Lucene search
K

2192 matches found

Positive Technologies
Positive Technologies
added 2024/11/04 12:0 a.m.8 views

PT-2024-34303

Name of the Vulnerable Software and Affected Versions: Multi Purpose Mail Form versions n/a through 1.0.2 Description: The issue allows users to upload dangerous files, potentially leading to a web server compromise by uploading a web shell. This can happen due to an unrestricted upload of file...

10CVSS5.2AI score0.00611EPSS
Exploits2References11
CVE
CVE
added 2024/10/31 10:1 a.m.56 views

CVE-2024-49674

CVE-2024-49674 : WordPress EKC Tournament Manager plugin (versions ≤ 2.2.1) has a Cross-Site Request Forgery (CSRF) vulnerability that allows uploading a web shell to the web server. Exploitation would enable an attacker to place arbitrary files on the server via CSRF, potentially leading to unau...

9.6CVSS5.9AI score0.0022EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/10/31 10:1 a.m.29 views

CVE-2024-49674 WordPress EKC Tournament Manager plugin <= 2.2.1 - CSRF to Arbitrary File Upload vulnerability

Cross-Site Request Forgery CSRF vulnerability in lukashuser EKC Tournament Manager ekc-tournament-manager allows Upload a Web Shell to a Web Server.This issue affects EKC Tournament Manager: from n/a through = 2.2.1...

9.6CVSS5.9AI score0.0022EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/10/31 12:0 a.m.4 views

WordPress plugin EKC Tournament Manager 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forgery...

9.6CVSS6.5AI score0.0022EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/10/31 12:0 a.m.4 views

PT-2024-33626 · Unknown · Ekc Tournament Manager

Name of the Vulnerable Software and Affected Versions: EKC Tournament Manager versions n/a through 2.2.1 Description: A Cross-Site Request Forgery CSRF issue allows attackers to upload a web shell to a web server. This can be exploited by attackers to gain unauthorized access to the server...

9.6CVSS7AI score0.0022EPSS
Exploits0References6
NVD
NVD
added 2024/10/30 8:15 a.m.12 views

CVE-2024-50511

Unrestricted Upload of File with Dangerous Type vulnerability in donimedia WP donimedia carousel wp-donimedia-carousel allows Upload a Web Shell to a Web Server.This issue affects WP donimedia carousel: from n/a through = 1.0.1...

9.9CVSS0.00507EPSS
Exploits0References1
NVD
NVD
added 2024/10/30 8:15 a.m.15 views

CVE-2024-50510

Unrestricted Upload of File with Dangerous Type vulnerability in webandprint AR For Woocommerce ar-for-woocommerce allows Upload a Web Shell to a Web Server.This issue affects AR For Woocommerce: from n/a through = 6.3...

10CVSS0.00991EPSS
Exploits0References1
CVE
CVE
added 2024/10/30 7:54 a.m.58 views

CVE-2024-50510

CVE-2024-50510 affects the WordPress AR For Woocommerce plugin with affected versions n/a through 6.2. The issue is an unrestricted upload of files with dangerous types, enabling an attacker to upload a web shell to the web server. The CVSS vector indicates a critical, unauthenticated, network-ex...

10CVSS5.9AI score0.00991EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/10/30 7:54 a.m.11 views

CVE-2024-50510 WordPress AR For Woocommerce plugin <= 6.3 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in webandprint AR For Woocommerce ar-for-woocommerce allows Upload a Web Shell to a Web Server.This issue affects AR For Woocommerce: from n/a through = 6.3...

10CVSS5.9AI score0.00991EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/10/30 7:54 a.m.231 views

CVE-2024-50510 WordPress AR For Woocommerce plugin <= 6.3 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in webandprint AR For Woocommerce ar-for-woocommerce allows Upload a Web Shell to a Web Server.This issue affects AR For Woocommerce: from n/a through = 6.3...

