CVE-2024-12427

The Multi Step Form plugin for WordPress is vulnerable to unauthorized limited file upload due to a missing capability check on the fwuploadfile AJAX action in all versions up to, and including, 1.7.23. This makes it possible for unauthenticated attackers to upload limited file types such as imag...

WordPress plugin Admin and Customer Messages After Order for WooCommerce: OrderConvo 代码问题漏洞

WordPress and the WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress plugin Admin and Customer Messag...

CVE-2024-44758

An arbitrary file upload vulnerability in the component /Production/UploadFile of NUS-M9 ERP Management Software v3.0.0 allows attackers to execute arbitrary code via uploading crafted files...

NUS-M9 安全漏洞

NUS-M9 is an ERP system from China Zhelin NUS Company. A security vulnerability exists in NUS-M9 v3.0.0, which is caused by an arbitrary file upload vulnerability in the /Production/UploadFile component. An attacker can exploit this vulnerability to execute arbitrary code by uploading a specially...

PT-2024-31237 · Unknown · Nus-M9 Erp Management

Name of the Vulnerable Software and Affected Versions: NUS-M9 ERP Management Software version 3.0.0 Description: An arbitrary file upload issue in the /Production/UploadFile component allows attackers to execute arbitrary code by uploading crafted files. Recommendations: For NUS-M9 ERP Management...

CVE-2024-49668

CVE-2024-49668 – Verbalize WP (WordPress plugin) Arbitrary File Upload . Affected: Verbalize WP up to version 1.0. Description: Unrestricted Upload of File with Dangerous Type could allow a Web Shell upload to the server. Sources/verification: Wordfence Intelligence vulnerability entry notes Unpa...

CVE-2024-49327

Unrestricted Upload of File with Dangerous Type vulnerability in bepitulaz Woostagram Connect woostagram-connect allows Upload a Web Shell to a Web Server.This issue affects Woostagram Connect: from n/a through = 1.0.2...

WordPress Increase upload file size & Maximum Execution Time limit Plugin <= 2.0 is vulnerable to Cross Site Scripting (XSS)

Software Increase upload file size & Maximum Execution Time limit Type Plugin Vulnerable versions = 2.0 Fixed in 3.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9611 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID...

CVE-2024-47319

Unrestricted Upload of File with Dangerous Type vulnerability in Bit Apps Bit Form bit-form.This issue affects Bit Form: from n/a through = 2.13.10...

PT-2024-39220 · Unknown · Bit File Manager

Name of the Vulnerable Software and Affected Versions: The Bit File Manager versions up to, and including, 6.5.7 Description: The issue is due to a lack of proper checks on allowed file types, making it possible for authenticated attackers with Subscriber-level access and above, and granted...

CVE-2022-2439

The Easy Digital Downloads – Simple eCommerce for Selling Digital Files plugin for WordPress is vulnerable to deserialization of untrusted input via the 'uploadfile' parameter in versions up to, and including 3.3.3. This makes it possible for authenticated administrative users to call files using...

PT-2024-11528 · WordPress · Easy Digital Downloads

Name of the Vulnerable Software and Affected Versions: Easy Digital Downloads – Simple eCommerce for Selling Digital Files plugin for WordPress versions up to, and including 3.3.3 Description: The issue concerns deserialization of untrusted input via the uploadfile parameter. This allows...

CVE-2022-2446

The WP Editor plugin for WordPress is vulnerable to deserialization of untrusted input via the 'currentthemeroot' parameter in versions up to, and including 1.2.9. This makes it possible for authenticated attackers with administrative privileges to call files using a PHAR wrapper that will...

Flowise 安全漏洞

Flowise is a FlowiseAI open source tool for easily building LLM applications. A security vulnerability exists in Flowise version 1.8.2, which results in a denial of service due to improper handling of user-supplied input to the "/api/v1/get-upload-file" api endpoint...

PT-2024-38861 · Flowise · Flowise

Name of the Vulnerable Software and Affected Versions: Flowise version 1.8.2 Description: An Unauthenticated Denial of Service DoS vulnerability exists in Flowise, leading to a complete crash of the instance running a vulnerable version due to improper handling of user-supplied input to the...

Vivotek SD9364 命令注入漏洞

Vivotek SD9364 is a high-speed camera from China VIVOTEK Communications Vivotek. A command injection vulnerability exists in the Vivotek SD9364 version VVTK-0103f, which stems from the parameter QUERYSTRING in the file uploadfile.cgi that can lead to command injection...

Vivotek CC8160 安全漏洞

The Vivotek CC8160 is a 2MP highly striped network camera from China VIVOTEK Communications Vivotek. A security vulnerability exists in the Vivotek CC8160 VVTK-0100d version, which stems from the parameter QUERYSTRING in the file uploadfile. cgi that can lead to command injection...

RockOA cross-site scripting vulnerability (CNVD-2024-33675)

RockOA Xinhuo is an open source office OA system. A cross-site scripting vulnerability exists in RockOA 2.6.3, which originates from a callback parameter in the /webmain/public/upload/tplupload.html file containing cross-site scripting. No details of the vulnerability are available at this time...

CVE-2024-31411

Unrestricted Upload of File with dangerous type vulnerability in Apache StreamPipes. Such a dangerous type might be an executable file that may lead to a remote code execution RCE. The unrestricted upload is only possible for authenticated and authorized users. This issue affects Apache...

CVE-2019-16640

An issue was found in upload.php on the Ruijie EG-2000 series gateway. A parameter passed to the class UploadFile is mishandled %00 and /var/./html are not checked, which can allow an attacker to upload any file to the gateway. This affects EG-2000SE EGRGOS 11.9 B11P1...