5 matches found
CVE-2026-9067
The Schema & Structured Data for WP & AMP WordPress plugin before 1.60 does not check user capabilities on its frontend AJAX file-upload handlers and does not validate the actual content of uploaded files against the endpoint's intended media type, allowing unauthenticated users to upload any fil...
CVE-2026-0496
SAP Fiori App Intercompany Balance Reconciliation allows an attacker with high privileges to upload any file including script files without proper file format validation. This has low impact on confidentiality, integrity and availability of the application...
CVE-2024-42523
publiccms V4.0.202302.e and before is vulnerable to Any File Upload via publiccms/admin/cmsTemplate/saveMetaData...
CVE-2024-42523
publiccms V4.0.202302.e and before is vulnerable to Any File Upload via publiccms/admin/cmsTemplate/saveMetaData...
CVE-2024-42523
publiccms V4.0.202302.e and before is vulnerable to Any File Upload via publiccms/admin/cmsTemplate/saveMetaData...