PT-2024-6010 · Adobe · Commerce

Name of the Vulnerable Software and Affected Versions: Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier Description: The issue is related to an Unrestricted Upload of File with Dangerous Type, which could result in arbitrary code execution by an attacker. An attacker cou...

PT-2024-27437 · Jan · Jan

Name of the Vulnerable Software and Affected Versions: Jan version 0.4.12 Description: The issue allows attackers to execute arbitrary code via uploading a crafted file to the "/v1/app/appendFileSync" interface. Recommendations: For Jan version 0.4.12, as a temporary workaround, consider disablin...

PT-2024-26563 · O2Oa · O2Oa

Name of the Vulnerable Software and Affected Versions: O2OA version 8.3.8 Description: The issue allows attackers to execute arbitrary code by uploading a crafted PDF file, exploiting an arbitrary file upload vulnerability. Recommendations: For O2OA version 8.3.8, consider restricting file upload...

PT-2023-6848 · Glpi +2 · Glpi +2

Name of the Vulnerable Software and Affected Versions: GLPI versions prior to 10.0.10 Description: The issue is related to an unlimited file upload vulnerability in the GLPI system, which can be exploited by a remote attacker to upload arbitrary files to the system. This can potentially allow the...

PT-2023-23874 · Avalanche · Avalanche

Name of the Vulnerable Software and Affected Versions: Avalanche versions 6.3.x and below Description: An unrestricted upload of file with a dangerous type could allow an attacker to achieve remote code execution. The issue is fixed in version 6.4.1. Recommendations: For Avalanche versions 6.3.x...

PT-2022-20717 · Docebo · Docebo Community Edition

Name of the Vulnerable Software and Affected Versions: Docebo Community Edition versions 4.0.5 and below Description: The issue is related to an arbitrary file upload vulnerability. It is noted that this vulnerability only affects products that are no longer supported by the maintainer...