CVE-2024-54775

Dcat-Admin v2.2.0-beta and v2.2.2-beta contains a Cross-Site Scripting XSS vulnerability via /admin/auth/menu and /admin/auth/extensions...

Dcat Admin 安全漏洞

Dcat Admin is a backend system builder based on the secondary development of laravel-admin by Jiang Qinghua. A security vulnerability exists in Dcat Admin v2.2.0-beta and v2.2.2-beta, which was discovered to contain a cross-site scripting vulnerability via /admin/auth/menu and...

nukeviet Deserialization of Untrusted Data vulnerability

nukeviet v.4.5 and before and nukeviet-egov v.1.2.02 and before have a Deserialization vulnerability which results in code execution via /admin/extensions/download.php and /admin/extensions/upload.php...

CVE-2024-36531

nukeviet v.4.5 and before and nukeviet-egov v.1.2.02 and before are vulnerable to arbitrary code execution via the /admin/extensions/upload.php component...

CVE-2024-36528

nukeviet v.4.5 and before and nukeviet-egov v.1.2.02 and before have a Deserialization vulnerability which results in code execution via /admin/extensions/download.php and /admin/extensions/upload.php...

Vinades NukeViet Security Breach

Vinades NukeViet is an open source content management system CMS from Vinades Vietnam. A security vulnerability exists in Vinades NukeViet v.4.5 and earlier versions, nukeviet-egov v.1.2.02 and earlier versions. An attacker can exploit this vulnerability to execute arbitrary code via the...

Vinades NukeViet Security Breach

Vinades NukeViet is an open source content management system CMS from Vinades Vietnam. A security vulnerability exists in Vinades NukeViet v.4.5 and earlier versions, nukeviet-egov v.1.2.02 and earlier versions, which stems from the presence of a deserialization vulnerability. An attacker can...

CVE-2024-36531

nukeviet v.4.5 and before and nukeviet-egov v.1.2.02 and before are vulnerable to arbitrary code execution via the /admin/extensions/upload.php component...

CVE-2021-34627

A vulnerability in the getSelectedMimeTypesByRole function of the WP Upload Restriction WordPress plugin allows low-level authenticated users to view custom extensions added by administrators. This issue affects versions 2.2.3 and prior...

CVE-2021-34626

A vulnerability in the deleteCustomType function of the WP Upload Restriction WordPress plugin allows low-level authenticated users to delete custom extensions added by administrators. This issue affects versions 2.2.3 and prior...

PT-2021-20594 · WordPress · Wp Upload Restriction

Name of the Vulnerable Software and Affected Versions: WP Upload Restriction WordPress plugin versions 2.2.3 and prior Description: A vulnerability in the getSelectedMimeTypesByRole function allows low-level authenticated users to view custom extensions added by administrators. Recommendations: F...