124 matches found
EUVD-2023-1574
Malicious code in bioql PyPI...
CVE-2025-60454
A stored Cross-Site Scripting XSS vulnerability has been discovered in MetInfo CMS version 8.0. The vulnerability exists in the image management module, specifically in the app\system\img\admin\imgadmin.class.php component. The vulnerability allows attackers to upload malicious SVG files containi...
CVE-2025-60454
A stored Cross-Site Scripting XSS vulnerability has been discovered in MetInfo CMS version 8.0. The vulnerability exists in the image management module, specifically in the app\system\img\admin\imgadmin.class.php component. The vulnerability allows attackers to upload malicious SVG files containi...
CVE-2025-60454
MetInfo CMS 8.0 is affected in the image management module. The XSS vulnerability arises from unvalidated SVG uploads in the file path app\system\img\admin\img_admin.class.php, enabling stored JavaScript execution when users view/access the uploaded SVG. Multiple connected sources corroborate thi...
CVE-2025-60454
A stored Cross-Site Scripting XSS vulnerability has been discovered in MetInfo CMS version 8.0. The vulnerability exists in the image management module, specifically in the app\system\img\admin\imgadmin.class.php component. The vulnerability allows attackers to upload malicious SVG files containi...
Linux Distros Unpatched Vulnerability : CVE-2016-9187
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Unrestricted file upload vulnerability in the double extension support in the image module in Moodle 3.1.2 allows remote authenticated users to execute arbitrar...
CVE-2024-26483
An arbitrary file upload vulnerability in the Profile Image module of Kirby CMS v4.1.0 allows attackers to execute arbitrary code via a crafted PDF file...
CVE-2023-31544
A stored cross-site scripting XSS vulnerability in alkacon-OpenCMS v11.0.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title field under the Upload Image module...
BIT-DRUPAL-2022-25275
In some situations, the Image module does not correctly check access to image files not stored in the standard public files directory when generating derivative images using the image styles system. Access to a non-public file is checked only if it is stored in the "private" file system. However,...
GHSA-FR72-9665-W3GR Duplicate Advisory: Unrestricted file upload of user avatar images
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-xrvh-rvc4-5m43. This link is maintained to preserve external references. Original Description An arbitrary file upload vulnerability in the Profile Image module of Kirby CMS v4.1.0 allows attackers to execute...
Duplicate Advisory: Unrestricted file upload of user avatar images
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-xrvh-rvc4-5m43. This link is maintained to preserve external references. Original Description An arbitrary file upload vulnerability in the Profile Image module of Kirby CMS v4.1.0 allows attackers to execute...
CVE-2024-26483
An arbitrary file upload vulnerability in the Profile Image module of Kirby CMS v4.1.0 allows attackers to execute arbitrary code via a crafted PDF file...
Design/Logic Flaw
An arbitrary file upload vulnerability in the Profile Image module of Kirby CMS v4.1.0 allows attackers to execute arbitrary code via a crafted PDF file...
CVE-2024-26483
CVE-2024-26483 affects Kirby CMS v4.1.0: an unrestricted file upload in the Profile Image module allows arbitrary code execution via a crafted PDF. The issue is confirmed by multiple sources (Veracode/GitHub advisory) and is mitigated by upgrades to Kirby releases (e.g., 3.6.6.5, 3.7.5.4, 3.8.4.3...
CVE-2024-26483
An arbitrary file upload vulnerability in the Profile Image module of Kirby CMS v4.1.0 allows attackers to execute arbitrary code via a crafted PDF file...
CVE-2024-26483
An arbitrary file upload vulnerability in the Profile Image module of Kirby CMS v4.1.0 allows attackers to execute arbitrary code via a crafted PDF file...
PT-2024-21400 · Kirby Cms · Kirby Cms
Name of the Vulnerable Software and Affected Versions: Kirby CMS version 4.1.0 Description: The issue is related to an arbitrary file upload vulnerability in the Profile Image module, allowing attackers to execute arbitrary code via a crafted PDF file. This vulnerability affects all Kirby sites...
CVE-2023-45379
In the module "Rotator Img" posrotatorimg in versions at least up to 1.1 from PosThemes for PrestaShop, a guest can perform SQL injection...
CVE-2023-45379
In the module "Rotator Img" posrotatorimg in versions at least up to 1.1 from PosThemes for PrestaShop, a guest can perform SQL injection...
CVE-2023-30200
In the module “Image: WebP, Compress, Zoom, Lazy load, Alt & More” ultimateimagetool in versions up to 2.1.02 from Advanced Plugins for PrestaShop, a guest can download personal informations without restriction by performing a path traversal attack...