CVE-2019-16640

An issue was found in upload.php on the Ruijie EG-2000 series gateway. A parameter passed to the class UploadFile is mishandled %00 and /var/./html are not checked, which can allow an attacker to upload any file to the gateway. This affects EG-2000SE EGRGOS 11.9 B11P1...

CVE-2019-16640

An issue was found in upload.php on the Ruijie EG-2000 series gateway. A parameter passed to the class UploadFile is mishandled %00 and /var/./html are not checked, which can allow an attacker to upload any file to the gateway. This affects EG-2000SE EGRGOS 11.9 B11P1...

CVE-2019-16640

An issue was found in upload.php on the Ruijie EG-2000 series gateway. A parameter passed to the class UploadFile is mishandled %00 and /var/./html are not checked, which can allow an attacker to upload any file to the gateway. This affects EG-2000SE EGRGOS 11.9 B11P1...

CVE-2024-36531

nukeviet v.4.5 and before and nukeviet-egov v.1.2.02 and before are vulnerable to arbitrary code execution via the /admin/extensions/upload.php component...

CVE-2024-36528

nukeviet v.4.5 and before and nukeviet-egov v.1.2.02 and before have a Deserialization vulnerability which results in code execution via /admin/extensions/download.php and /admin/extensions/upload.php...

CVE-2024-31012

An issue was discovered in SEMCMS v.4.8, allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information via the upload.php file...

CVE-2024-31012

An issue was discovered in SEMCMS v.4.8, allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information via the upload.php file...

CVE-2024-31012

The CVE-2024-31012 entry concerns SEMCMS v4.8, where an issue in upload.php enables remote attackers to execute arbitrary code, escalate privileges, and exfiltrate sensitive information. Affected component is the upload.php handling; root cause themes indicate insecure file handling/execution pat...

CVE-2024-31012

An issue was discovered in SEMCMS v.4.8, allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information via the upload.php file...

LeptonCMS 安全漏洞

LeptonCMS is a content management system CMS from the Lepton Project. A security vulnerability exists in LeptonCMS version v.7.0.0 that originates from allowing a local attacker to execute arbitrary code via the upload.php file...

CVE-2024-2406

A vulnerability, which was classified as critical, was found in Gacjie Server up to 1.0. This affects the function index of the file /app/admin/controller/Upload.php. The manipulation of the argument file leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit ha...

PT-2024-20258 · Unknown · Gacjie Server

Name of the Vulnerable Software and Affected Versions: Gacjie Server versions up to 1.0 Description: A critical issue was found in Gacjie Server, affecting the function index of the file /app/admin/controller/Upload.php. The manipulation of the file argument leads to unrestricted upload. It is...

CVE-2024-1116 openBI Upload.php index unrestricted upload

A vulnerability was found in openBI up to 1.0.8. It has been classified as critical. Affected is the function index of the file /application/plugins/controller/Upload.php. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed t...

CVE-2024-1116 openBI Upload.php index unrestricted upload

A vulnerability was found in openBI up to 1.0.8. It has been classified as critical. Affected is the function index of the file /application/plugins/controller/Upload.php. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed t...

PT-2024-16793 · Openbi · Openbi

Name of the Vulnerable Software and Affected Versions: openBI versions up to 1.0.8 Description: A critical issue has been found, affecting the function index of the file /application/plugins/controller/Upload.php. This leads to unrestricted upload and can be exploited remotely. The issue has been...

CVE-2024-0933 Niushop B2B2C Upload.php unrestricted upload

A vulnerability was found in Niushop B2B2C V5 and classified as critical. Affected by this issue is some unknown functionality of the file \app\model\Upload.php. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and ma...

PT-2024-15774 · Monitorr · Monitorr

Name of the Vulnerable Software and Affected Versions: Monitorr version 1.7.6m Description: A critical vulnerability was found in Monitorr, affecting an unknown functionality of the file /assets/php/upload.php in the Services Configuration component. The manipulation of the fileToUpload argument...

Server side request forgery (ssrf)

Group-Office is an enterprise CRM and groupware tool. In affected versions there is full Server-Side Request Forgery SSRF vulnerability in the /api/upload.php endpoint. The /api/upload.php endpoint does not filter URLs which allows a malicious user to cause the server to make resource requests to...

CVE-2023-46730

CVE-2023-46730 (Group-Office) : A full Server-Side Request Forgery (SSRF) vulnerability exists in the /api/upload.php endpoint of Group-Office. The endpoint does not filter URLs, allowing an attacker to cause the server to fetch resources from untrusted domains, with possible access to local disk...

CVE-2023-46730 Server-Side Request Forgery in groupoffice

Group-Office is an enterprise CRM and groupware tool. In affected versions there is full Server-Side Request Forgery SSRF vulnerability in the /api/upload.php endpoint. The /api/upload.php endpoint does not filter URLs which allows a malicious user to cause the server to make resource requests to...