Lucene search
K

4 matches found

Github Security Blog
Github Security Blog
added 2026/06/11 5:16 p.m.12 views

CodeIgniter4 has a validation bypass when uploading file extensions via `ext_in` rule

Impact The extin upload validation rule checked the MIME-derived guessed extension instead of the client-provided filename extension. As a result, an uploaded file named shell.php containing GIF-like content could pass validation such as:...

6.1AI score0.00078EPSS
Exploits0References6Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.20 views

PT-2026-48810

Name of the Vulnerable Software and Affected Versions CodeIgniter versions prior to 4.7.3 Description The ext in upload validation rule incorrectly checks the MIME-derived guessed extension instead of the extension provided in the client filename. This allows a file with an executable extension,...

9.8CVSS6.2AI score0.00078EPSS
Exploits0References9
Cvelist
Cvelist
added 2025/12/12 6:32 a.m.36 views

CVE-2025-12655 Hippoo Mobile App for WooCommerce <= 1.7.1 - Missing Authorization to Unauthenticated Limited File Write

The Hippoo Mobile App for WooCommerce plugin for WordPress is vulnerable to arbitrary file write via a missing authorization check in all versions up to, and including, 1.7.1. This is due to the REST API endpoint /wp-json/hippoo/v1/wc/token/savecallback/tokenid being registered with...

5.3CVSS0.00235EPSS
Exploits0References4
CNVD
CNVD
added 2015/08/03 12:0 a.m.3 views

File Upload Vulnerability in Wando OA System

Wando Ezoffice system is a set of jsp-based oa system , the system is based on J2EE architecture technology of three-tier architecture , completely B / S architecture , widely used in various industries . Wando Ezoffice collaborative office platform there is a file upload vulnerability in...

7.1AI score
Exploits0
Rows per page
Query Builder