PT-2024-2371 · Phpmyfaq · Phpmyfaq

Name of the Vulnerable Software and Affected Versions: phpMyFAQ versions 8.1 and later Description: The issue is related to the lack of protection for the web page structure, allowing an attacker to conduct cross-site scripting XSS attacks using specially crafted .html files. An attacker with adm...

PT-2024-1796 · Adobe · Commerce

Name of the Vulnerable Software and Affected Versions: Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier Description: The issue is related to a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerabl...

CVE-2024-0191

A vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1.0. It has been classified as problematic. Affected is an unknown function of the file /admin/uploads/. The manipulation leads to file and directory information exposure. It is possible to launch the attack remotely. The exploit...

PT-2024-15375 · Unknown · Rrj Nueva Ecija Engineer Online Portal

Name of the Vulnerable Software and Affected Versions: RRJ Nueva Ecija Engineer Online Portal version 1.0 Description: A vulnerability was found in the RRJ Nueva Ecija Engineer Online Portal, which has been classified as problematic. The issue affects an unknown function of the file...

CVE-2023-40461

The ACEManager component of ALEOS 4.16 and earlier allows an authenticated user with Administrator privileges to access a file upload field which does not fully validate the file name, creating a Stored Cross-Site Scripting condition...

VulnCheck KEV: CVE-2022-25487

Atom CMS v2.0 was discovered to contain a remote code execution RCE vulnerability via /admin/uploads.php...

PT-2023-25829 · WordPress · Upload Media By Url

Name of the Vulnerable Software and Affected Versions: Upload Media By URL WordPress plugin versions prior to 1.0.8 Description: The issue is related to the lack of a CSRF check when uploading files, which could allow attackers to make logged-in admins upload files on their behalf, including HTML...

Oxid Esales OXID eShop Code Issue Vulnerability

Oxid Esales OXID eShop is an online e-commerce platform from Oxid Esales, Germany. A security vulnerability exists in Oxid Esales OXID eShop Enterprise Edition prior to version 6.5.3 that originates from allowing the upload of a file with modified header information in the administration area. An...

CVE-2023-37198

A CWE-94: Improper Control of Generation of Code 'Code Injection' vulnerability exists that could cause remote code execution when an admin user on DCE uploads or tampers with install packages...

portfolioCMS 竞争条件问题漏洞

PortfolioCMS is Bootstrap portfolio website with admin panel. A competitive condition vulnerability exists in portfolioCMS version 1.0.0. A remote attacker can exploit this vulnerability to execute arbitrary code via the fileExt parameter of localhost/admin/uploads.php...

WordPress plugin Rara One Click Demo Import 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. The WordPress plugin is an application plugin. version 1.2.9 and earlier of the Rara One Click Demo Imports plugin are vulnerable to cross-site request...

CVE-2022-28033

Atom.CMS 2.0 is vulnerable to SQL Injection via Atom.CMSadminuploads.php...

CVE-2022-28033

Atom.CMS 2.0 is vulnerable to SQL Injection via Atom.CMSadminuploads.php...

CVE-2022-28033

Atom.CMS 2.0 is vulnerable to SQL Injection via Atom.CMSadminuploads.php...

Atom.CMS SQL注入漏洞

CMS is a content management system from The Digital Craft individual developers in the U.S. A SQL injection vulnerability exists in Atom.CMS version 2.0, which stems from a lack of validation of external input SQL statements in Atom.CMSadminuploads.php, which could be exploited to execute illegal...

CVE-2022-25487

Atom CMS v2.0 was discovered to contain a remote code execution RCE vulnerability via /admin/uploads.php...

CVE-2022-25487

Atom CMS v2.0 was discovered to contain a remote code execution RCE vulnerability via /admin/uploads.php...

Atom CMS 代码问题漏洞

Atom CMS is a content management system. A remote code execution vulnerability exists in Atom CMS version 2.0, which stems from /admin/uploads.php failing to properly filter the special elements of the construct snippet. An attacker could exploit this vulnerability to cause arbitrary code executi...

CVE-2021-24620

The WordPress Simple Ecommerce Shopping Cart Plugin- Sell products through Paypal plugin through 2.2.5 does not check for the uploaded Downloadable Digital product file, allowing any file, such as PHP to be uploaded by an administrator. Furthermore, as there is no CSRF in place, attackers could...

getsimplecms 代码问题漏洞

GetSimple CMS is an XML-based, completely self-contained, streamlined content management system. A remote code execution vulnerability exists in admin/upload.php in GetSimple CMS versions prior to 3.3.16. An attacker can exploit this vulnerability to achieve remote code execution via phar files...