189 matches found
CVE-2025-29287
CVE-2025-29287 affects MCMS v5.4.3 via the ueditor component, enabling arbitrary code execution through crafted file uploads. The vulnerability is known across multiple advisories (Red Hat, GHSA, OSV, NVD, Snyk, etc.), with CVSS v3.1 base score 9.8 (CRITICAL). Public references describe an arbitr...
MingSoft MCMS 安全漏洞
MingSoft MCMS is a complete open source J2ee system from China's MingFei MingSoft. A security vulnerability exists in MingSoft MCMS version v5.4.3, which stems from the ueditor component allowing the upload of specially crafted files, which could lead to the execution of arbitrary code...
CVE-2025-29287
An arbitrary file upload vulnerability in the ueditor component of MCMS v5.4.3 allows attackers to execute arbitrary code via uploading a crafted file...
CVE-2025-1543
A vulnerability, which was classified as problematic, has been found in iteachyou Dreamer CMS 4.1.3. This issue affects some unknown processing of the file /resource/js/ueditor-1.4.3.3. The manipulation leads to path traversal. The attack may be initiated remotely. The exploit has been disclosed ...
CVE-2025-1543 iteachyou Dreamer CMS ueditor-1.4.3.3 path traversal
A vulnerability, which was classified as problematic, has been found in iteachyou Dreamer CMS 4.1.3. This issue affects some unknown processing of the file /resource/js/ueditor-1.4.3.3. The manipulation leads to path traversal. The attack may be initiated remotely. The exploit has been disclosed ...
Dreamer CMS 路径遍历漏洞
Dreamer CMS is a Dreamer Content Management System by Junnan Wang, an individual developer in China. A path traversal vulnerability exists in Dreamer CMS version 4.1.3, which originates from a path traversal vulnerability contained in the /resource/js/ueditor-1.4.3.3 location...
kvf-admin 跨站脚本漏洞
kvf-admin is a rapid development framework, scaffolding, backend management system, permission system. kvf-admin cross-site scripting vulnerability , the vulnerability stems from the file / ueditor/upload?configPath=ueditor/config.json&action=uploadfile parameter upfile lack of effective filterin...
CVE-2024-41577
An arbitrary file upload vulnerability in the Ueditor component of productinfoquick v1.0 allows attackers to execute arbitrary code via uploading a crafted PNG file...
productinfoquick 安全漏洞
productinfoquick is an application. A security vulnerability exists in productinfoquick v1.0, which stems from an arbitrary file upload vulnerability in the Ueditor component that allows attackers to execute arbitrary code by uploading a crafted PNG file...
CVE-2024-41577
An arbitrary file upload vulnerability in the Ueditor component of productinfoquick v1.0 allows attackers to execute arbitrary code via uploading a crafted PNG file...
PT-2024-29450 · Unknown +1 · Productinfoquick +1
Name of the Vulnerable Software and Affected Versions: productinfoquick version 1.0 Description: The issue allows attackers to execute arbitrary code by uploading a crafted PNG file, exploiting an arbitrary file upload vulnerability in the Ueditor component. Recommendations: For version 1.0, upda...
CVE-2024-41577
CVE-2024-41577 affects productinfoquick v1.0 via the Ueditor component. The vulnerability is an arbitrary file upload that allows code execution when uploading a crafted PNG. Public documentation from multiple feeds confirms the affected software/component: productinfoquick v1.0, Ueditor, and the...
CVE-2024-41577
An arbitrary file upload vulnerability in the Ueditor component of productinfoquick v1.0 allows attackers to execute arbitrary code via uploading a crafted PNG file...
CVE-2024-7342
A vulnerability was found in Baidu UEditor 1.4.3.3. It has been classified as problematic. This affects an unknown part of the file /ueditor/php/controller.php?action=uploadfile&encode=utf-8. The manipulation of the argument upfile leads to unrestricted upload. It is possible to initiate the atta...
CVE-2024-7343
A vulnerability was found in Baidu UEditor 1.4.2. It has been declared as problematic. This vulnerability affects unknown code of the file /ueditor142/php/controller.php?action=catchimage. The manipulation of the argument source leads to cross site scripting. The attack can be initiated remotely...
CVE-2024-7342
A vulnerability was found in Baidu UEditor 1.4.3.3. It has been classified as problematic. This affects an unknown part of the file /ueditor/php/controller.php?action=uploadfile&encode=utf-8. The manipulation of the argument upfile leads to unrestricted upload. It is possible to initiate the atta...
CVE-2024-7343
A vulnerability was found in Baidu UEditor 1.4.2. It has been declared as problematic. This vulnerability affects unknown code of the file /ueditor142/php/controller.php?action=catchimage. The manipulation of the argument source leads to cross site scripting. The attack can be initiated remotely...
CVE-2024-7343 Baidu UEditor cross site scripting
A vulnerability was found in Baidu UEditor 1.4.2. It has been declared as problematic. This vulnerability affects unknown code of the file /ueditor142/php/controller.php?action=catchimage. The manipulation of the argument source leads to cross site scripting. The attack can be initiated remotely...
CVE-2024-7343 Baidu UEditor cross site scripting
A vulnerability was found in Baidu UEditor 1.4.2. It has been declared as problematic. This vulnerability affects unknown code of the file /ueditor142/php/controller.php?action=catchimage. The manipulation of the argument source leads to cross site scripting. The attack can be initiated remotely...
CVE-2024-7343
Baidu UEditor 1.4.2 is affected. The vulnerability is in /ueditor142/php/controller.php?action=catchimage, where manipulating the argument source[] enables cross-site scripting. Attack can be performed remotely and the exploit has been disclosed publicly. The issue is documented across CVE-2024-7...