Lucene search
K

143 matches found

Prion
Prion
added 2022/04/12 5:15 p.m.14 views

Design/Logic Flaw

An arbitrary file upload vulnerability in the file upload module of Strapi v4.1.5 allows attackers to execute arbitrary code via a crafted file...

7.5CVSS9.5AI score0.03018EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2022/04/12 5:15 p.m.24 views

Design/Logic Flaw

An arbitrary file upload vulnerability in the file upload module of express-fileupload 1.3.1 allows attackers to execute arbitrary code via a crafted PHP file. NOTE: the vendor's position is that the observed behavior can only occur with "intentional misusing of the API": the express-fileupload...

7.5CVSS9.6AI score0.02629EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2022/04/12 4:29 p.m.26 views

CVE-2022-27952

An arbitrary file upload vulnerability in the file upload module of PayloadCMS v0.15.0 allows attackers to execute arbitrary code via a crafted SVG file...

9.8AI score0.02164EPSS
Exploits1References2
Cvelist
Cvelist
added 2022/04/12 4:28 p.m.23 views

CVE-2022-27139

An arbitrary file upload vulnerability in the file upload module of Ghost v4.39.0 allows attackers to execute arbitrary code via a crafted SVG file. NOTE: Vendor states that as outlined in Ghost's security documentation, upload of SVGs is only possible by trusted authenticated users. The uploadin...

9.9AI score0.0379EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2022/04/12 4:28 p.m.16 views

CVE-2022-27139

An arbitrary file upload vulnerability in the file upload module of Ghost v4.39.0 allows attackers to execute arbitrary code via a crafted SVG file. NOTE: Vendor states that as outlined in Ghost's security documentation, upload of SVGs is only possible by trusted authenticated users. The uploadin...

8.2AI score0.0379EPSS
Exploits1References2
OSV
OSV
added 2021/10/22 8:15 p.m.5 views

CVE-2020-36485

Portable Ltd Playable v9.18 was discovered to contain an arbitrary file upload vulnerability in the filename parameter of the upload module. This vulnerability allows attackers to execute arbitrary code via a crafted JPEG file...

7.8CVSS6.1AI score0.00453EPSS
Exploits1References1
OSV
OSV
added 2021/10/22 8:15 p.m.0 views

CVE-2020-23043

Tran Tu Air Sender v1.0.2 was discovered to contain an arbitrary file upload vulnerability in the upload module. This vulnerability allows attackers to execute arbitrary code via a crafted file...

8.8CVSS7.6AI score0.01654EPSS
Exploits1References1
Cvelist
Cvelist
added 2021/10/22 7:20 p.m.14 views

CVE-2020-36485

Portable Ltd Playable v9.18 was discovered to contain an arbitrary file upload vulnerability in the filename parameter of the upload module. This vulnerability allows attackers to execute arbitrary code via a crafted JPEG file...

7.9AI score0.00453EPSS
Exploits1References1
CNNVD
CNNVD
added 2021/10/22 12:0 a.m.3 views

Portable Ltd Playable 代码问题漏洞

Portable Ltd Playable is a Full HD media player for Pc from Portable Ltd, UK. A security vulnerability exists in Portable Playable v9.18, which stems from a lack of effective filtering and restriction in the filename parameter of the software's upload module. The vulnerability allows an attacker ...

7.8CVSS7.9AI score0.00453EPSS
Exploits1References2
Packet Storm
Packet Storm
added 2020/04/30 12:0 a.m.107 views

HardDrive 2.1 Arbitrary File Upload

Document Title: =============== HardDrive v2.1 iOS - Arbitrary File Upload Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2221 Release Date: ============= 2020-04-29 Vulnerability Laboratory ID VL-ID: ====================================...

0.4AI score
Exploits0
NVD
NVD
added 2020/02/18 5:15 p.m.23 views

CVE-2013-6295

PrestaShop 1.5.5 vulnerable to privilege escalation via a Salesman account via upload module...

9.8CVSS9.6AI score0.02287EPSS
Exploits1References2
Prion
Prion
added 2020/02/18 5:15 p.m.13 views

Privilege escalation

PrestaShop 1.5.5 vulnerable to privilege escalation via a Salesman account via upload module...

7.5CVSS7.4AI score0.02287EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2020/02/18 4:15 p.m.40 views

CVE-2013-6295

PrestaShop 1.5.5 vulnerable to privilege escalation via a Salesman account via upload module...

9.7AI score0.02287EPSS
Exploits1References2
CVE
CVE
added 2020/02/18 4:15 p.m.51 views

CVE-2013-6295

CVE-2013-6295 affects PrestaShop 1.5.5, enabling privilege escalation through a Salesman account via the upload module. The Red Hat advisory echoes the same description. The available documents do not provide additional technical details such as affected file paths, exact root cause, vulnerable c...

9.8CVSS9.4AI score0.02287EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2019/07/10 12:0 a.m.3 views

PT-2019-12953 · Hunesion · Hunesion I-Onenet

Name of the Vulnerable Software and Affected Versions: Hunesion i-oneNet versions 3.0.7 through 3.0.53 Hunesion i-oneNet versions 4.0.4 through 4.0.16 Description: The issue arises from the specific upload web module not verifying the file extension and type, allowing an attacker to upload a...

10CVSS9AI score0.01858EPSS
Exploits0References2
OSV
OSV
added 2019/05/24 6:29 p.m.3 views

CVE-2016-10756

Kliqqi 3.0.0.5 allows CSRF with resultant Arbitrary File Upload because module.php?module=upload can be used to configure the uploading of .php files, and then modules/upload/uploadmain.php can be used for the upload itself...

8.8CVSS5.8AI score0.00669EPSS
Exploits1References2
CNVD
CNVD
added 2018/01/11 12:0 a.m.3 views

Photos in Wifi application for iOS image and video upload module directory traversal vulnerability

Photos in Wifi application for iOS is a LAN photo sharing application based on iOS platform.Select a photo or a video to upload moudle is one of the photo and video uploading modules. A directory traversal vulnerability exists in the photo and video upload module in version 1.0.1 of the Photos in...

7.5CVSS7.1AI score0.01681EPSS
Exploits3References1
CNVD
CNVD
added 2017/09/27 12:0 a.m.2 views

GeniXCMS Arbitrary PHP Code Execution Vulnerability

GeniXCMS is a free, open-source content management system that is built using the PHP language and uses MySQL for its database. An arbitrary PHP code execution vulnerability exists in the "Upload Module" page of GeniXCMS, which can be exploited by a remote authenticated user to execute arbitrary...

8.8CVSS8.9AI score0.01537EPSS
Exploits1References1
CNVD
CNVD
added 2016/05/17 12:0 a.m.1 views

Request Forgery Vulnerability in OurPHP Server Side

OurPHP 傲派建站系统 is a website content management system developed using PHP language, the developer is Harbin Weicheng Technology Co. The upload file management module under the "Global/Interface" module in the administration background of OurPHP has a hidden remote file download function. Since the...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2016/02/11 12:0 a.m.42 views

File Sharing Manager 1.0 Local File Inclusion / File Upload

Document Title: =============== File Sharing Manager v1.0 iOS - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1715 Release Date: ============= 2016-02-09 Vulnerability Laboratory ID VL-ID: ==================================...

0.2AI score
Exploits0
Rows per page
Query Builder