CVE-2024-29399

An issue was discovered in GNU Savane v.3.13 and before, allows a remote attacker to execute arbitrary code and escalate privileges via a crafted file to the upload.php component...

CVE-2024-52677

HkCms = v2.3.2.240702 is vulnerable to file upload in the getFileName method in /app/common/library/Upload.php...

CVE-2023-1970

UNSUPPORTED WHEN ASSIGNED A vulnerability, which was classified as problematic, has been found in yuan1994 tpAdmin 1.3.12. This issue affects the function Upload of the file application\admin\controller\Upload.php. The manipulation of the argument file leads to unrestricted upload. The attack may...

CVE-2022-30508

DedeCMS v5.7.93 was discovered to contain arbitrary file deletion vulnerability in upload.php via the delete parameter...

CVE-2021-20103

Machform prior to version 16 is vulnerable to stored cross-site scripting due to insufficient sanitization of file attachments uploaded with forms through upload.php...

CVE-2021-20104

Machform prior to version 16 is vulnerable to unauthenticated remote code execution due to insufficient sanitization of file attachments uploaded with forms through upload.php...

CVE-2021-26794

Privilege escalation in 'upload.php' in FrogCMS SentCMS v0.9.5 allows attacker to execute arbitrary code via crafted php file...

CVE-2020-21356

An information disclosure vulnerability in upload.php of PopojiCMS 1.2 leads to physical path disclosure of the host when 'name = "file" is deleted during file uploads...

CVE-2017-14346

upload.php in tianchoy/blog through 2017-09-12 allows unrestricted file upload and PHP code execution by using the image/jpeg, image/pjpeg, image/png, or image/gif content type for a .php file...

SOPlanning 安全漏洞

SOPlanning is a suite of online project management software from SOPlanning, Inc. A security vulnerability exists in SOPlanning version 1.53.00, which originates from /process/upload.php directory traversal and could result in the deletion of arbitrary files...

PT-2025-7628 · Wegia · Wegia

Name of the Vulnerable Software and Affected Versions: WeGIA versions prior to 3.2.14 Description: A SQL Injection vulnerability was discovered in the WeGIA application, specifically in the "personalizacao upload.php" endpoint. This vulnerability allows an authorized attacker to execute arbitrary...

CVE-2024-54136

ClipBucket V5 provides open source video hosting with PHP. ClipBucket-v5 Version 5.5.1 Revision 199 and below is vulnerable to PHP Deserialization vulnerability. The vulnerability exists in upload/upload.php where the user supplied input via collection get parameter is directly provided to...

CVE-2024-54136

ClipBucket V5 provides open source video hosting with PHP. ClipBucket-v5 Version 5.5.1 Revision 199 and below is vulnerable to PHP Deserialization vulnerability. The vulnerability exists in upload/upload.php where the user supplied input via collection get parameter is directly provided to...

CVE-2024-54136

Summary: ClipBucket-v5 (versions up to 5.5.1 Revision 199) is affected by a PHP deserialization vulnerability in upload/upload.php where user input via the collection parameter is passed to unserialize, enabling crafted PHP serialized objects and gadget chains. Impact (as stated): allows arbitrar...

HkCms 代码问题漏洞

HkCms is a free open-source content management system of Guangzhou Hengqi Education Technology Co. Ltd. HkCms file upload vulnerability, the vulnerability stems from a file upload vulnerability in the getFileName method in /app/common/library/Upload.php. The vulnerability can be exploited by an...

CVE-2024-9975 SourceCodester Drag and Drop Image Upload upload.php unrestricted upload

A vulnerability was found in SourceCodester Drag and Drop Image Upload 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /upload.php. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclos...

CVE-2024-9975 SourceCodester Drag and Drop Image Upload upload.php unrestricted upload

A vulnerability was found in SourceCodester Drag and Drop Image Upload 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /upload.php. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclos...

YPay 安全漏洞

YPay is an aggregated signature-free payment system for individual webmasters by kacins personal developer. A security vulnerability exists in YPay version 1.2.0, which stems from an arbitrary file upload vulnerability that allows an attacker to execute arbitrary code via a ZIP archive in...

PT-2024-31989 · Ypay · Ypay

Name of the Vulnerable Software and Affected Versions: YPay version 1.2.0 Description: An arbitrary file upload vulnerability allows attackers to execute arbitrary code via a ZIP archive to themePutFile in app/common/util/Upload.php, which is called from app/admin/controller/ypay/Home.php. The fi...

PT-2024-38360 · Unknown · Itsourcecode Placement Management System

Name of the Vulnerable Software and Affected Versions: itsourcecode Placement Management System version 1.0 Description: A critical issue has been found in the itsourcecode Placement Management System, affecting an unknown functionality of the file /resume upload.php of the component Image Handle...