171 matches found
CVE-2025-32952
Jmix is a set of libraries and tools to speed up Spring Boot data-centric application development. In versions 1.0.0 to 1.6.1 and 2.0.0 to 2.3.4, the local file storage implementation does not restrict the size of uploaded files. An attacker could exploit this by uploading excessively large files...
PT-2025-17578 · Tcpwave · Tcpwave Ddi
Name of the Vulnerable Software and Affected Versions: TCPWave DDI version 11.34P1C2 Description: The issue allows for Remote Code Execution via Unrestricted File Upload combined with Path Traversal. Recommendations: For TCPWave DDI version 11.34P1C2, consider restricting access to file upload...
PT-2025-17049 · Unknown · Theme File Duplicator
Name of the Vulnerable Software and Affected Versions: Theme File Duplicator versions 1.3 and earlier Description: The issue allows for the unrestricted upload of files with dangerous types, enabling the use of malicious files. Recommendations: For Theme File Duplicator versions 1.3 and earlier,...
PT-2025-17158 · Unknown · Solace Extra
Name of the Vulnerable Software and Affected Versions: Solace Extra versions 1.3.1 and earlier Description: The issue allows for the unrestricted upload of files with dangerous types, enabling the use of malicious files. Recommendations: For versions 1.3.1 and earlier, consider restricting file...
PT-2025-15941 · Unknown · Labcat Processing Projects
Name of the Vulnerable Software and Affected Versions: LABCAT Processing Projects versions 1.0.0 through 1.0.2 Description: The issue allows an attacker to upload a web shell to a web server, potentially leading to unauthorized access and control. This is due to an unrestricted upload of files wi...
PT-2025-15794 · Unknown · Agence Web Eoxia - Montpellier Wp Shop
Name of the Vulnerable Software and Affected Versions: Agence web Eoxia - Montpellier WP shop versions n/a through 2.6.0 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows an attacker to upload a web shell to a web server. This can be achieved through exploiting...
CKAN has an XSS vector in user uploaded images in group/org and user profiles
Impact Using a specially crafted file, a user could potentially upload a file containing code that when executed could send arbitrary requests to the server. If that file was opened by an administrator, it could lead to escalation of privileges of the original submitter or other malicious actions...
PT-2024-33473 · Myriad Solutionz · Myriad Solutionz Property Lot Management System
Name of the Vulnerable Software and Affected Versions: Myriad Solutionz Property Lot Management System versions n/a through 4.2.38 Description: The issue allows hackers to upload malicious files, exploiting an Unrestricted File Upload vulnerability. This enables the upload of a web shell to a web...
PT-2024-32953 · WordPress · Acf Images Search/Insert
Name of the Vulnerable Software and Affected Versions: ACF Images Search And Insert versions 1.1.4 and earlier Description: The issue affects the ACF Images Search And Insert plugin, allowing unrestricted upload of files with dangerous types, such as a web shell, to a web server. This could...
PT-2024-39220 · Unknown · Bit File Manager
Name of the Vulnerable Software and Affected Versions: The Bit File Manager versions up to, and including, 6.5.7 Description: The issue is due to a lack of proper checks on allowed file types, making it possible for authenticated attackers with Subscriber-level access and above, and granted...
PT-2024-31857 · October · October
Name of the Vulnerable Software and Affected Versions: October versions 3.6.30 Description: The issue allows an authenticated admin account to upload a PDF file containing malicious JavaScript into the target system. If the file is accessed through the website, it could lead to a Cross-Site...
PT-2024-31856 · Zenario · Zenario
Name of the Vulnerable Software and Affected Versions: Zenario version 9.7.61188 Description: The issue allows authenticated admin users to upload PDF files containing malicious code into the target system. If the PDF file is accessed through the website, it can trigger a Cross Site Scripting XSS...
CVE-2024-8463
File upload restriction bypass vulnerability in PHPGurukul Job Portal 1.0, the exploitation of which could allow an authenticated user to execute an RCE via webshell...
PT-2024-30245 · Mcms · Mcms
Name of the Vulnerable Software and Affected Versions: MCMS version 5.4.1 Description: The issue is related to a front-end file upload vulnerability in MCMS, which can lead to remote command execution. This allows an attacker to execute commands remotely. Recommendations: For MCMS version 5.4.1,...
PT-2024-30200 · Testlink · Testlink
Name of the Vulnerable Software and Affected Versions: TestLink versions prior to 1.9.20 Description: The issue allows for Cross Site Scripting XSS via the pop-up on upload file. When uploading a file, the XSS payload can be entered into the file name. Recommendations: For versions prior to 1.9.2...
Remote Code Execution (RCE)
Apache StreamPipes is vulnerable to Remote Code Execution RCE. The vulnerability is due to the lack of restrictions on the types of files that authenticated and authorized users can upload, which allows an attacker to execute malicious code on the server...
PT-2024-25906 · Unknown · Cmsimple Xh
Name of the Vulnerable Software and Affected Versions: CMSimple XH version 1.7.6 Description: The issue allows for cross-site scripting XSS by uploading a crafted SVG document. Recommendations: For CMSimple XH version 1.7.6, as a temporary workaround, consider restricting the upload of SVG...
PT-2024-26307 · Inxedu · Inxedu
Name of the Vulnerable Software and Affected Versions: inxedu version 2024.4 Description: The issue allows attackers to execute arbitrary code by uploading a crafted .jsp file through the uploadAudio method. Recommendations: For inxedu version 2024.4, consider disabling the uploadAudio method unt...
PT-2024-12130 · Onthegosystems · Onthegosystems Types
Name of the Vulnerable Software and Affected Versions: OnTheGoSystems Types versions 3.4.17 and earlier Description: The issue is related to an Unrestricted Upload of File with Dangerous Type, which affects OnTheGoSystems Types. Recommendations: For versions 3.4.17 and earlier, update to a versio...
PT-2024-19544 · Unknown · Oscommerce
Name of the Vulnerable Software and Affected Versions: osCommerce version 4 Description: An issue allows local attackers to bypass file upload restrictions and execute arbitrary code via the administrator profile photo upload feature. Recommendations: For osCommerce version 4, as a temporary...