209 matches found
Exploit for Unrestricted Upload of File with Dangerous Type in Efrotech Timetrax
CVE-2025-46157 CVE-2025-46157 – Timetrax V1 2025 Remote Co...
CVE-2025-4954
The CVE-2025-4954 entry concerns the WordPress plugin Axle Demo Importer (up to version 1.0.3). The vulnerability arises because the plugin does not validate uploaded files, allowing authenticated users (author level and above) to upload arbitrary files such as PHP to the server. This is stated d...
CVE-2024-47823
Livewire is a full-stack framework for Laravel that allows for dynamic UI components without leaving PHP. In livewire/livewire prior to 2.12.7 and v3.5.2, the file extension of an uploaded file is guessed based on the MIME type. As a result, the actual file extension from the file name is not...
CVE-2023-32686
Kiwi TCMS is an open source test management system for both manual and automated testing. Kiwi TCMS allows users to upload attachments to test plans, test cases, etc. Earlier versions of Kiwi TCMS had introduced upload validators in order to prevent potentially dangerous files from being uploaded...
WordPress plugin CSV Mass Importer 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
CVE-2024-8699
The Z-Downloads WordPress plugin before 1.11.5 does not properly validate files uploaded, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to for example in multisite setup...
CVE-2025-29017
A Remote Code Execution RCE vulnerability exists in Code Astro Internet Banking System 2.0.0 due to improper file upload validation in the profilepic parameter within pagesviewclient.php...
CVE-2025-29017
A Remote Code Execution RCE vulnerability exists in Code Astro Internet Banking System 2.0.0 due to improper file upload validation in the profilepic parameter within pagesviewclient.php...
CVE-2025-29017
A Remote Code Execution RCE vulnerability exists in Code Astro Internet Banking System 2.0.0 due to improper file upload validation in the profilepic parameter within pagesviewclient.php...
CVE-2025-29017
Code Astro Internet Banking System 2.0.0 is reported vulnerable via the profile_pic parameter in pages_view_client.php due to improper file upload validation, allowing an attacker to upload a malicious PHP file and achieve Remote Code Execution (RCE). The linked exploit/documentation describes by...
CVE-2025-29017
A Remote Code Execution RCE vulnerability exists in Code Astro Internet Banking System 2.0.0 due to improper file upload validation in the profilepic parameter within pagesviewclient.php...
PT-2025-15988 · Unknown · Codeastro Internet Banking System
Name of the Vulnerable Software and Affected Versions: Code Astro Internet Banking System version 2.0.0 Description: A Remote Code Execution RCE vulnerability exists due to improper file upload validation in the profile pic parameter within pages view client.php. Recommendations: Code Astro...
CVE-2025-29017
A Remote Code Execution RCE vulnerability exists in Code Astro Internet Banking System 2.0.0 due to improper file upload validation in the profilepic parameter within pagesviewclient.php...
WordPress plugin Inline Image Upload for BBPress 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability exists in...
IBM Security ReaQta Code Issue Vulnerability
IBM Security ReaQta is an AI autonomous detection and response platform from International Business Machines IBM. IBM Security ReaQta version 3.12 suffers from a code issue vulnerability that stems from the application's lack of effective validation of uploaded files. An attacker can exploit the...
Pytorch-Lightning Code Issue Vulnerability
Pytorch-Lightning is an open source lightweight PyTorch wrapper from Lightning AI open source in the US. Used for high performance Ai research. Pytorch-Lightning suffers from a code issue vulnerability that stems from the application's lack of effective validation of uploaded files. An attacker c...
CVE-2025-0526
In affected versions of Octopus Deploy it was possible to upload files to unexpected locations on the host using an API endpoint. The field lacked validation which could potentially result in ways to circumvent expected workflows...
PT-2025-4135 · Cockpit Hq · Cockpit
Name of the Vulnerable Software and Affected Versions: cockpit-hq/cockpit versions prior to 2.4.1 Description: The issue allows for Arbitrary File Upload, where an attacker can bypass the upload filter by using different extensions. Recommendations: For cockpit-hq/cockpit versions prior to 2.4.1,...
Code-Projects Online Car Rental System 安全漏洞
Code-Projects Online Car Rental System is an open source car rental system from Code-Projects. A security vulnerability exists in Code-Projects Online Car Rental System version 1.0, which stems from a file upload feature that does not validate file extensions or MIME types, allowing an attacker t...
CVE-2024-9422
The GEO my WP WordPress plugin before 4.5, gmw-premium-settings WordPress plugin before 3.1 does not sufficiently validate files to be uploaded, which could allow attackers to upload arbitrary files such as PHP on the server...