24 matches found
CVE-2026-27146
GetSimple CMS is a content management system. All versions of GetSimple CMS do not implement CSRF protection on the administrative file upload endpoint. As a result, an attacker can craft a malicious web page that silently triggers a file upload request from an authenticated victim’s browser. The...
CVE-2026-27146
GetSimple CMS is a content management system. All versions of GetSimple CMS do not implement CSRF protection on the administrative file upload endpoint. As a result, an attacker can craft a malicious web page that silently triggers a file upload request from an authenticated victim’s browser. The...
CVE-2025-10116
A vulnerability was identified in SiempreCMS up to 1.3.6. This vulnerability affects unknown code of the file /docs/admin/fileupload.php. Such manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit is publicly available and might be used...
CVE-2025-10116
A vulnerability was identified in SiempreCMS up to 1.3.6. This vulnerability affects unknown code of the file /docs/admin/fileupload.php. Such manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit is publicly available and might be used...
CVE-2025-10116 SiempreCMS file_upload.php unrestricted upload
A vulnerability was identified in SiempreCMS up to 1.3.6. This vulnerability affects unknown code of the file /docs/admin/fileupload.php. Such manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit is publicly available and might be used...
CVE-2025-54926
CWE-22: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability exists that could cause remote code execution when an authenticated attacker with admin privileges uploads a malicious file over HTTP which then gets executed...
CVE-2025-54926
CVE-2025-54926 affects Schneider Electric EcoStruxure Power Monitoring Expert (and Power Operation) with a directory traversal vulnerability that may enable remote code execution. The issue stems from improper validation in path handling (GetTgmlContent) and requires authenticated admin privilege...
CVE-2025-8852
A vulnerability was identified in WuKongOpenSource WukongCRM 11.0. This affects an unknown part of the file /adminFile/upload of the component API Response Handler. The manipulation leads to information exposure through error message. It is possible to initiate the attack remotely. The exploit ha...
CVE-2025-8852
A vulnerability was identified in WuKongOpenSource WukongCRM 11.0. This affects an unknown part of the file /adminFile/upload of the component API Response Handler. The manipulation leads to information exposure through error message. It is possible to initiate the attack remotely. The exploit ha...
CVE-2025-8852 WuKongOpenSource WukongCRM API Response upload information exposure
A vulnerability was identified in WuKongOpenSource WukongCRM 11.0. This affects an unknown part of the file /adminFile/upload of the component API Response Handler. The manipulation leads to information exposure through error message. It is possible to initiate the attack remotely. The exploit ha...
CVE-2025-8852
WuKongOpenSource WukongCRM 11.0 is affected by CVE-2025-8852 in the API Response Handler’s /adminFile/upload area. The vulnerability enables information exposure via error messages and supports remote initiation. Publicly disclosed exploit information exists (POC), with multiple sources confirmin...
PT-2025-32547 · Wukongopensource · Wukongcrm
Name of the Vulnerable Software and Affected Versions: WuKongOpenSource WukongCRM version 11.0 Description: A vulnerability exists in WuKongOpenSource WukongCRM 11.0, specifically within an unknown part of the /adminFile/upload file of the API Response Handler component. This allows for informati...
CVE-2024-7910
A vulnerability was found in CodeAstro Online Railway Reservation System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/emp-profile-avatar.php of the component Profile Photo Update Handler. The manipulation leads to unrestricted upload. The...
WordPress Business Card plugin <= 1.0.0 - Admin+ File Upload vulnerability
Admin+ File Upload vulnerability discovered by Anjo Rev Tingson in WordPress Plugin Business Card versions = 1.0.0...
CVE-2024-5807 Business Card <= 1.0.0 - Admin+ File Upload
The Business Card WordPress plugin through 1.0.0 does not prevent high privilege users like administrators from uploading malicious PHP files, which could allow them to run arbitrary code on servers hosting their site, even in MultiSite configurations...
WordPress Everest Backup plugin < 2.2.5 - Admin+ Arbitrary File Upload vulnerability
Admin+ Arbitrary File Upload vulnerability discovered by Emad in WordPress Plugin Everest Backup versions 2.2.5...
CVE-2022-44401
Online Tours & Travels Management System v1.0 contains an arbitrary file upload vulnerability via /tour/admin/file.php...
Online Tours & Travels Management System 代码问题漏洞
Online Tours & Travels Management System is an online tour management system by Mayuri K. Individual developer. A code issue vulnerability exists in Online Tours & Travels Management System v1.0, which was discovered to contain a file upload vulnerability via /tour/admin/file.php...
CVE-2022-41406
An arbitrary file upload vulnerability in the /admin/adminpic.php component of Church Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file...
Magento affected by remote code execution via a file upload
Magento Commerce versions 2.4.2 and earlier, 2.4.2-p1 and earlier and 2.3.7 and earlier are affected by an improper input validation vulnerability. An attacker with admin privileges can upload a specially crafted file to achieve remote code execution...