58 matches found
CVE-2026-33687
Sharp is a content management framework built for Laravel as a package. Versions prior to 9.20.0 contain a vulnerability in the file upload endpoint that allows authenticated users to bypass all file type restrictions. The upload endpoint within the ApiFormUploadController accepts a...
CVE-2026-2977
A security vulnerability has been detected in FastApiAdmin up to 2.2.0. This affects the function uploadcontroller of the file /backend/app/api/v1/modulecommon/file/controller.py of the component Scheduled Task API. Such manipulation leads to unrestricted upload. It is possible to launch the atta...
CVE-2026-2978
A vulnerability was detected in FastApiAdmin up to 2.2.0. This vulnerability affects the function uploadfilecontroller of the file /backend/app/api/v1/modulesystem/params/controller.py of the component Scheduled Task API. Performing a manipulation results in unrestricted upload. The attack can be...
CVE-2026-2979 FastApiAdmin Scheduled Task API controller.py user_avatar_upload_controller unrestricted upload
A flaw has been found in FastApiAdmin up to 2.2.0. This issue affects the function useravataruploadcontroller of the file /backend/app/api/v1/modulesystem/user/controller.py of the component Scheduled Task API. Executing a manipulation can lead to unrestricted upload. The attack can be launched...
CVE-2026-2977
CVE-2026-2977 affects FastApiAdmin up to 2.2.0. The vulnerability exists in the upload_controller function in /backend/app/api/v1/module_common/file/controller.py of the Scheduled Task API, enabling unrestricted file upload. Exploitation is remote and has been publicly disclosed per multiple sour...
CVE-2026-2977
A security vulnerability has been detected in FastApiAdmin up to 2.2.0. This affects the function uploadcontroller of the file /backend/app/api/v1/modulecommon/file/controller.py of the component Scheduled Task API. Such manipulation leads to unrestricted upload. It is possible to launch the atta...
CVE-2026-2977 FastApiAdmin Scheduled Task API controller.py upload_controller unrestricted upload
A security vulnerability has been detected in FastApiAdmin up to 2.2.0. This affects the function uploadcontroller of the file /backend/app/api/v1/modulecommon/file/controller.py of the component Scheduled Task API. Such manipulation leads to unrestricted upload. It is possible to launch the atta...
FastAPI Admin 代码问题漏洞
FastAPI Admin is an open-source management dashboard based on FastAPI and TortoiseORM. Versions of FastAPI Admin 2.2.0 and earlier have code vulnerabilities. These vulnerabilities stem from improper handling of the uploadcontroller function in the...
PT-2026-21503
A security vulnerability has been detected in FastApiAdmin up to 2.2.0. This affects the function upload controller of the file /backend/app/api/v1/module common/file/controller.py of the component Scheduled Task API. Such manipulation leads to unrestricted upload. It is possible to launch the...
CVE-2025-15360
A vulnerability was determined in newbee-mall-plus 2.0.0. This impacts the function Upload of the file src/main/java/ltd/newbee/mall/controller/common/UploadController.java of the component Product Information Edit Page. This manipulation of the argument File causes unrestricted upload. The attac...
CVE-2025-15360
A vulnerability was determined in newbee-mall-plus 2.0.0. This impacts the function Upload of the file src/main/java/ltd/newbee/mall/controller/common/UploadController.java of the component Product Information Edit Page. This manipulation of the argument File causes unrestricted upload. The attac...
CVE-2025-15360
A vulnerability was determined in newbee-mall-plus 2.0.0. This impacts the function Upload of the file src/main/java/ltd/newbee/mall/controller/common/UploadController.java of the component Product Information Edit Page. This manipulation of the argument File causes unrestricted upload. The attac...
CVE-2025-15360
The CVE-2025-15360 vulnerability affects newbee-mall-plus 2.0.0, specifically the UploadController.java used for Product Information Edit Page. The issue arises from manipulation of the File argument in src/main/java/ltd/newbee/mall/controller/common/UploadController.java, enabling unrestricted f...
CVE-2025-15360 newbee-mall-plus Product Information Edit UploadController.java upload unrestricted upload
A vulnerability was determined in newbee-mall-plus 2.0.0. This impacts the function Upload of the file src/main/java/ltd/newbee/mall/controller/common/UploadController.java of the component Product Information Edit Page. This manipulation of the argument File causes unrestricted upload. The attac...
newbee-mall-plus 安全漏洞
newbee-mall-plus is an open source e-commerce system by newbee-ltd. A security vulnerability exists in version 2.0.0 of newbee-mall-plus, which stems from the incorrect manipulation of the parameter File in the file src/main/java/ltd/newbee/mall/controller/common/UploadController.java, which coul...
CVE-2025-60268
An arbitrary file upload vulnerability exists in JeeWMS 20250820, which is caused by the lack of file checking in the saveFiles function in /jeewms/cgUploadController.do. An attacker with normal privileges was able to upload a malicious file that would lead to remote code execution...
EUVD-2025-33761
An arbitrary file upload vulnerability exists in JeeWMS 20250820, which is caused by the lack of file checking in the saveFiles function in /jeewms/cgUploadController.do. An attacker with normal privileges was able to upload a malicious file that would lead to remote code execution...
CVE-2025-11320
A security vulnerability has been detected in zhuimengshaonian wisdom-education up to 1.0.4. Impacted is the function uploadFile of the file src/main/java/com/education/core/controller/UploadController.java. Such manipulation of the argument File leads to unrestricted upload. It is possible to...
CVE-2025-11320
A security vulnerability has been detected in zhuimengshaonian wisdom-education up to 1.0.4. Impacted is the function uploadFile of the file src/main/java/com/education/core/controller/UploadController.java. Such manipulation of the argument File leads to unrestricted upload. It is possible to...
EUVD-2025-32485
A security vulnerability has been detected in zhuimengshaonian wisdom-education up to 1.0.4. Impacted is the function uploadFile of the file src/main/java/com/education/core/controller/UploadController.java. Such manipulation of the argument File leads to unrestricted upload. It is possible to...