PT-2024-35926 · Unknown · Wdesignkit

Name of the Vulnerable Software and Affected Versions: WDesignkit versions 1.0.0 through 1.0.40 Description: The issue allows for the unrestricted upload of files with dangerous types, enabling the upload of a web shell to a web server. This can be exploited to gain unauthorized access to the...

Exploit for Unrestricted Upload of File with Dangerous Type in Chamilo Chamilo_Lms

CVE-2023-4220-exploit Carga de archivos sin restricciones en...

VulnCheck KEV: CVE-2023-4220

Unrestricted file upload in big file upload functionality in /main/inc/lib/javascript/bigupload/inc/bigUpload.php in Chamilo LMS = v1.11.24 allows unauthenticated attackers to perform stored cross-site scripting attacks and obtain remote code execution via uploading of web shell...

CVE-2024-52476

Unrestricted Upload of File with Dangerous Type vulnerability in Stefan Bohacek Fediverse Embeds fediverse-embeds allows Upload a Web Shell to a Web Server.This issue affects Fediverse Embeds: from n/a through = 1.5.3...

CVE-2024-52476

CVE-2024-52476 describes an Unrestricted Upload of File with Dangerous Type in the WordPress plugin Fediverse Embeds (versions

CVE-2024-52476 WordPress Fediverse Embeds plugin <= 1.5.3 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Stefan Bohacek Fediverse Embeds fediverse-embeds allows Upload a Web Shell to a Web Server.This issue affects Fediverse Embeds: from n/a through = 1.5.3...

CVE-2024-52490 WordPress Pathomation plugin <= 2.5.1 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in pathomation Pathomation pathomation allows Upload a Web Shell to a Web Server.This issue affects Pathomation: from n/a through = 2.5.1...

CVE-2024-52490

CVE-2024-52490 affects the WordPress Pathomation plugin (versions

PT-2024-35331 · Unknown · Pathomation

Name of the Vulnerable Software and Affected Versions: Pathomation versions n/a through 2.5.1 Description: The issue allows for the unrestricted upload of files with dangerous types, enabling the upload of a web shell to a web server. This can be exploited by uploading harmful files...

CVE-2024-52401

Cross-Site Request Forgery CSRF vulnerability in HuangYe WuDeng Hacklog DownloadManager hacklog-downloadmanager allows Upload a Web Shell to a Web Server.This issue affects Hacklog DownloadManager: from n/a through = 2.1.4...

CVE-2024-52402

Cross-Site Request Forgery CSRF vulnerability in gunghoinc Exclusive Content Password Protect exclusive-content-password-protect allows Upload a Web Shell to a Web Server.This issue affects Exclusive Content Password Protect: from n/a through = 1.1.0...

CVE-2024-52401 WordPress Hacklog DownloadManager plugin <=2.1.4 - CSRF to Arbitrary File Upload vulnerability

Cross-Site Request Forgery CSRF vulnerability in 荒野无灯 Hacklog DownloadManager allows Upload a Web Shell to a Web Server.This issue affects Hacklog DownloadManager: from n/a through 2.1.4...

CVE-2024-52402 WordPress Exclusive Content Password Protect plugin <= 1.1.0 - CSRF to Arbitrary File Upload vulnerability

Cross-Site Request Forgery CSRF vulnerability in Cliconomics Exclusive Content Password Protect allows Upload a Web Shell to a Web Server.This issue affects Exclusive Content Password Protect: from n/a through 1.1.0...

CVE-2024-52401

CVE-2024-52401 affects Hacklog DownloadManager plugin (WordPress). A CSRF to Arbitrary File Upload vulnerability exists in versions 2.1.4 and earlier. The CVE entry notes a high-impact flaw (CVSS v3.1: 9.6, network vector, no privileges, user interaction required, changed scope, complete confiden...

CVE-2024-52401 WordPress Hacklog DownloadManager plugin <=2.1.4 - CSRF to Arbitrary File Upload vulnerability

Cross-Site Request Forgery CSRF vulnerability in HuangYe WuDeng Hacklog DownloadManager hacklog-downloadmanager allows Upload a Web Shell to a Web Server.This issue affects Hacklog DownloadManager: from n/a through = 2.1.4...

CVE-2024-52402

CVE-2024-52402 concerns a CSRF to Arbitrary File Upload vulnerability in WordPress plugin Exclusive Content Password Protect (versions

PT-2024-35240 · Hacklog · Hacklog Downloadmanager

Name of the Vulnerable Software and Affected Versions: Hacklog DownloadManager versions 2.1.4 and earlier Description: A Cross-Site Request Forgery CSRF issue in Hacklog DownloadManager allows attackers to upload a web shell to a web server. This can be exploited by attackers to gain unauthorized...

CVE-2024-52429

Unrestricted Upload of File with Dangerous Type vulnerability in Anton Hoelstad WP Quick Setup allows Upload a Web Shell to a Web Server.This issue affects WP Quick Setup: from n/a through 2.0...

CVE-2024-52429 WordPress WP Quick Setup plugin <= 2.0 - Arbitrary Plugin and Theme Installation to Remote Code Execution vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in AntonHoelstad WP Quick Setup wp-quick-setup allows Upload a Web Shell to a Web Server.This issue affects WP Quick Setup: from n/a through = 2.0...

CVE-2024-52429 WordPress WP Quick Setup plugin <= 2.0 - Arbitrary Plugin and Theme Installation to Remote Code Execution vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in AntonHoelstad WP Quick Setup wp-quick-setup allows Upload a Web Shell to a Web Server.This issue affects WP Quick Setup: from n/a through = 2.0...