CVE-2025-5380

A vulnerability, which was classified as critical, has been found in ashinigit 天青一白 XueShengZhuSu 学生住宿管理系统 up to 4d3f0ada0e71482c1e51fd5f5615e5a3d8bcbfbb. This issue affects some unknown processing of the file /upload/ of the component Image File Upload. The manipulation of the argument File lead...

CVE-2025-5380 ashinigit 天青一白 XueShengZhuSu 学生住宿管理系统 Image File Upload upload path traversal

A vulnerability, which was classified as critical, has been found in ashinigit 天青一白 XueShengZhuSu 学生住宿管理系统 up to 4d3f0ada0e71482c1e51fd5f5615e5a3d8bcbfbb. This issue affects some unknown processing of the file /upload/ of the component Image File Upload. The manipulation of the argument File lead...

CVE-2025-5380

CVE-2025-5380 describes a path traversal in the Image File Upload component of the ashinigit XueShengZhuSu system, affecting versions up to 4d3f0ada0e71482c1e51fd5f5615e5a3d8bcbfbb. The vulnerability arises from manipulating the File argument in the /upload/ path, with remote execution possible a...

CVE-2025-5380 ashinigit 天青一白 XueShengZhuSu 学生住宿管理系统 Image File Upload upload path traversal

A vulnerability, which was classified as critical, has been found in ashinigit 天青一白 XueShengZhuSu 学生住宿管理系统 up to 4d3f0ada0e71482c1e51fd5f5615e5a3d8bcbfbb. This issue affects some unknown processing of the file /upload/ of the component Image File Upload. The manipulation of the argument File lead...

CVE-2025-36572

Dell PowerStore, versions 4.0.0.0, contains an Use of Hard-coded Credentials vulnerability in the PowerStore image file. A low privileged attacker with remote access, with the knowledge of the hard-coded credentials, could potentially exploit this vulnerability to gain unauthorized access based o...

CVE-2025-5178

A vulnerability classified as critical has been found in Realce Tecnologia Queue Ticket Kiosk up to 20250517. Affected is an unknown function of the file /adm/ajax.php of the component Image File Handler. The manipulation of the argument files leads to unrestricted upload. It is possible to launc...

CVE-2025-5178

A vulnerability classified as critical has been found in Realce Tecnologia Queue Ticket Kiosk up to 20250517. Affected is an unknown function of the file /adm/ajax.php of the component Image File Handler. The manipulation of the argument files leads to unrestricted upload. It is possible to launc...

PT-2025-22920 · Realce Tecnologia · Realce Tecnologia Queue Ticket Kiosk

Name of the Vulnerable Software and Affected Versions: Realce Tecnologia Queue Ticket Kiosk up to 20250517 Description: A critical vulnerability has been found in the Image File Handler component of the affected software, specifically in an unknown function of the file /adm/ajax.php. The...

CVE-2024-22526

Buffer Overflow vulnerability in bandisoft bandiview v7.0, allows local attackers to cause a denial of service DoS via exr image file...

CVE-2024-36598

An arbitrary file upload vulnerability in Aegon Life v1.0 allows attackers to execute arbitrary code via uploading a crafted image file...

CVE-2024-3112

The Quotes and Tips by BestWebSoft WordPress plugin before 1.45 does not properly validate image files uploaded, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to for example in multisite setup...

CVE-2023-24734

An arbitrary file upload vulnerability in the cameraupload.php component of PMB v7.4.6 allows attackers to execute arbitrary code via a crafted image file...

CVE-2025-5100

A double-free condition occurs during the cleanup of temporary image files, which can be exploited to achieve memory corruption and potentially arbitrary code execution...

CVE-2023-43252

XNSoft Nconvert 7.136 is vulnerable to Buffer Overflow via a crafted image file...

CVE-2022-30887

Pharmacy Management System v1.0 was discovered to contain a remote code execution RCE vulnerability via the component /phpaction/editProductImage.php. This vulnerability allows attackers to execute arbitrary code via a crafted image file...

CVE-2022-46360

Out-of-bounds read vulnerability in V-SFT v6.1.7.0 and earlier and TELLUS v4.0.12.0 and earlier allows a local attacker to obtain the information and/or execute arbitrary code by having a user to open a specially crafted image file...

CVE-2022-25574

A stored cross-site scripting XSS vulnerability in the upload function of /admin/show.php allows attackers to execute arbitrary web scripts or HTML via a crafted image file...

CVE-2022-40842

ndk design NdkAdvancedCustomizationFields 3.5.0 is vulnerable to Server-side request forgery SSRF via rotateimg.php...

CVE-2022-40341

mojoPortal v2.7 was discovered to contain an arbitrary file upload vulnerability which allows attackers to execute arbitrary code via a crafted PNG file...

CVE-2022-30538

Out-of-bounds write vulnerability exists in the simulator module contained in the graphic editor 'V-SFT' versions prior to v6.1.6.0, which may allow an attacker to obtain information and/or execute arbitrary code by having a user to open a specially crafted image file...