, a free and open source .NET content management system, has a remote code execution issue in versions on the 13.x branch prior to 13.5.2, 10.x prior to 10.8.7, and 8.x prior to 8.18.15. There is a potential risk of code execution for Backoffice users when they “preview” SVG files in full...

CVE-2024-35315

A vulnerability in the Desktop Client of Mitel MiCollab through 9.7.1.110, and MiVoice Business Solution Virtual Instance MiVB SVI 1.0.0.25, could allow an authenticated attacker to conduct a privilege escalation attack due to improper file validation. A successful exploit could allow an attacker...

CVE-2024-35315

A vulnerability in the Desktop Client of Mitel MiCollab through 9.7.1.110, and MiVoice Business Solution Virtual Instance MiVB SVI 1.0.0.25, could allow an authenticated attacker to conduct a privilege escalation attack due to improper file validation. A successful exploit could allow an attacker...

CVE-2024-10201

Administrative Management System from Wellchoose does not properly validate uploaded file types, allowing remote attackers with regular privileges to upload and execute webshells...

Mitel MiCollab和Mitel MiVoice 代码注入漏洞

Mitel MiCollab and Mitel MiVoice are both products of Mitel Canada, a mobile application that provides voice, video, messaging, audio conferencing, and team collaboration for employees.Mitel MiVoice is an IP-capable telephone. A security vulnerability exists in Mitel MiCollab version 9.7.1.110 an...