Lucene search
K

107 matches found

Vulnrichment
Vulnrichment
added 2024/09/13 6:0 a.m.13 views

CVE-2024-7863 Favicon Generator < 2.1 - Arbitrary File Upload via CSRF

The Favicon Generator CLOSED WordPress plugin before 2.1 does not validate files to be uploaded and does not have CSRF checks, which could allow attackers to make logged in admin upload arbitrary files such as PHP on the server...

7.3AI score0.00275EPSS
Exploits1References1
CNNVD
CNNVD
added 2024/07/30 12:0 a.m.5 views

ELECOM WRC-2533GS2V-B、WRC-2533GS2-B和WRC-2533GS2-W 安全漏洞

ELECOM WRC-2533GS2V-B and others are a wireless router from ELECOM Japan. A security vulnerability exists in v1.68 and earlier versions of the ELECOM WRC-2533GS2V-B, WRC-2533GS2-B, and WRC-2533GS2-W. The vulnerability stems from the possibility that a logged-in user with administrative privileges...

6.8CVSS6.8AI score0.00364EPSS
Exploits0References4
Patchstack
Patchstack
added 2024/07/15 2:46 a.m.4 views

WordPress WP eMember plugin < 10.6.6 - Admin+ Arbitrary File Upload vulnerability

Admin+ Arbitrary File Upload vulnerability discovered by Bob Matyas in WordPress Plugin WP eMember versions 10.6.6...

8.8CVSS7AI score0.00661EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2024/06/11 12:0 a.m.3 views

Aimeos Security Breach

Aimeos is an open source e-commerce framework for online stores from Aimeos Open Source. A security vulnerability exists in versions of Aimeos prior to 2024.04.5, which originates from a user with administrative privileges being able to upload files that look like images but contain PHP code that...

7.2CVSS7AI score0.00607EPSS
Exploits0References3
OSV
OSV
added 2024/04/13 2:0 p.m.6 views

CVE-2024-3736 cym1102 nginxWebUI upload unrestricted upload

A vulnerability was found in cym1102 nginxWebUI up to 3.9.9. It has been declared as problematic. Affected by this vulnerability is the function upload of the file /adminPage/main/upload. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been...

4.3CVSS4.9AI score0.00918EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2024/04/13 12:0 a.m.5 views

PT-2024-27516 · Unknown · Cym1102 Nginxwebui

Name of the Vulnerable Software and Affected Versions: cym1102 nginxWebUI versions up to 3.9.9 Description: A critical vulnerability was found in the cym1102 nginxWebUI, affecting unknown code of the file /adminPage/main/upload. The manipulation of the argument file leads to os command injection...

9.8CVSS7.1AI score0.02891EPSS
Exploits1References9
Positive Technologies
Positive Technologies
added 2023/12/17 12:0 a.m.5 views

PT-2023-32798 · Saysky · Sayski Forestblog

Name of the Vulnerable Software and Affected Versions: saysky ForestBlog up to 20220630 Description: A critical issue has been found in the Image Upload Handler component, affecting the /admin/upload/img file. The manipulation of the filename argument leads to unrestricted upload. This issue can ...

9.8CVSS6.4AI score0.00908EPSS
Exploits1References6
CNNVD
CNNVD
added 2023/12/16 12:0 a.m.4 views

ForestBlog 代码问题漏洞

ForestBlog is an application, a personal blog. An arbitrary file upload vulnerability exists in ForestBlog 20220630 and earlier versions, which stems from a lack of valid validation of the uploaded file by the parameter filename in the file /admin/upload/img. An attacker can exploit this...

9.8CVSS7.4AI score0.00908EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2023/12/04 12:0 a.m.10 views

PT-2023-31020 · Unknown · Thinkadmin

Name of the Vulnerable Software and Affected Versions: ThinkAdmin version 6.1.53 Description: An arbitrary file upload issue in the /admin/api.upload/file component allows attackers to execute arbitrary code via a crafted Zip file. Recommendations: For ThinkAdmin version 6.1.53, consider disablin...

8.8CVSS8.8AI score0.01091EPSS
Exploits1References6
CNNVD
CNNVD
added 2023/07/12 12:0 a.m.4 views

Schneider Electric StruxureWare Data Center Expert 代码注入漏洞

Schneider Electric StruxureWare Data Center Expert StruxureWare Data Center Management Expert is a monitoring software from the French company Schneider Electric Schneider Electric. Suitable for a variety of organizations to monitor their company-wide power, cooling, security, environment. A code...

