Remote Code Execution (RCE)

openmage/magento-lts is vulnerable to Remote Code Execution RCE. The vulnerability exists due to insufficient input validation which allows an administrator with upload file permission to create products which results in arbitrary code execution via the convert profile...

WordPress Upload File Type Settings Plugin Plugin <= 1.1 is vulnerable to Cross Site Scripting (XSS)

Software Upload File Type Settings Plugin Type Plugin Vulnerable versions = 1.1 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-25781 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 1b1468ec7ed1 Credits Rio Darmaw...

CVE-2023-22629

An issue was discovered in TitanFTP through 1.94.1205. The move-file function has a path traversal vulnerability in the newPath parameter. An authenticated attacker can upload any file and then move it anywhere on the server's filesystem...

CVE-2023-0080

The Customer Reviews for WooCommerce WordPress plugin before 5.16.0 does not validate one of its shortcode attribute, which could allow users with a contributor role and above to include arbitrary files via a traversal attack. This could also allow them to read non PHP files and retrieve their...

Pimcore contains Unrestricted Upload of File with Dangerous Type

Impact The upload functionality for updating user profile does not properly validate the file content-type, allowing any authenticated user to bypass this security check by adding a valid signature p.e. GIF89 and sending any invalid content-type. This could allow an authenticated attacker to uplo...

CVE-2022-40035

File Upload Vulnerability found in Rawchen Blog-ssm v1.0 allowing attackers to execute arbitrary commands and gain escalated privileges via the /uploadFileList component...

PT-2023-13743 · Unknown · Rawchen Blog-Ssm

Name of the Vulnerable Software and Affected Versions: Rawchen Blog-ssm version 1.0 Description: A file upload issue allows attackers to execute arbitrary commands and gain escalated privileges via the "uploadFileList" component, specifically through the "/uploadFileList" API endpoint...

PT-2023-12626 · WordPress · Club-Theme +9

Name of the Vulnerable Software and Affected Versions: WeStand WordPress theme versions prior to 2.1 footysquare WordPress theme aidreform WordPress theme statfort WordPress theme club-theme WordPress theme kingclub-theme WordPress theme spikes WordPress theme spikes-black WordPress theme...

CVE-2022-47928

Summary: CVE-2022-47928 is a cross-site scripting (XSS) vulnerability in MISP prior to 2.4.167, caused by an XSS flaw in the template file uploads feature (app/View/Templates/upload_file.ctp). The issue is documented across multiple sources (NVD, Red Hat, OSV, etc.) and is specifically tied to th...

CVE-2022-46020

WBCE CMS v1.5.4 can implement getshell by modifying the upload file type...

Design/Logic Flaw

WBCE CMS v1.5.4 can implement getshell by modifying the upload file type...

WBCE CMS 代码问题漏洞

WBCE CMS is an open source content management system CMS based on PHP and MySQL. A security vulnerability exists in WBCE CMS v1.5.4, which originates from a getshell that can be realized by modifying the upload file type...

CVE-2022-46020

WBCE CMS v1.5.4 is affected by CVE-2022-46020, a remote code execution vulnerability caused by allowing getshell via modification of the upload file type. The NVD/Nuclei and related sources describe a critical flaw (CVSS v3.1: 9.8) with network attack vector, no privileges required, and high impa...

PT-2022-27718 · Wbce Cms · Wbce Cms

Name of the Vulnerable Software and Affected Versions: WBCE CMS version 1.5.4 Description: The issue allows for getshell by modifying the upload file type, potentially leading to unauthorized access and control. Recommendations: For WBCE CMS version 1.5.4, consider restricting the upload file typ...

Casdoor 路径遍历漏洞

Casdoor is an open source Identity and Access Management IAM / Single Sign-On SSO platform with a Web UI that supports OAuth 2.0 / OIDC and SAML authentication. A security vulnerability exists in Casdoor versions prior to v1.126.1, which stems from its uploadFile function that allows an attacker ...

Zimbra Collaboration Suite 代码问题漏洞

Zimbra Collaboration Suite ZCS is an open source collaboration suite from Synacor, USA. The product includes WebMail, Calendar, Address Book and more. A code issue vulnerability exists in Zimbra Collaboration Suite versions 8.8.15 and 9.0, which originates from an authenticated administrator user...

CVE-2022-40048

Flatpress v1.2.1 was discovered to contain a remote code execution RCE vulnerability in the Upload File function...

CVE-2022-40048

Flatpress v1.2.1 was discovered to contain a remote code execution RCE vulnerability in the Upload File function...

Remote code execution

Flatpress v1.2.1 was discovered to contain a remote code execution RCE vulnerability in the Upload File function...

CVE-2022-40048

CVE-2022-40048 concerns Flatpress v1.2.1, with a remote code execution (RCE) vulnerability in the Upload File function. Multiple sources (NVD, Red Hat, NVD feed, OpenVAS) confirm an RCE impacting Flatpress in Version 1.2.1, via the file upload mechanism, yielding high impact on confidentiality, i...