143 matches found
Design/Logic Flaw
An arbitrary file upload vulnerability in the file upload module of Strapi v4.1.5 allows attackers to execute arbitrary code via a crafted file...
Design/Logic Flaw
An arbitrary file upload vulnerability in the file upload module of express-fileupload 1.3.1 allows attackers to execute arbitrary code via a crafted PHP file. NOTE: the vendor's position is that the observed behavior can only occur with "intentional misusing of the API": the express-fileupload...
CVE-2022-27952
An arbitrary file upload vulnerability in the file upload module of PayloadCMS v0.15.0 allows attackers to execute arbitrary code via a crafted SVG file...
CVE-2022-27139
An arbitrary file upload vulnerability in the file upload module of Ghost v4.39.0 allows attackers to execute arbitrary code via a crafted SVG file. NOTE: Vendor states that as outlined in Ghost's security documentation, upload of SVGs is only possible by trusted authenticated users. The uploadin...
CVE-2022-27139
An arbitrary file upload vulnerability in the file upload module of Ghost v4.39.0 allows attackers to execute arbitrary code via a crafted SVG file. NOTE: Vendor states that as outlined in Ghost's security documentation, upload of SVGs is only possible by trusted authenticated users. The uploadin...
CVE-2020-36485
Portable Ltd Playable v9.18 was discovered to contain an arbitrary file upload vulnerability in the filename parameter of the upload module. This vulnerability allows attackers to execute arbitrary code via a crafted JPEG file...
CVE-2020-23043
Tran Tu Air Sender v1.0.2 was discovered to contain an arbitrary file upload vulnerability in the upload module. This vulnerability allows attackers to execute arbitrary code via a crafted file...
CVE-2020-36485
Portable Ltd Playable v9.18 was discovered to contain an arbitrary file upload vulnerability in the filename parameter of the upload module. This vulnerability allows attackers to execute arbitrary code via a crafted JPEG file...
Portable Ltd Playable 代码问题漏洞
Portable Ltd Playable is a Full HD media player for Pc from Portable Ltd, UK. A security vulnerability exists in Portable Playable v9.18, which stems from a lack of effective filtering and restriction in the filename parameter of the software's upload module. The vulnerability allows an attacker ...
HardDrive 2.1 Arbitrary File Upload
Document Title: =============== HardDrive v2.1 iOS - Arbitrary File Upload Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2221 Release Date: ============= 2020-04-29 Vulnerability Laboratory ID VL-ID: ====================================...
CVE-2013-6295
PrestaShop 1.5.5 vulnerable to privilege escalation via a Salesman account via upload module...
Privilege escalation
PrestaShop 1.5.5 vulnerable to privilege escalation via a Salesman account via upload module...
CVE-2013-6295
PrestaShop 1.5.5 vulnerable to privilege escalation via a Salesman account via upload module...
CVE-2013-6295
CVE-2013-6295 affects PrestaShop 1.5.5, enabling privilege escalation through a Salesman account via the upload module. The Red Hat advisory echoes the same description. The available documents do not provide additional technical details such as affected file paths, exact root cause, vulnerable c...
PT-2019-12953 · Hunesion · Hunesion I-Onenet
Name of the Vulnerable Software and Affected Versions: Hunesion i-oneNet versions 3.0.7 through 3.0.53 Hunesion i-oneNet versions 4.0.4 through 4.0.16 Description: The issue arises from the specific upload web module not verifying the file extension and type, allowing an attacker to upload a...
CVE-2016-10756
Kliqqi 3.0.0.5 allows CSRF with resultant Arbitrary File Upload because module.php?module=upload can be used to configure the uploading of .php files, and then modules/upload/uploadmain.php can be used for the upload itself...
Photos in Wifi application for iOS image and video upload module directory traversal vulnerability
Photos in Wifi application for iOS is a LAN photo sharing application based on iOS platform.Select a photo or a video to upload moudle is one of the photo and video uploading modules. A directory traversal vulnerability exists in the photo and video upload module in version 1.0.1 of the Photos in...
GeniXCMS Arbitrary PHP Code Execution Vulnerability
GeniXCMS is a free, open-source content management system that is built using the PHP language and uses MySQL for its database. An arbitrary PHP code execution vulnerability exists in the "Upload Module" page of GeniXCMS, which can be exploited by a remote authenticated user to execute arbitrary...
Request Forgery Vulnerability in OurPHP Server Side
OurPHP 傲派建站系统 is a website content management system developed using PHP language, the developer is Harbin Weicheng Technology Co. The upload file management module under the "Global/Interface" module in the administration background of OurPHP has a hidden remote file download function. Since the...
File Sharing Manager 1.0 Local File Inclusion / File Upload
Document Title: =============== File Sharing Manager v1.0 iOS - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1715 Release Date: ============= 2016-02-09 Vulnerability Laboratory ID VL-ID: ==================================...