CVE-2023-2716

The Groundhogg plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the 'ajaxuploadfile' function in versions up to, and including, 2.7.9.8. This makes it possible for authenticated attackers, with subscriber-level access...

Information Disclosure

github.com/answerdev/answer is vulnerable to Information Disclosure. The vulnerability exists because of uninitialized memory exposure in the upload.go file, which allows an attacker to access the uploaded image and extract the EXIF data...

PT-2023-2875 · D Link · D-Link D-View

Name of the Vulnerable Software and Affected Versions: D-Link D-View affected versions not specified Description: This issue allows remote attackers to create arbitrary files on affected installations of D-Link D-View, with authentication required to exploit it. The specific flaw exists within th...

WordPress plugin ZYREX POPUP 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code issue vulnerability exists in the...

The vulnerability of the remote function (application\admin\controller\Upload.php) in the tpAdmin library allows a attacker to perform an SSRF attack.

The vulnerability of the remote function in the application\admin\controller\Upload.php file of the tpAdmin library is related to insufficient validation of requests on the server side. Exploiting this vulnerability allows a malicious actor to perform an SSRF attack...

PT-2023-17432 · Unknown · Campcodes Video Sharing Website

Name of the Vulnerable Software and Affected Versions: Campcodes Video Sharing Website version 1.0 Description: A critical issue was found in the file upload.php, where the manipulation of the id argument leads to SQL injection. This issue can be exploited remotely. Recommendations: For Campcodes...

CVE-2020-19802

File Upload vulnerability found in Milken DoyoCMS v.2.3 allows a remote attacker to execute arbitrary code via the upload file type parameter...

CVE-2020-19699

Cross Site Scripting vulnerability found in KOHGYLW Kiftd v.1.0.18 allows a remote attacker to execute arbitrary code via the tag in the upload file page...

CVE-2020-19699

Cross Site Scripting vulnerability found in KOHGYLW Kiftd v.1.0.18 allows a remote attacker to execute arbitrary code via the tag in the upload file page...

Cross site scripting

Cross Site Scripting vulnerability found in KOHGYLW Kiftd v.1.0.18 allows a remote attacker to execute arbitrary code via the tag in the upload file page...

CVE-2020-19699

Cross Site Scripting vulnerability found in KOHGYLW Kiftd v.1.0.18 allows a remote attacker to execute arbitrary code via the tag in the upload file page...

CVE-2021-31707

CVE-2021-31707 affects KiteCMS. A permissions issue in the upload file type allows a remote attacker to execute arbitrary code. The vulnerability is characterized by a high-severity CVSS v3.1 score (9.8, CRITICAL) with network access, no privileges required, and no user interaction needed, and it...

CVE-2021-31707

Permissions vulnerability found in KiteCMS allows a remote attacker to execute arbitrary code via the upload file type...

CVE-2023-0340

The Custom Content Shortcode WordPress plugin through 4.0.2 does not validate one of its shortcode attribute, which could allow users with a contributor role and above to include arbitrary files via a traversal attack. This could also allow them to read non PHP files and retrieve their content. R...

CVE-2023-0340 Custom Content Shortcode <= 4.0.2 - Contributor+ LFI

The Custom Content Shortcode WordPress plugin through 4.0.2 does not validate one of its shortcode attribute, which could allow users with a contributor role and above to include arbitrary files via a traversal attack. This could also allow them to read non PHP files and retrieve their content. R...

CVE-2021-32302

Cross Site Scripting vulnerability in IRZ Electronics RUH2 GSM router allows attacker to obtain sensitive information via the Upload File parameter...

Cross site scripting

Cross Site Scripting vulnerability in IRZ Electronics RUH2 GSM router allows attacker to obtain sensitive information via the Upload File parameter...

CVE-2021-32302

CVE-2021-32302 affects IRZ Electronics RUH2 GSM router. The vulnerability is a Cross Site Scripting (XSS) flaw in the router’s vulnerability surface exposed via the Upload File parameter , enabling an attacker to obtain sensitive information. Root cause and details are corroborated by multiple so...

iRZ Mobile Routers 跨站脚本漏洞

iRZ Mobile Routers is a series of mobile routers from the Russian company iRZ. A security vulnerability exists in iRZ Mobile Routers. An attacker could use this vulnerability to obtain sensitive information via the Upload File parameter...

CVE-2021-32302

Cross Site Scripting vulnerability in IRZ Electronics RUH2 GSM router allows attacker to obtain sensitive information via the Upload File parameter...