CVE-2022-30508

CVE-2022-30508 affects DedeCMS v5.7.93, with an arbitrary file deletion vulnerability in upload.php exploitable via the delete parameter. The Red Hat/NVD/PRION/CVE records all reiterate the same description; exploitation details and a confirmed fix are not provided in the connected documents. PT-...

CVE-2022-30508

DedeCMS v5.7.93 was discovered to contain arbitrary file deletion vulnerability in upload.php via the delete parameter...

SunHater KCFinder cross-site scripting (XSS) vulnerability in upload.php

A cross-site scripting XSS vulnerability in upload.php in SunHater KCFinder 3.20-test1, 3.20-test2, 3.12, and earlier allows remote attackers to inject arbitrary web script or HTML via the CKEditorFuncNum parameter...

GHSA-VWH5-78JC-HPJX SunHater KCFinder cross-site scripting (XSS) vulnerability in upload.php

A cross-site scripting XSS vulnerability in upload.php in SunHater KCFinder 3.20-test1, 3.20-test2, 3.12, and earlier allows remote attackers to inject arbitrary web script or HTML via the CKEditorFuncNum parameter...

Safe SVG < 1.9.10 - SVG Sanitisation Bypass

The sanitisation step of the plugin can be bypassed by spoofing the content-type in the POST request to upload a file. Exploiting this vulnerability, an attacker will be able to perform the kinds of attacks that this plugin should prevent mainly XSS, but depending on further use of uploaded SVG...

CVE-2021-35414

Chamilo LMS v1.11.x was discovered to contain a SQL injection via the doc parameter in main/plagiarism/compilatio/upload.php...

Sql injection

Chamilo LMS v1.11.x was discovered to contain a SQL injection via the doc parameter in main/plagiarism/compilatio/upload.php...

CVE-2020-23572

CVE-2020-23572 concerns BEESCMS v4.0, where an arbitrary file upload vulnerability in the /admin/upload.php component enables attackers to execute arbitrary code via a crafted image file. Multiple sources (NVD, Red Hat, CNVD, CVE listings) confirm the issue and its impact; CVSSv3.1 base score is ...

CVE-2021-26794

Privilege escalation in 'upload.php' in FrogCMS SentCMS v0.9.5 allows attacker to execute arbitrary code via crafted php file...

CVE-2021-26794

Privilege escalation in 'upload.php' in FrogCMS SentCMS v0.9.5 allows attacker to execute arbitrary code via crafted php file...

CVE-2021-26794

Privilege escalation in 'upload.php' in FrogCMS SentCMS v0.9.5 allows attacker to execute arbitrary code via crafted php file...

CVE-2021-26794

CVE-2021-26794 affects FrogCMS SentCMS v0.9.5, allowing remote code execution via a crafted PHP file uploaded through upload.php. Multiple connected sources (RH Red Hat, CVE lists, CP advisories, CNVD/CNNVD equivalents, and CVE records) describe it as a privilege escalation leading to arbitrary c...

CVE-2020-21356

An information disclosure vulnerability in upload.php of PopojiCMS 1.2 leads to physical path disclosure of the host when 'name = "file" is deleted during file uploads...

Information disclosure

An information disclosure vulnerability in upload.php of PopojiCMS 1.2 leads to physical path disclosure of the host when 'name = "file" is deleted during file uploads...

CVE-2020-21356

An information disclosure vulnerability in upload.php of PopojiCMS 1.2 leads to physical path disclosure of the host when 'name = "file" is deleted during file uploads...

CVE-2021-20104

Machform prior to version 16 is vulnerable to unauthenticated remote code execution due to insufficient sanitization of file attachments uploaded with forms through upload.php...

GetSimple CMS Remote Code Execution Vulnerability (CNVD-2021-45301)

GetSimple CMS is an XML-based, completely self-contained, streamlined content management system. A remote code execution vulnerability exists in admin/upload.php in GetSimple CMS versions prior to 3.3.16. An attacker can exploit this vulnerability to achieve remote code execution via phar files...

GetSimple CMS Cross-Site Scripting Vulnerability (CNVD-2021-45142)

GetSimple CMS is an XML-based, completely self-contained, streamlined content management system. A cross-site scripting vulnerability exists in admin/upload.php in GetSimple CMS version 3.3.16. The vulnerability can be exploited to conduct cross-site scripting attacks by adding comments to the...

CVE-2021-28976

Remote Code Execution vulnerability in GetSimpleCMS before 3.3.16 in admin/upload.php via phar filess...

CVE-2021-28977

Cross Site Scripting vulnerability in GetSimpleCMS 3.3.16 in admin/upload.php by adding comments or jpg and other file header information to the content of xla, pages, and gzip files,...