2169 matches found
CVE-2025-49060 WordPress Wastia theme < 1.1.3 - Arbitrary File Upload vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in CMSSuperHeroes Wastia wastia allows Upload a Web Shell to a Web Server.This issue affects Wastia: from n/a through 1.1.3...
CVE-2025-49060
CVE-2025-49060 affects CMSSuperHeroes Wastia (WordPress plugin/theme) with unrestricted upload of dangerous file types, enabling potential web shell uploads. Affected: Wastia versions prior to 1.1.3. Root cause: flaw in handling uploaded file types leading to arbitrary file upload. Impact per sou...
Wordpress Plugin Wastia Theme 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plug-in. A security...
PT-2025-43164
Name of the Vulnerable Software and Affected Versions CMSSuperHeroes Wastia versions prior to 1.1.3 Description A flaw exists in CMSSuperHeroes Wastia that permits the unrestricted upload of files with dangerous types. This allows for the upload of a Web Shell to a Web Server. Recommendations...
PT-2025-43278
Name of the Vulnerable Software and Affected Versions 7oroof Medcity versions prior to 1.1.9 Description The software contains a flaw that permits the upload of files with dangerous types. This allows for the upload of a web shell to a web server. Recommendations Update to version 1.1.9 or later...
CVE-2025-11948
Document Management System developed by Excellent Infotek has an Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server...
CVE-2025-11948
Document Management System developed by Excellent Infotek has an Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server...
CVE-2025-11948 Excellent Infotek|Document Management System - Arbitrary File Upload
Document Management System developed by Excellent Infotek has an Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server...
CVE-2025-11948 Excellent Infotek|Document Management System - Arbitrary File Upload
Document Management System developed by Excellent Infotek has an Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server...
CVE-2025-11948
CVE-2025-11948 affects the Document Management System by Excellent Infotek. Descriptions across Red Hat, NVD, CIRCL and CVE lists report an Arbitrary File Upload vulnerability that enables unauthenticated remote attackers to upload and execute a web shell, leading to arbitrary code execution on t...
PT-2025-42747
Name of the Vulnerable Software and Affected Versions Excellent Infotek Document Management System affected versions not specified Description The Document Management System developed by Excellent Infotek is subject to an Arbitrary File Upload issue. This allows unauthenticated remote attackers t...
CVE-2025-11675
Enterprise Cloud Database developed by Ragic has an Arbitrary File Upload vulnerability, allowing privileged remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server...
EUVD-2025-34044
Enterprise Cloud Database developed by Ragic has an Arbitrary File Upload vulnerability, allowing privileged remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server...
CVE-2025-11675 Ragic|Enterprise Cloud Database - Arbitrary File Upload
Enterprise Cloud Database developed by Ragic has an Arbitrary File Upload vulnerability, allowing privileged remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server...
CVE-2025-35055
Newforma Info Exchange NIX '/UserWeb/Common/UploadBlueimp.ashx' allows an authenticated attacker to upload an arbitrary file to any location writable by the NIX application. An attacker can upload and run a web shell or other content executable by the web server. An attacker can also delete...
EUVD-2025-33572
Newforma Info Exchange NIX '/UserWeb/Common/UploadBlueimp.ashx' allows an authenticated attacker to upload an arbitrary file to any location writable by the NIX application. An attacker can upload and run a web shell or other content executable by the web server. An attacker can also delete...
CVE-2025-35055
Newforma Info Exchange NIX '/UserWeb/Common/UploadBlueimp.ashx' allows an authenticated attacker to upload an arbitrary file to any location writable by the NIX application. An attacker can upload and run a web shell or other content executable by the web server. An attacker can also delete...
CVE-2025-35055
Newforma Info Exchange (NIX) contains a file-upload vulnerability in /UserWeb/Common/UploadBlueimp.ashx that allows an authenticated attacker to upload arbitrary files to writable locations, enabling web-shell execution or directory deletion. Related CNVD and Red Hat entries describe a broader ri...
CVE-2025-35055 Newforma Info Exchange (NIX) insecure file upload
Newforma Info Exchange NIX '/UserWeb/Common/UploadBlueimp.ashx' allows an authenticated attacker to upload an arbitrary file to any location writable by the NIX application. An attacker can upload and run a web shell or other content executable by the web server. An attacker can also delete...
PT-2025-41471
Name of the Vulnerable Software and Affected Versions Newforma Info Exchange NIX versions prior to 2023.1 Description Newforma Info Exchange NIX contains a flaw in the /UserWeb/Common/UploadBlueimp.ashx API endpoint that allows an authenticated attacker to upload arbitrary files to any location...