7.2CVSS7.5AI score0.00752EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/06/26 12:0 a.m.5 views

Bludit 代码问题漏洞

Bludit is an open source lightweight blog content management system CMS. A security vulnerability exists in Bludit version 3.9.2, which stems from vulnerability to Remote Code Execution RCE attacks via /admin/ajax/upload-images...

8.8CVSS8.1AI score0.01263EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2023/06/07 2:15 a.m.6 views

CVE-2023-33601

An arbitrary file upload vulnerability in /admin.php?c=upload of phpok v6.4.100 allows attackers to execute arbitrary code via a crafted PHP file...

8.8CVSS7.8AI score0.00945EPSS
Exploits1References2
CNNVD
CNNVD
added 2023/05/25 12:0 a.m.4 views

PHPOK 代码问题漏洞

PHPOK is an enterprise building system that supports expansion. PHPOK version 6.4.100 suffers from an arbitrary file upload vulnerability, which stems from admin.php?c=upload&f=zip&noCache=0.1683794968 lack of valid validation of the uploaded file. An attacker can exploit this vulnerability to...

8.8CVSS7.5AI score0.00694EPSS
Exploits1References4
OSV
OSV
added 2023/03/14 3:15 p.m.4 views

CVE-2023-1398

A vulnerability classified as critical was found in XiaoBingBy TeaCMS 2.0. Affected by this vulnerability is an unknown functionality of the file /admin/upload. The manipulation leads to path traversal: '../filedir'. The attack can be launched remotely. The exploit has been disclosed to the publi...

8.8CVSS5.3AI score0.00965EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2023/03/14 12:0 a.m.4 views

PT-2023-16955 · Unknown · Xiaobingby Teacms

Name of the Vulnerable Software and Affected Versions: XiaoBingBy TeaCMS version 2.0 Description: A critical vulnerability was found in XiaoBingBy TeaCMS, affecting an unknown functionality of the file /admin/upload. The manipulation leads to path traversal: '../filedir'. The attack can be launch...

8.8CVSS6.6AI score0.00965EPSS
Exploits1References6
CNNVD
CNNVD
added 2023/03/14 12:0 a.m.4 views

XiaoBingBy TeaCMS 路径遍历漏洞

XiaoBingBy TeaCMS is a blog system by xiaobingby personal developer. A security vulnerability exists in XiaoBingBy TeaCMS version 2.0, which stems from a problem with the file /admin/upload, which can lead to a path traversal vulnerability...

8.8CVSS6.9AI score0.00965EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2022/11/17 12:0 a.m.5 views

PT-2022-24793 · Unknown · College Management System

Name of the Vulnerable Software and Affected Versions: College Management System version 1.0 Description: The issue allows an admin user to upload a .php file containing malicious code via the student.php file, potentially leading to remote code execution. The authentication required for this...

7.2CVSS8.8AI score0.01044EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/10/17 12:0 a.m.4 views

74cms 代码问题漏洞

XUNYI TECHNOLOGY 74cms is a PHP and MySQL based online recruitment system from China Xunyi Technology Company. A security vulnerability exists in version 74cmsSE v3.13.0, which stems from the /apiadmin/upload/attach component that allows an attacker to upload arbitrary files, resulting in the...

9.8CVSS8.7AI score0.00916EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2022/10/17 12:0 a.m.6 views

PT-2022-26287 · 74Cmsse · 74Cmsse

Name of the Vulnerable Software and Affected Versions: 74cmsSE version 3.13.0 Description: An arbitrary file upload issue in the "/api/admin/upload/attach" API endpoint allows attackers to execute arbitrary code via a crafted PHP file. Recommendations: For 74cmsSE version 3.13.0, consider disabli...

9.8CVSS9.7AI score0.00916EPSS
Exploits1References3
OSV
OSV
added 2022/09/06 6:15 p.m.4 views

CVE-2022-2438

The Broken Link Checker plugin for WordPress is vulnerable to deserialization of untrusted input via the '$logfile' value in versions up to, and including 1.11.16. This makes it possible for authenticated attackers with administrative privileges and above to call files using a PHAR wrapper that...

7.2CVSS5.9AI score0.01385EPSS
Exploits0References3
Rows per page
Query Builder