14 matches found
CVE-2019-20183
uploadimage.php in Employee Records System 1.0 allows upload and execution of arbitrary PHP code because file-extension validation is only on the client side. The attacker can modify global.js to allow the .php extension...
EUVD-2025-8562
Malicious code in bioql PyPI...
CVE-2025-36174 IBM Integrated Analytics System file upload
IBM Integrated Analytics System 1.0.0.0 through 1.0.30.0 could allow an authenticated user to upload a file with dangerous types that could be executed by another user if opened...
CVE-2025-8256
CVE-2025-8256 affects code-projects Online Ordering System 1.0, where the argument image in /admin/product.php can be manipulated to achieve unrestricted file uploads. The trusted sources consistently describe a remote-exploitable pathway with publicly disclosed exploit details. The likely impact...
CVE-2025-8171 code-projects Document Management System insert.php unrestricted upload
A vulnerability, which was classified as critical, has been found in code-projects Document Management System 1.0. This issue affects some unknown processing of the file /insert.php. The manipulation of the argument uploadedfile leads to unrestricted upload. The attack may be initiated remotely...
CVE-2025-7931 code-projects Church Donation System admin_pic.php unrestricted upload
A vulnerability was found in code-projects Church Donation System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /members/adminpic.php. The manipulation of the argument image leads to unrestricted upload. The attack may be launched remotely. T...
PT-2025-29160 · Unknown · Code-Projects Library System
Name of the Vulnerable Software and Affected Versions: code-projects Library System version 1.0 Description: A critical vulnerability exists in code-projects Library System 1.0, allowing for unrestricted file upload. The issue is located in the /user/teacher/profile.php file, where manipulation o...
CVE-2025-6837 code-projects Library System profile.php unrestricted upload
A vulnerability classified as critical was found in code-projects Library System 1.0. Affected by this vulnerability is an unknown functionality of the file /profile.php. The manipulation of the argument image leads to unrestricted upload. The attack can be launched remotely. The exploit has been...
CVE-2025-6667
CVE-2025-6667 affects Code-Projects Car Rental System 1.0. The vulnerability lies in the file /admin/add_cars.php where the image parameter can be manipulated to achieve unrestricted file upload. This enables remote exploitation and may allow attackers to upload arbitrary files, potentially impac...
CVE-2022-39367
QTIWorks is a software suite for standards-based assessment delivery. Prior to version 1.0-beta15, the QTIWorks Engine allows users to upload QTI content packages as ZIP files. The ZIP handling code does not sufficiently check the paths of files contained within ZIP files, so can insert files int...
Easyadmin 跨站脚本漏洞
Easyadmin is a simple, lightweight backend management system scaffolding by laker individual developers. A cross-site scripting vulnerability exists in Easyadmin 20240324 and earlier versions, which stems from a cross-site scripting XSS vulnerability in the parameter file of file /sys/file/upload...
CVE-2022-40925
Zoo Management System v1.0 has an arbitrary file upload vulnerability in the picture upload point of the "saveevent" file of the "Events" module in the background management system...
PT-2022-23536 · Unknown · Garage Management System
Name of the Vulnerable Software and Affected Versions: Garage Management System version 1.0 Description: The issue is related to a lack of filtering in the file upload function, allowing an attacker to upload a PHP Reverse Shell and gain Remote Code Execution RCE during the process of adding part...
CVE-2019-16066
An unrestricted file upload vulnerability exists in user and system file upload functions in NETSAS Enigma NMS 65.0.0 and prior. This allows an attacker to upload malicious files and perform arbitrary code execution on the system...