8 matches found
EUVD-2018-21617
2-Plan Team 1.0.4 contains an arbitrary file upload vulnerability that allows authenticated attackers to upload executable PHP files by sending multipart form data to managefile.php. Attackers can upload PHP files through the userfile1 parameter with action=upload, which are stored in the files...
CVE-2018-25162
2-Plan Team 1.0.4 contains an arbitrary file upload vulnerability that allows authenticated attackers to upload executable PHP files by sending multipart form data to managefile.php. Attackers can upload PHP files through the userfile1 parameter with action=upload, which are stored in the files...
CVE-2018-25162 2-Plan Team 1.0.4 Arbitrary File Upload via managefile.php
2-Plan Team 1.0.4 contains an arbitrary file upload vulnerability that allows authenticated attackers to upload executable PHP files by sending multipart form data to managefile.php. Attackers can upload PHP files through the userfile1 parameter with action=upload, which are stored in the files...
CVE-2018-25162 2-Plan Team 1.0.4 Arbitrary File Upload via managefile.php
2-Plan Team 1.0.4 contains an arbitrary file upload vulnerability that allows authenticated attackers to upload executable PHP files by sending multipart form data to managefile.php. Attackers can upload PHP files through the userfile1 parameter with action=upload, which are stored in the files...
2-Plan Team 代码问题漏洞
2-Plan Team is a project planning software developed by the German company 2-Plan. Version 1.0.4 of 2-Plan Team contains a code vulnerability. This vulnerability stems from the userfile1 parameter in the managefile.php file, which allows arbitrary file uploads. This could lead to the execution of...
PT-2026-23674
2-Plan Team 1.0.4 contains an arbitrary file upload vulnerability that allows authenticated attackers to upload executable PHP files by sending multipart form data to managefile.php. Attackers can upload PHP files through the userfile1 parameter with action=upload, which are stored in the files...
CVE-2020-13655
An issue was discovered in Collabtive 3.0 and later. managefile.php is vulnerable to XSS: when the action parameter is set to movefile and the id parameter corresponds to a project the current user has access to, the file and target parameters are reflected...
Design/Logic Flaw
An issue was discovered in Collabtive 3.0 and later. managefile.php is vulnerable to XSS: when the action parameter is set to movefile and the id parameter corresponds to a project the current user has access to, the file and target parameters are reflected...