CVE-2022-1409

CVE-2022-1409 affects the WordPress VikBooking Hotel Booking Engine & PMS plugin prior to 1.5.8. The vulnerability arises from improper image validation in uploads, allowing high-privilege users (e.g., administrators) to upload PHP files disguised as images containing executable PHP code. This ca...

WordPress All-in-One WP Migration Plugin <= 7.58 Arbitrary File Deletion Vulnerability

The WordPress plugin Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...

CVE-2022-1476

The All-in-One WP Migration plugin for WordPress is vulnerable to arbitrary file deletion via directory traversal due to insufficient file validation via the /lib/model/class-ai1wm-backups.php file, in versions up to, and including, 7.58. This can be exploited by administrative users, and users w...

Arbitrary file deletion

The All-in-One WP Migration plugin for WordPress is vulnerable to arbitrary file deletion via directory traversal due to insufficient file validation via the /lib/model/class-ai1wm-backups.php file, in versions up to, and including, 7.58. This can be exploited by administrative users, and users w...

Arbitrary File Upload

WSO2 Carbon Services is vulnerable to arbitrary file upload. The vulnerability exists because the file upload permissions and validations are not properly handled which allows an attacker to upload arbitrary files...

CVE-2022-1273

The Import WP WordPress plugin before 2.4.6 does not validate the imported file in some cases, allowing high privilege users such as admin to upload arbitrary files such as PHP, leading to RCE...

WordPress plugin Web To Print Shop : uDraw arbitrary file reading vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. WordPress plugin Web To Print Shop: An arbitrary file reading vulnerability exists in versions of uDraw prior...

CVE-2021-39040

IBM Planning Analytics Workspace 2.0 could be vulnerable to malicious file upload by not validating the file types or sizes. Attackers can make use of this weakness and upload malicious executable files into the system and it can be sent to victim for performing further attacks. IBM X-Force ID:...

WordPress One Click Demo Import plugin文件上传漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. WordPress plugin is a WordPress open source application plugin. WordPress One Click Demo Import plugin has a file upload vulnerability, which originates from the plugin does not validate the importe...

Unauthenticated Path Traversal via /api/upload

Description While reviewing FUXA, research found it is possible to upload arbitrary files into arbitrary locations via the "/api/upload" endpoint. Even when authentication in enabled, it was found this endpoint does not validate a user's session. In addition, the function behind this endpoint...

CVE-2021-35110

Possible buffer overflow to improper validation of hash segment of file while allocating memory in Snapdragon Connectivity, Snapdragon Mobile...

Remote code execution

A Remote Code Execution RCE vulnerability exists in Simple Client Management System 1.0 in create.php due to the failure to validate the extension of the file being sent in a request...

CVE-2021-43484

A Remote Code Execution RCE vulnerability exists in Simple Client Management System 1.0 in create.php due to the failure to validate the extension of the file being sent in a request...

uDraw < 3.3.3 - Unauthenticated Arbitrary File Access

The plugin does not validate the url parameter in its udrawconverturltobase64 AJAX action available to both unauthenticated and authenticated users before using it in the filegetcontents function and returning its content base64 encoded in the response. As a result, unauthenticated users could re...

CVE-2022-0888

The Ninja Forms - File Uploads Extension WordPress plugin is vulnerable to arbitrary file uploads due to insufficient input file type validation found in the /includes/ajax/controllers/uploads.php file which can be bypassed making it possible for unauthenticated attackers to upload malicious file...

CVE-2021-24216

The All-in-One WP Migration WordPress plugin before 7.41 does not validate uploaded files' extension, which allows administrators to upload PHP files on their site, even on multisite installations...

Design/Logic Flaw

The All-in-One WP Migration WordPress plugin before 7.41 does not validate uploaded files' extension, which allows administrators to upload PHP files on their site, even on multisite installations...

Unrestricted Upload of File with Dangerous Type in Drupal core

Drupal's JSON:API and REST/File modules allow file uploads through their HTTP APIs. The modules do not correctly run all file validation, which causes an access bypass vulnerability. An attacker might be able to upload files that bypass the file validation process implemented by modules on the si...

GHSA-V8WR-R69P-MMWX Unrestricted Upload of File with Dangerous Type in Drupal core

Drupal's JSON:API and REST/File modules allow file uploads through their HTTP APIs. The modules do not correctly run all file validation, which causes an access bypass vulnerability. An attacker might be able to upload files that bypass the file validation process implemented by modules on the si...

CVE-2020-13675

Drupal's JSON:API and REST/File modules allow file uploads through their HTTP APIs. The modules do not correctly run all file validation, which causes an access bypass vulnerability. An attacker might be able to upload files that bypass the file validation process implemented by modules on the si...