Mautic Arbitrary File Upload Vulnerability

Mautic is an open source marketing automation application. An arbitrary file upload vulnerability exists in Mautic versions prior to 5.2.3, which stems from insufficient validation of uploaded file extensions and improper handling of file paths. An attacker can exploit this vulnerability to uploa...

CVE-2025-21624

ClipBucket V5 provides open source video hosting with PHP. Prior to 5.5.1 - 239, a file upload vulnerability exists in the Manage Playlist functionality of the application, specifically surrounding the uploading of playlist cover images. Without proper checks, an attacker can upload a PHP script...

CVE-2024-48123

An issue in the USB Autorun function of HI-SCAN 6040i Hitrax HX-03-19-I allows attackers to execute arbitrary code via uploading a crafted script from a USB device...

CVE-2025-21624

ClipBucket V5 provides open source video hosting with PHP. Prior to 5.5.1 - 239, a file upload vulnerability exists in the Manage Playlist functionality of the application, specifically surrounding the uploading of playlist cover images. Without proper checks, an attacker can upload a PHP script...

CVE-2025-21624

CVE-2025-21624 affects ClipBucket V5 prior to 5.5.1-239. The issue is an improper validation in the Manage Playlist file upload that allows uploading a PHP script instead of an image, enabling remote code execution (webshell) in both admin and user areas. The vulnerability is fixed in version 5.5...

CVE-2024-47946

The CVE-2024-47946 issue affects Image Access Scan2Net software. Descriptions across sources state that remote code execution is possible when an attacker with a valid Poweruser session uploads specially crafted valid PNG files containing injected PHP content as desktop backgrounds or lock screen...

PT-2024-34560 · Unknown · Anuj Kumar'S Boat Booking System

Name of the Vulnerable Software and Affected Versions: Anuj Kumar's Boat Booking System version 1.0 Description: The issue allows local attackers to upload a malicious PHP script via the Image Upload Mechanism parameter in the change-image.php file. This enables attackers to potentially execute...

PHPGurukul Boat Booking System 安全漏洞

PHPGurukul Boat Booking System is a boat booking system from PHPGurukul. A security vulnerability exists in version 1.0 of the PHPGurukul Boat Booking System, which stems from an Image Upload Mechanism parameter in change-image.php that allows a local attacker to upload malicious PHP scripts...

PT-2024-21656 · Unknown · Soplanning

Name of the Vulnerable Software and Affected Versions: SO Planning versions prior to 1.52.02 Description: A Remote Code Execution RCE vulnerability is found in the SO Planning online planning tool. If the public view setting is enabled, an attacker can upload a PHP-file that will be available for...

PT-2024-26230 · Unknown · Itsourcecode Payroll Management System

Name of the Vulnerable Software and Affected Versions: Sourcecodester Payroll Management System version 1.0 Description: The issue allows an unauthenticated attacker to upload a malicious PHP file via the "save settings" page, which is intended for image uploads. This can lead to the execution of...

D-Link DAR-7000-40 Command Execution Vulnerability

The D-Link DAR-7000-40 is an Internet Behavior Audit Gateway from China AUO D-Link. The D-Link DAR-7000-40 suffers from a command execution vulnerability, which is caused by incorrect validation of file extensions in the interface/sysmanage/license authorization.php script. An attacker can exploi...

CVE-2024-25994 PHOENIX CONTACT: Unintended script file upload in CHARX Series

An unauthenticated remote attacker can upload a arbitrary script file due to improper input validation. The upload destination is fixed and is write only...

CVE-2023-42017

IBM Planning Analytics Local 2.0 could allow a remote attacker to upload arbitrary files, caused by the improper validation of file extensions. By sending a specially crafted HTTP request, a remote attacker could exploit this vulnerability to upload a malicious script, which could allow the...

Exploit for Cross-site Scripting in Wondercms

CVE-2023-41425 Description Cross Site Scripting vulnerabil...

Galaxy Software Services Vitals ESP Security Vulnerability

Galaxy Software Services Vitals ESP is a knowledge management system for office use by Galaxy Software Services China. A security vulnerability exists in Galaxy Software Services Vitals ESP due to insufficient filtering and authentication during file uploads, which can be exploited by an...

PT-2023-27925 · Galaxy Software Services · Vitals Esp

Name of the Vulnerable Software and Affected Versions: Galaxy Software Services Corporation Vitals ESP affected versions not specified Description: The issue is related to insufficient filtering and validation during file upload in an online knowledge base management portal. An authenticated remo...

CVE-2023-25201

Cross Site Request Forgery CSRF vulnerability in MultiTech Conduit AP MTCAP2-L4E1 MTCAP2-L4E1-868-042A v.6.0.0 allows a remote attacker to execute arbitrary code via a crafted script upload...

CVE-2023-25201

Cross Site Request Forgery CSRF vulnerability in MultiTech Conduit AP MTCAP2-L4E1 MTCAP2-L4E1-868-042A v.6.0.0 allows a remote attacker to execute arbitrary code via a crafted script upload...

CVE-2023-25201

Cross Site Request Forgery CSRF vulnerability in MultiTech Conduit AP MTCAP2-L4E1 MTCAP2-L4E1-868-042A v.6.0.0 allows a remote attacker to execute arbitrary code via a crafted script upload...

CVE-2023-25201

Cross Site Request Forgery CSRF vulnerability in MultiTech Conduit AP MTCAP2-L4E1 MTCAP2-L4E1-868-042A v.6.0.0 allows a remote attacker to execute arbitrary code via a crafted script upload...