60 matches found
EUVD-2007-0086
Malware in sbrugna...
EUVD-2022-44727
Malicious code in bioql PyPI...
EUVD-2022-29047
Malicious code in bioql PyPI...
CVE-2012-10062 XAMPP WebDAV PHP Upload Authentication Bypass RCE
A vulnerability in XAMPP, developed by Apache Friends, version 1.7.3's default WebDAV configuration allows remote authenticated attackers to upload and execute arbitrary PHP code. The WebDAV service, accessible via /webdav/, accepts HTTP PUT requests using default credentials. This permits...
SUSE CVE-2025-49113
Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the from parameter in a URL is not validated in program/actions/settings/upload.php, leading to PHP Object Deserialization...
CVE-2023-1971
UNSUPPORTED WHEN ASSIGNED A vulnerability, which was classified as critical, was found in yuan1994 tpAdmin 1.3.12. Affected is the function remote of the file application\admin\controller\Upload.php. The manipulation of the argument url leads to server-side request forgery. It is possible to laun...
CVE-2022-43083
An arbitrary file upload vulnerability in admin-add-vehicle.php of Vehicle Booking System v1.0 allows attackers to execute arbitrary code via a crafted PHP file...
CVE-2020-21516
There is an arbitrary file upload vulnerability in FeehiCMS 2.0.8 at the head image upload, that allows attackers to execute relevant PHP code...
CVE-2019-17188
An unrestricted file upload vulnerability was discovered in catalog/productinfo/imageupload in Fecshop FecMall 2.3.4. An attacker can bypass a front-end restriction and upload PHP code to the webserver, by providing image data and the image/jpeg content type, with a .php extension. This occurs...
CVE-2025-27411 REDAXO allows Arbitrary File Upload in the mediapool page
REDAXO is a PHP-based CMS. In Redaxo before 5.18.3, the mediapool/media page is vulnerable to arbitrary file upload. This vulnerability is fixed in 5.18.3...
CVE-2024-7863 Favicon Generator < 2.1 - Arbitrary File Upload via CSRF
The Favicon Generator CLOSED WordPress plugin before 2.1 does not validate files to be uploaded and does not have CSRF checks, which could allow attackers to make logged in admin upload arbitrary files such as PHP on the server...
CVE-2024-35324
Douchat 4.0.5 suffers from an arbitrary file upload vulnerability via Public/Plugins/webuploader/server/preview.php...
SEMCMS 安全漏洞
SEMCMS is a content management system CMS for foreign trade websites that supports multiple languages. A security vulnerability exists in SEMCMS v.4.8, which originated from allowing remote attackers to execute arbitrary code, elevate privileges, and obtain sensitive information via the upload.ph...
CVE-2024-0933
A vulnerability was found in Niushop B2B2C V5 and classified as critical. Affected by this issue is some unknown functionality of the file \app\model\Upload.php. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and ma...
PT-2024-15001 · Unknown · Class.Upload.Php
Name of the Vulnerable Software and Affected Versions: class.upload.php affected versions not specified Description: The issue is related to a stored XSS vulnerability in the default configuration of class.upload.php, a PHP library for managing image uploads. This vulnerability occurs because the...
CVE-2023-5966 Unrestricted Upload of File with Dangerous Type in EspoCRM
An authenticated privileged attacker could upload a specially crafted zip to the EspoCRM server in version 7.2.5, via the extension deployment form, which could lead to arbitrary PHP code execution...
CVE-2023-45856
qdPM 9.2 allows remote code execution by using the Add Attachments feature of Edit Project to upload a .php file to the /uploads URI...
YITH WooCommerce Gift Cards < 3.20.0 - Unauthenticated Arbitrary File Upload
The plugin does not validate files to be uploaded, allowing unauthenticated attackers to upload arbitrary files, such as PHP...
CVE-2022-1540
The PostmagThemes Demo Import WordPress plugin through 1.0.7 does not validate the imported file, allowing high-privilege users such as admin to upload arbitrary files such as PHP leading to RCE...
CVE-2022-44354
SolarView Compact 4.0 and 5.0 is vulnerable to Unrestricted File Upload via a crafted php file...