CVE-2026-7519

A vulnerability has been found in Fujian Apex LiveBOS up to 2.0. Impacted is an unknown function of the file /feed/UploadImage.do of the component Endpoint. Such manipulation of the argument filename leads to path traversal. The attack can be launched remotely. The exploit has been disclosed to t...

CVE-2026-7519

A vulnerability has been found in Fujian Apex LiveBOS up to 2.0. Impacted is an unknown function of the file /feed/UploadImage.do of the component Endpoint. Such manipulation of the argument filename leads to path traversal. The attack can be launched remotely. The exploit has been disclosed to t...

CVE-2026-7519

Technical details are not publicly available in the provided documents. Monitor for updates.

Apex LiveBOS 路径遍历漏洞

Apex LiveBOS is a rapid development tool developed by the Chinese company Apex. Versions of Apex LiveBOS 2.0 and earlier had a path traversal vulnerability. This vulnerability stemmed from unknown functions in the Endpoint component file/feed/UploadImage.do, which allowed manipulation of the...

PT-2026-36261

Name of the Vulnerable Software and Affected Versions Fujian Apex LiveBOS versions prior to 2.1 Description A path traversal issue exists in the Endpoint component. A remote attacker can manipulate the filename argument in the '/feed/UploadImage.do' endpoint to access or overwrite files outside t...

PT-2026-29786

A security vulnerability has been detected in Textpattern up to 4.9.1. Affected by this vulnerability is the function mt uploadImage of the file rpc/TXP RPCServer.php of the component XML-RPC Handler. The manipulation of the argument file.name leads to path traversal. Remote exploitation of the...

CVE-2026-4186

A vulnerability was determined in UEditor up to 1.4.3.2. This issue affects some unknown processing of the file php/controller.php?action=uploadimage of the component JSONP Callback Handler. This manipulation of the argument callback causes cross site scripting. The attack can be initiated...

CVE-2026-4186

A vulnerability was determined in UEditor up to 1.4.3.2. This issue affects some unknown processing of the file php/controller.php?action=uploadimage of the component JSONP Callback Handler. This manipulation of the argument callback causes cross site scripting. The attack can be initiated...

ueditor 代码注入漏洞

Ueditor is an open-source editor developed by Ueditor. Versions of UEditor 1.4.3.2 and earlier have a code injection vulnerability. This vulnerability stems from incorrect handling of the parameter “callback” in the file php/controller.php?action=uploadimage, which may lead to cross-site scriptin...

CVE-2020-37009 MedDream PACS Server 6.8.3.751 - Remote Code Execution

MedDream PACS Server 6.8.3.751 contains an authenticated remote code execution vulnerability that allows authorized users to upload malicious PHP files. Attackers can exploit the uploadImage.php endpoint by authenticating and uploading a PHP shell to execute arbitrary system commands with elevate...

CVE-2025-15415

A vulnerability has been found in xnx3 wangmarket up to 6.4. The impacted element is the function uploadImage of the file /sits/uploadImage.do of the component XML File Handler. The manipulation of the argument image leads to unrestricted upload. Remote exploitation of the attack is possible. The...

EUVD-2008-0257

Malware in sbrugna...

CVE-2025-9406

A weakness has been identified in xuhuisheng lemon up to 1.13.0. This affects the function uploadImage of the file CmsArticleController.java of the component com.mossle.cms.web.CmsArticleController.uploadImage. This manipulation of the argument Upload causes unrestricted upload. The attack can be...

CVE-2025-9406 xuhuisheng lemon CmsArticleController.java uploadImage unrestricted upload

A weakness has been identified in xuhuisheng lemon up to 1.13.0. This affects the function uploadImage of the file CmsArticleController.java of the component com.mossle.cms.web.CmsArticleController.uploadImage. This manipulation of the argument Upload causes unrestricted upload. The attack can be...

lemon 安全漏洞

lemon is an open source OA by Xu Huisheng individual developer. A security vulnerability exists in lemon 1.13.0 and earlier versions, which originates from the improper handling of the Upload parameter in the uploadImage function in the file CmsArticleController.java, which may lead to unlimited...

Kaseya KServer 安全漏洞

Kaseya KServer is a central server node for a management system from Kaseya Corporation, USA. A security vulnerability exists in Kaseya KServer versions prior to 6.3.0.2, which stems from an unauthenticated and uncleaned uploadImage.asp endpoint that could lead to arbitrary file uploads and remot...

CVE-2024-7706 Fujian mwcms uploadfile.html uploadimage unrestricted upload

A vulnerability was found in Fujian mwcms 1.0.0. It has been rated as critical. Affected by this issue is the function uploadimage of the file /uploadfile.html. The manipulation of the argument upfile leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclose...

CVE-2024-6084 itsourcecode Pool of Bethesda Online Reservation System uploadImage unrestricted upload

A vulnerability has been found in itsourcecode Pool of Bethesda Online Reservation System up to 1.0 and classified as critical. Affected by this vulnerability is the function uploadImage of the file /admin/modroom/controller.php?action=add. The manipulation of the argument image leads to...

CVE-2024-6084 itsourcecode Pool of Bethesda Online Reservation System uploadImage unrestricted upload

A vulnerability has been found in itsourcecode Pool of Bethesda Online Reservation System up to 1.0 and classified as critical. Affected by this vulnerability is the function uploadImage of the file /admin/modroom/controller.php?action=add. The manipulation of the argument image leads to...

CVE-2024-22523

Directory Traversal vulnerability in Qiyu iFair version 23.8ad0 and before, allows remote attackers to obtain sensitive information via uploadimage component...