MAL-2025-4820 Malicious code in commons-fileupload (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 176e367d438eb3f5463d593e36cde70f38d1f86a0af240ea8669e0c8a25ed516 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

VulnCheck KEV: CVE-2024-3804

A vulnerability, which was classified as critical, has been found in Vesystem Cloud Desktop up to 20240408. This issue affects some unknown processing of the file /Public/webuploader/0.1.5/server/fileupload2.php. The manipulation of the argument file leads to unrestricted upload. The attack may...

CVE-2022-27261

An arbitrary file write vulnerability in Express-FileUpload v1.3.1 allows attackers to upload multiple files with the same name, causing an overwrite of files in the web application server...

CVE-2022-27140

An arbitrary file upload vulnerability in the file upload module of express-fileupload 1.3.1 allows attackers to execute arbitrary code via a crafted PHP file. NOTE: the vendor's position is that the observed behavior can only occur with "intentional misusing of the API": the express-fileupload...

kkFileView 代码问题漏洞

kkFileView is Kaijing Technology kekingcn open source Spring-Boot based on a generic file online preview project . kkFileView 4.4.0 version of the code problem vulnerability , the vulnerability stems from the file/fileUpload in the parameter File of the wrong operation leads to arbitrary file...

Security Bulletin: IBM Cloud Pak for Network Automation 2.7 fixes multiple security vulnerabilities

Summary IBM Cloud Pak for Network Automation 2.7 fixes multiple security vulnerabilities, listed in the CVEs below. Vulnerability Details CVEID:CVE-2023-24998 DESCRIPTION: Apache Commons FileUpload and Tomcat are vulnerable to a denial of service, caused by not limit the number of request parts t...

CVE-2025-3149

A vulnerability was found in itning Student Homework Management System up to 1.2.7. It has been classified as problematic. Affected is an unknown function of the file /shwwar/fileupload of the component Edit Job Page. The manipulation of the argument Course leads to cross site scripting. It is...

PT-2025-14604 · Unknown · Itning Student Homework Management System

Name of the Vulnerable Software and Affected Versions: itning Student Homework Management System versions 1.2.7 and earlier Description: A problem was found in the itning Student Homework Management System. It affects an unknown function of the file /shw war/fileupload in the Edit Job Page...

Security Bulletin: Multiple vulnerabilities found on thirdparty libraries used by IBM® MobileFirst Platform

Summary There are multiple vulnerabilities in open source libraries used by IBM MobileFirst Platform Foundation. They are addressed in this update. Vulnerability Details CVEID:CVE-2023-24998 DESCRIPTION: Apache Commons FileUpload and Tomcat are vulnerable to a denial of service, caused by not lim...

Security Bulletin: The IBM® Engineering Lifecycle Management is impacted by vulnerabilties in Apache Commons Fileupload and Apache Tomcat

Summary Vulnerabilities have been identified in Apache Commons Fileupload and Apache Tomcat which are used in IBM Engineering Lifecycle Management - IBM Jazz. This bulletin contains information regarding vulnerabilities and remediation actions. Vulnerability Details CVEID:CVE-2016-3092 DESCRIPTIO...

Linux Distros Unpatched Vulnerability : CVE-2023-24998

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS wit...

Linux Distros Unpatched Vulnerability : CVE-2013-0248

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The default configuration of javax.servlet.context.tempdir in Apache Commons FileUpload 1.0 through 1.2.2 uses the /tmp directory for uploaded files, which allo...

PT-2025-25565

Name of the Vulnerable Software and Affected Versions Apache Commons FileUpload versions 1.0 through 1.5 Apache Commons FileUpload versions 2.0.0-M1 through 2.0.0-M3 Description The issue is related to the allocation of resources for multipart headers with insufficient limits, which enables a...

CVE-2024-51053

CVE-2024-51053 affects AVSCMS v8.2.0, with vulnerability in the /main/fileupload.php component allowing arbitrary code execution via a crafted uploaded file. Documented impact is high/critical (CVSS 3.1: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H; base score 9.8). Affected software/product is AVSCMS; ex...

AVSCMS 安全漏洞

AVSCMS is a content management system of AVSCMS open source. A security vulnerability exists in AVSCMS version v8.2.0, which originates from an arbitrary file upload vulnerability in component /main/fileupload.php, which allows an attacker to execute arbitrary code by uploading a carefully crafte...

PT-2024-34503 · Avscms · Avscms

Name of the Vulnerable Software and Affected Versions: AVSCMS version 8.2.0 Description: The issue is related to an arbitrary file upload vulnerability in the /main/fileupload.php component. This allows attackers to execute arbitrary code by uploading a crafted file. Recommendations: For AVSCMS...

CVE-2024-48202

IceCMS

Security Bulletin: IBM Master Data Management vulnerable to denial of service from Apache Commons FileUpload (CVE-2023-24998)

Summary IBM Master Data Management v11.6, v12.0, and v14.0 are vulnerable to a denial of service caused by not limiting the number of requests processed in the file upload function in Apache Commons FileUpload. Apache Commons FileUpload and Tomcat are vulnerable to a denial of service, caused by...

CVE-2024-9903 07FLYCMS/07FLY-CMS/07FlyCRM fileUpload unrestricted upload

A vulnerability classified as critical has been found in 07FLYCMS, 07FLY-CMS and 07FlyCRM up to 1.2.0. This affects the function fileUpload of the file /admin/File/fileUpload. The manipulation of the argument file leads to unrestricted upload. It is possible to initiate the attack remotely. The...

CVE-2024-9903 07FLYCMS/07FLY-CMS/07FlyCRM fileUpload unrestricted upload

A vulnerability classified as critical has been found in 07FLYCMS, 07FLY-CMS and 07FlyCRM up to 1.2.0. This affects the function fileUpload of the file /admin/File/fileUpload. The manipulation of the argument file leads to unrestricted upload. It is possible to initiate the attack remotely. The...