Lucene search
K

8 matches found

NVD
NVD
added 2026/05/27 7:16 p.m.18 views

CVE-2026-42879

FacturaScripts is an open source accounting and invoicing software. In 2025.81 and earlier, an authenticated unrestricted file upload vulnerability exists in FacturaScripts' product image upload functionality. An attacker with valid credentials can upload a PHP file disguised as a GIF image using...

6.3CVSS0.00229EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-5538

Malicious code in bioql PyPI...

4CVSS4.6AI score0.01425EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/09/15 7:13 a.m.8 views

EC-CUBE plugin "Product Image Bulk Upload Plugin" vulnerable to insufficient verification in uploading files

Overview EC-CUBE plugin "Product Image Bulk Upload Plugin", a plugin that enables to upload image files, provided by EC-CUBE CO.,LTD. contains an insufficient verification vulnerability when uploading files CWE-20. Exploiting this vulnerability allows a remote unauthenticated attacker to upload...

9.8CVSS7AI score0.00956EPSS
Exploits0References6
Prion
Prion
added 2021/09/08 5:15 p.m.14 views

Information disclosure

Magento versions 2.4.2 and earlier, 2.4.1-p1 and earlier and 2.3.6-p1 and earlier are vulnerable to an Information Disclosure vulnerability when uploading a modified png file to a product image. Successful exploitation could lead to the disclosure of document root path by an unauthenticated...

4CVSS4.4AI score0.01425EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2019/05/13 6:29 p.m.19 views

Remote code execution

KonaKart 8.9.0.0 is vulnerable to Remote Code Execution by uploading a web shell as a product category image...

7.5CVSS9.6AI score0.04153EPSS
Exploits0References1Affected Software1
CNVD
CNVD
added 2017/06/08 12:0 a.m.3 views

Two File Upload Vulnerabilities Exist in Website Builder Star Backend

Ltd., is a cloud computing-based Internet application service provider. There are file upload vulnerabilities in the background of sitestar 1 banner scroll bar edit-select single image upload and 2 product management in the background-edit more image upload. Allow attackers to upload webshell and...

7.3AI score
Exploits0
Hacker One
Hacker One
added 2017/04/23 2:43 p.m.374 views

Shopify: SVG Server Side Request Forgery (SSRF)

I found an issue which seems to be regression of the following issue: https://hackerone.com/reports/97501 . It seems your input validaton is not sufficient and the file is getting processed before your implemented check for valid file types. When adding a new product in the store, images for the...

6.9AI score
Exploits0
Packet Storm
Packet Storm
added 2009/07/23 12:0 a.m.25 views

Valentina Cookie Handling Privilege Escalation

Cyber-Warrior & Security TIM - Bug Researchers Group Application Name : Valentina Vulnerable Type : Cookie Handling Vulnerebility Infection : SQL Info GET... Author : Septemb0x Script Down.& WebSite : http://s2.dosya.tc/valentina.zip.html - http://www.valya.ru Cyber-Warrior & Security TIM - Bug...

1.3AI score
Exploits0
Rows per page
Query Builder