22 matches found
GHSA-R747-33R4-RMJW Duplicate Advisory: OpenClaw: QQBot direct media upload skipped URL SSRF validation
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-c4qg-j8jg-42q5. This link is maintained to preserve external references. Original Description OpenClaw before 2026.4.20 contains a server-side request forgery vulnerability in QQBot direct media upload that skip...
EUVD-2026-28199
OpenClaw before 2026.4.20 contains a server-side request forgery vulnerability in QQBot direct media upload that skips URL validation. Attackers can bypass SSRF protections by sending crafted image URLs to uploadC2CMedia and uploadGroupMedia endpoints to relay unintended requests...
CVE-2026-41938
Vvveb
EUVD-2026-23948
Vvveb CMS 1.0.8 contains a remote code execution vulnerability in its media upload handler that allows authenticated attackers to execute arbitrary operating system commands by uploading a PHP webshell with a .phtml extension. Attackers can bypass the extension deny-list and upload malicious file...
WordPress Kadence Blocks - Page Builder Toolkit for Gutenberg Editor plugin <= 3.6.3 - Missing Authorization to Authenticated (Contributor+) Media Upload vulnerability
WordPress Kadence Blocks - Page Builder Toolkit for Gutenberg Editor plugin = 3.6.3 - Missing Authorization to Authenticated Contributor+ Media Upload vulnerability discovered by lucsob in WordPress Plugin Gutenberg Blocks by Kadence Blocks versions = 3.6.3...
EUVD-2026-11609
Tina: Path Traversal in Media Upload Handle...
CVE-2025-11363
The Royal Addons for Elementor WordPress plugin before 1.7.1037 does not have proper authorisation, allowing unauthenticated users to upload media files via the wpraddonsuploadfile action...
CVE-2024-58282
Serendipity 2.5.0 contains a remote code execution vulnerability that allows authenticated administrators to upload malicious PHP files through the media upload functionality. Attackers can exploit the file upload mechanism by creating a PHP shell with a command execution form that enables...
Arbitrary File Upload
Overview Affected versions of this package are vulnerable to Arbitrary File Upload via the media upload functionality. An attacker can execute arbitrary code on the server by uploading a specially crafted PHP file after authenticating. Remediation Upgrade dotclear/dotclear to version 2.31 or...
PT-2025-48254
The AI ChatBot with ChatGPT and Content Generator by AYS plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'ays chatgpt save wp media' function in all versions up to, and including, 2.7.0. This makes it possible for unauthenticated attackers to...
EUVD-2024-27784
Malicious code in bioql PyPI...
EUVD-2025-16744
Malicious code in bioql PyPI...
CVE-2025-4224
The wpForo + wpForo Advanced Attachments plugin for WordPress is vulnerable to Stored Cross-Site Scripting via media upload names in all versions up to, and including, 3.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2023-41318
matrix-media-repo is a highly customizable multi-domain media repository for the Matrix chat ecosystem. In affected versions an attacker could upload a malicious piece of media to the media repo, which would then be served with Content-Disposition: inline upon download. This vulnerability could b...
CVE-2021-25971
In Camaleon CMS, versions 2.0.1 to 2.6.0 are vulnerable to an Uncaught Exception. The app's media upload feature crashes permanently when an attacker with a low privileged access uploads a specially crafted .svg file...
CVE-2021-25972
In Camaleon CMS, versions 2.1.2.0 to 2.6.0, are vulnerable to Server-Side Request Forgery SSRF in the media upload feature, which allows admin users to fetch media files from external URLs but fails to validate URLs referencing to localhost or other internal servers. This allows attackers to read...
Strapi Security Vulnerabilities
Strapi is an open source content management system CMS. A security vulnerability exists in Strapi versions prior to 4.22.0 that stems from a denial-of-service vulnerability in the media upload process that causes the server to crash...
CVE-2022-23080
In directus versions v9.0.0-beta.2 through 9.6.0 are vulnerable to server-side request forgery SSRF in the media upload functionality which allows a low privileged user to perform internal network port scans...
CVE-2021-42675
Kreado Kreasfero 1.5 does not properly sanitize uploaded files to the media directory. One can upload a malicious PHP file and obtain remote code execution...
Cross site request forgery (csrf)
The Logo Showcase with Slick Slider WordPress plugin before 2.0.1 does not have CSRF check in the lswsssaveattachmentdata AJAX action, allowing attackers to make a logged in high privilege user, change title, description, alt text, and URL of arbitrary uploaded media...