VvvebJs <= 2.0.5 - Cross-Site Scripting

Givanz Vvvebjs = 2.0.5 contains a stored XSS caused by manipulation of the "uploadAllowExtensions" argument in upload.php File Upload Endpoint, letting remote attackers execute scripts, exploit requires crafted input. id: CVE-2026-5615 info: name: VvvebJs = 2.0.5 - Cross-Site Scripting author:...

CVE-2018-25335

WordPress Plugin Peugeot Music 1.0 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by sending POST requests to the upload.php endpoint. Attackers can upload files with arbitrary extensions by manipulating the 'name' parameter to...

CVE-2018-25335 WordPress Plugin Peugeot Music 1.0 Arbitrary File Upload

WordPress Plugin Peugeot Music 1.0 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by sending POST requests to the upload.php endpoint. Attackers can upload files with arbitrary extensions by manipulating the 'name' parameter to...

PT-2026-41561

WordPress Plugin Peugeot Music 1.0 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by sending POST requests to the upload.php endpoint. Attackers can upload files with arbitrary extensions by manipulating the 'name' parameter to...

CVE-2026-5624

CVE-2026-5624 affects ProjectSend r2002; vulnerable component is unknown code in file upload.php, where a manipulation enables cross-site request forgery. Attacks can be initiated remotely and the exploit has been publicly released. Remediation is upgrading to version r2029; the patch is identifi...

PT-2026-30681

A vulnerability was found in Cyber-III Student-Management-System up to 1a938fa61e9f735078e9b291d2e6215b4942af3f. This issue affects the function move uploaded file of the file /AssignmentSection/submission/upload.php. Performing a manipulation of the argument File results in unrestricted upload...

VvvebJs 代码注入漏洞

VvvebJs is a drag-and-drop website generator developed by Givan’s individual developer. VvvebJs versions 2.0.5 and earlier had a code injection vulnerability, which stemmed from improper handling of the uploadAllowExtensions parameter in the upload.php file. This vulnerability could lead to...

EUVD-2019-19760

ARMBot contains an unrestricted file upload vulnerability in upload.php that allows unauthenticated attackers to upload arbitrary files by manipulating the file parameter with path traversal sequences. Attackers can upload PHP files with traversal payloads ../publichtml/ to write executable code ...

CVE-2019-25480

ARMBot contains an unrestricted file upload vulnerability in upload.php that allows unauthenticated attackers to upload arbitrary files by manipulating the file parameter with path traversal sequences. Attackers can upload PHP files with traversal payloads ../publichtml/ to write executable code ...

ARMBot 安全漏洞

ARMBot is a software developed by ARMBot Inc. ARMBot has a security vulnerability, which stems from the unlimited file upload capability in the upload.php script. This vulnerability could allow unverified attackers to upload arbitrary files and execute remote code...

CVE-2026-3070

A vulnerability was detected in SourceCodester Modern Image Gallery App 1.0. Affected by this vulnerability is an unknown functionality of the file upload.php. The manipulation of the argument filename results in cross site scripting. The attack may be launched remotely. The exploit is now public...

CVE-2026-3070

CVE-2026-3070 affects SourceCodester Modern Image Gallery App 1.0. The vulnerability is located in an unknown functionality of the file upload.php where manipulation of the filename argument leads to cross-site scripting (XSS) . The attack can be launched remotely and, per the description, the ex...

FLIR Systems AX8 Cameras Improper Access Control (CVE-2025-6266)

A vulnerability was detected in Teledyne FLIR AX8 up to 1.46. Affected by this vulnerability is an unknown functionality of the file /upload.php. Performing manipulation of the argument File results in unrestricted upload. It is possible to initiate the attack remotely. The exploit is now public...

CVE-2025-70457

Sourcecodester Modern Image Gallery App v1.0 is affected by an RCE in gallery/upload.php due to improper validation of uploaded files and retention of user-specified extensions, allowing an unauthenticated attacker to upload PHP code by masquerading the MIME type as an image, potentially fully co...

PT-2026-4533

Name of the Vulnerable Software and Affected Versions Sourcecodester Modern Image Gallery App version 1.0 Description A Remote Code Execution RCE issue exists in the gallery/upload.php component of the application. The application does not properly validate uploaded file contents and preserves...

CVE-2025-69992

phpgurukul News Portal Project V4.1 has File Upload Vulnerability via upload.php, which enables the upload of files of any format to the server without identity authentication...

CVE-2025-69992

phpgurukul News Portal Project V4.1 has File Upload Vulnerability via upload.php, which enables the upload of files of any format to the server without identity authentication...

CVE-2018-6846

Z-BlogPHP 1.5.1 allows remote attackers to discover the full path via a direct request to zbsystem/function/lib/upload.php...

CVE-2024-2406

A vulnerability, which was classified as critical, was found in Gacjie Server up to 1.0. This affects the function index of the file /app/admin/controller/Upload.php. The manipulation of the argument file leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit ha...

CVE-2025-15109

A flaw has been found in jackq XCMS up to 3fab5342cc509945a7ce1b8ec39d19f701b89261. This impacts an unknown function of the file Public/javascripts/admin/plupload-2.1.2/examples/upload.php. This manipulation causes unrestricted upload. It is possible to initiate the attack remotely. The exploit h...