10CVSS0.00991EPSS
Exploits0References1
CVE
CVE
added 2024/10/30 7:47 a.m.51 views

CVE-2024-50511

CVE-2024-50511 affects WordPress WP donimedia carousel plugin versions 1.0.1 and earlier. The vulnerability is an unrestricted upload of files with dangerous types, enabling an attacker to upload a web shell to the target server. This corresponds to an Arbitrary File Upload flaw in the plugin, wi...

9.9CVSS5.9AI score0.00507EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/10/30 7:47 a.m.12 views

CVE-2024-50511 WordPress WP donimedia carousel plugin <= 1.0.1 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in donimedia WP donimedia carousel wp-donimedia-carousel allows Upload a Web Shell to a Web Server.This issue affects WP donimedia carousel: from n/a through = 1.0.1...

9.9CVSS5.9AI score0.00507EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/10/30 12:0 a.m.6 views

PT-2024-34286 · WordPress · Ean For Woocommerce

Name of the Vulnerable Software and Affected Versions: AR For Woocommerce versions n/a through 6.2 Description: The issue allows for the unrestricted upload of files with dangerous types, enabling an attacker to upload a web shell to a web server. Recommendations: For versions n/a through 6.2,...

10CVSS7.3AI score0.00991EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/10/30 12:0 a.m.6 views

PT-2024-34287 · WordPress · Wp Donimedia Carousel

Name of the Vulnerable Software and Affected Versions: WP donimedia carousel versions 1.0.1 and earlier Description: The issue allows for the unrestricted upload of files with dangerous types, potentially enabling an attacker to upload a web shell to a web server. Recommendations: For WP donimedi...

9.9CVSS7AI score0.00507EPSS
Exploits0References4
NVD
NVD
added 2024/10/29 9:15 a.m.14 views

CVE-2024-50420

Unrestricted Upload of File with Dangerous Type vulnerability in aDirectory aDirectory adirectory allows Upload a Web Shell to a Web Server.This issue affects aDirectory: from n/a through = 1.3...

10CVSS0.00501EPSS
Exploits0References1
CVE
CVE
added 2024/10/29 8:32 a.m.44 views

CVE-2024-50420

CVE-2024-50420 (WordPress aDirectory plugin

10CVSS5.9AI score0.00501EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/10/29 8:30 a.m.20 views

CVE-2024-50473 WordPress Ajar in5 Embed plugin <= 3.1.3 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Ajar Productions Ajar in5 Embed ajar-productions-in5-embed allows Upload a Web Shell to a Web Server.This issue affects Ajar in5 Embed: from n/a through = 3.1.3...

10CVSS5.9AI score0.01033EPSS
Exploits1References1
CVE
CVE
added 2024/10/29 8:30 a.m.65 views

CVE-2024-50473

CVE-2024-50473 : Ajar in5 Embed for WordPress is vulnerable to unauthenticated arbitrary file upload up to version 3.1.3 due to missing file-type validation. This unrestricted upload allows placing files (e.g., web shells) on the server (upload path shown in PoC: /wp-content/uploads/2024/php5/). ...

10CVSS5.9AI score0.01033EPSS
Exploits1References1
NVD
NVD
added 2024/10/29 8:15 a.m.33 views

CVE-2024-50484

Unrestricted Upload of File with Dangerous Type vulnerability in Lindeni Mahlalela Multi Purpose Mail Form multi-purpose-mail-form allows Upload a Web Shell to a Web Server.This issue affects Multi Purpose Mail Form: from n/a through = 1.0.2...

10CVSS0.00496EPSS
Exploits0References1
NVD
NVD
added 2024/10/29 8:15 a.m.10 views

CVE-2024-50494

Unrestricted Upload of File with Dangerous Type vulnerability in Amin Omer Sudan Payment Gateway for WooCommerce wc-sudan-payment-gateway allows Upload a Web Shell to a Web Server.This issue affects Sudan Payment Gateway for WooCommerce: from n/a through = 1.2.2...

10CVSS0.00496EPSS
Exploits0References1
Rows per page
Query Builder