189 matches found
CVE-2024-7342 Baidu UEditor unrestricted upload
A vulnerability was found in Baidu UEditor 1.4.3.3. It has been classified as problematic. This affects an unknown part of the file /ueditor/php/controller.php?action=uploadfile&encode=utf-8. The manipulation of the argument upfile leads to unrestricted upload. It is possible to initiate the atta...
CVE-2024-7342 Baidu UEditor unrestricted upload
A vulnerability was found in Baidu UEditor 1.4.3.3. It has been classified as problematic. This affects an unknown part of the file /ueditor/php/controller.php?action=uploadfile&encode=utf-8. The manipulation of the argument upfile leads to unrestricted upload. It is possible to initiate the atta...
CVE-2024-7342
Baidu UEditor 1.4.3.3 contains an unrestricted upload vulnerability in the endpoint /ueditor/php/controller.php?action=uploadfile&encode=utf-8, triggered by manipulating the upfile parameter. The issue enables remote initiation and has publicly disclosed exploits; multiple sources corroborate the...
PT-2024-38276 · Baidu · Baidu Ueditor
Name of the Vulnerable Software and Affected Versions: Baidu UEditor version 1.4.3.3 Description: A vulnerability was found in Baidu UEditor, affecting an unknown part of the file "/ueditor/php/controller.php?action=uploadfile&encode=utf-8". The manipulation of the upfile argument leads to...
Baidu UEditor 代码问题漏洞
Baidu UEditor is a WYSIWYG rich text web editor from the Chinese company Baidu. A code issue vulnerability exists in Baidu UEditor version 1.4.3.3, which stems from the operation of the parameter upfile that can lead to unrestricted uploads...
Baidu UEditor 跨站脚本漏洞
Baidu UEditor is a WYSIWYG rich text web editor from the Chinese company Baidu. A cross-site scripting vulnerability exists in Baidu UEditor 1.4.2, which stems from a manipulation of the parameter source that can lead to cross-site scripting attacks...
CVE-2024-40543
PublicCMS v4.0.202302.e was discovered to contain a Server-Side Request Forgery SSRF via the component /admin/ueditor?action=catchimage...
Avue Cross-Site Scripting Vulnerability
Avue is an Avue open source secondary package based on the existing element-ui library. A cross-site scripting vulnerability exists in Avue 3.4.4 and earlier versions, which stems from the component avueUeditor containing unknown functions that lead to cross-site scripting...
CVE-2023-42398
An issue in zzCMS v.2023 allows a remote attacker to execute arbitrary code and obtain sensitive information via the ueditor component in controller.php...
CVE-2023-42398
An issue in zzCMS v.2023 allows a remote attacker to execute arbitrary code and obtain sensitive information via the ueditor component in controller.php...
CVE-2023-42398
An issue in zzCMS v.2023 allows a remote attacker to execute arbitrary code and obtain sensitive information via the ueditor component in controller.php...
Code injection
An issue in zzCMS v.2023 allows a remote attacker to execute arbitrary code and obtain sensitive information via the ueditor component in controller.php...
CVE-2023-42398
The CVE-2023-42398 issue affects zzCMS v.2023, where an attacker can remotely execute arbitrary code and disclose sensitive data through the ueditor component in controller.php. The vulnerability is associated with zzCMS 2023 and involves the ueditor integration in controller.php, enabling code e...
PT-2023-28328 · Zzcms +1 · Zzcms +1
Name of the Vulnerable Software and Affected Versions: zzCMS version 2023 Description: An issue in the software allows a remote attacker to execute arbitrary code and obtain sensitive information via the ueditor component in controller.php. Recommendations: For zzCMS version 2023, consider...
CVE-2023-42398
An issue in zzCMS v.2023 allows a remote attacker to execute arbitrary code and obtain sensitive information via the ueditor component in controller.php...
CVE-2023-42398
An issue in zzCMS v.2023 allows a remote attacker to execute arbitrary code and obtain sensitive information via the ueditor component in controller.php...
ZZCMS Code Issues Vulnerabilities
ZZCMS is a content management system CMS from the China ZZCMS team. A security vulnerability exists in ZZCMS v.2023, which can be exploited to execute arbitrary code and obtain sensitive information via the ueditor component in controller.php...
Dreamer CMS Security Vulnerability
Dreamer CMS is a dreamer content management system by Junnan Wang, an individual developer in China. A security vulnerability exists in Dreamer CMS 4.1.3 and earlier versions, which originates from an unknown function in /upload/ueditorConfig?action=config that results in an accessible file or...
CVE-2020-36037
An issue was disocvered in wuzhicms version 4.1.0, allows remote attackers to execte arbitrary code via the setting parameter to the ueditor in index.php...
CVE-2020-36037
An issue was disocvered in wuzhicms version 4.1.0, allows remote attackers to execte arbitrary code via the setting parameter to the ueditor in index.php...