79 matches found
CVE-2026-11344
CVE-2026-11344 affects the code-projects Vehicle Management System 1.0, specifically the New Driver Registration Form’s file handling in newdriver.php. The vulnerability arises from manipulating the argument photo, leading to an unrestricted upload condition. The flaw is exploitable remotely and ...
CVE-2026-11344
A vulnerability was found in code-projects Vehicle Management System 1.0. This impacts an unknown function of the file newdriver.php of the component New Driver Registration Form. Performing a manipulation of the argument photo results in unrestricted upload. The attack may be initiated remotely...
Malicious Package
Overview yelp-react-component-photo-upload is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and...
Malicious code in yelp-react-component-photo-upload (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 32e7f0c90df117fd4748129db7ebb37ee6519a0f8ace68bbd197b8f6658da7ee The package yelp-react-component-photo-upload was found to contain malicious code. Source: ghsa-malware...
MAL-2026-2135 Malicious code in yelp-react-component-photo-upload (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 32e7f0c90df117fd4748129db7ebb37ee6519a0f8ace68bbd197b8f6658da7ee The package yelp-react-component-photo-upload was found to contain malicious code. Source: ghsa-malware...
CVE-2018-25176
Alive Parish 2.0.4 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the key parameter in the search endpoint. Attackers can also upload arbitrary files via the person photo upload functionality to th...
CVE-2020-37084
School ERP Pro 1.0 contains a remote code execution vulnerability that allows authenticated admin users to upload arbitrary PHP files as profile photos by bypassing file extension checks. Attackers can exploit improper file validation in pre-editstudent.inc.php to execute arbitrary code on the...
CVE-2020-37084
CVE-2020-37084 affects School ERP Pro 1.0. An authenticated administrator can upload arbitrary PHP files as profile photos by bypassing file extension checks, via improper validation in pre-editstudent.inc.php, enabling remote code execution on the server. The vulnerability is tied to the admin p...
CVE-2020-37084 School ERP Pro 1.0 Admin Profile Photo Upload Remote Code Execution Vulnerability
School ERP Pro 1.0 contains a remote code execution vulnerability that allows authenticated admin users to upload arbitrary PHP files as profile photos by bypassing file extension checks. Attackers can exploit improper file validation in pre-editstudent.inc.php to execute arbitrary code on the...
CVE-2026-24034
CVE-2026-24034 affects Horilla HRMS. In versions prior to 1.5.0, an XSS vulnerability can be triggered during profile photo update because the extension and content-type are not checked. The issue is fixed in 1.5.0. If you use Horilla, upgrade to 1.5.0 or later to mitigate. The provided sources c...
CVE-2023-53971
WebTareas 2.4 contains a file upload vulnerability that allows authenticated users to upload malicious PHP files through the chat photo upload functionality. Attackers can upload a PHP file with arbitrary code to the /files/Messages/ directory and execute it directly through the generated file pa...
CVE-2023-53971 WebTareas 2.4 Authenticated Remote Code Execution via File Upload
WebTareas 2.4 contains a file upload vulnerability that allows authenticated users to upload malicious PHP files through the chat photo upload functionality. Attackers can upload a PHP file with arbitrary code to the /files/Messages/ directory and execute it directly through the generated file pa...
PT-2025-51029
Name of the Vulnerable Software and Affected Versions campcodes Online Student Enrollment System version 1.0 Description A flaw exists in campcodes Online Student Enrollment System that allows for unrestricted file upload. The issue is related to the manipulation of the photo argument within the...
CVE-2025-11508
A security vulnerability has been detected in code-projects Voting System 1.0. This affects an unknown function of the file /admin/votersadd.php. Such manipulation of the argument photo leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed publicly and...
CVE-2025-11417 Campcodes Advanced Online Voting Management System voters_add.php unrestricted upload
A weakness has been identified in Campcodes Advanced Online Voting Management System 1.0. This vulnerability affects unknown code of the file /admin/votersadd.php. Executing manipulation of the argument photo can lead to unrestricted upload. The attack can be launched remotely. The exploit has be...
EUVD-2024-44833
Malicious code in bioql PyPI...
CVE-2025-8120
Due to client-controlled permission check parameter, PAD CMS's upload photo functionality allows an unauthenticated remote attacker to upload files of any type and extension without restriction, which can then be executed leading to Remote Code Execution.This issue affects all 3 templates: www, b...
CVE-2025-11078
A vulnerability was identified in itsourcecode Open Source Job Portal 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/user/controller.php?action=photos. The manipulation of the argument photo leads to unrestricted upload. The attack is possible to be carried out...
CVE-2025-9153
A vulnerability was detected in itsourcecode Online Tour and Travel Management System 1.0. This vulnerability affects unknown code of the file /admin/operations/travellers.php. The manipulation of the argument photo results in unrestricted upload. The attack can be launched remotely. The exploit ...
CVE-2025-9153
A vulnerability was detected in itsourcecode Online Tour and Travel Management System 1.0. This vulnerability affects unknown code of the file /admin/operations/travellers.php. The manipulation of the argument photo results in unrestricted upload. The attack can be launched remotely. The exploit ...