Lucene search
K

21 matches found

Cvelist
Cvelist
added 2026/01/05 1:29 p.m.29 views

CVE-2023-50897 WordPress Media File Renamer plugin <= 5.7.7 - Arbitrary File Rename lead to RCE vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Meow Apps Media File Renamer allows Using Malicious Files.This issue affects Media File Renamer: from n/a through 5.7.7...

9.1CVSS0.00282EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/05 1:29 p.m.5 views

CVE-2023-50897 WordPress Media File Renamer plugin <= 5.7.7 - Arbitrary File Rename lead to RCE vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Meow Apps Media File Renamer allows Using Malicious Files.This issue affects Media File Renamer: from n/a through 5.7.7...

9.1CVSS6.6AI score0.00282EPSS
Exploits0References1
NVD
NVD
added 2025/12/11 5:15 p.m.6 views

CVE-2025-65474

An arbitrary file rename vulnerability in the /admin/manager.php component of EasyImages 2.0 v2.8.6 and below allows attackers to execute arbitrary code via renaming a PHP file to a SVG format...

9.8CVSS0.00473EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/12/11 12:0 a.m.6 views

PT-2025-50636

Name of the Vulnerable Software and Affected Versions EasyImages versions 2.0 through 2.8.6 Description A flaw exists in the /admin/manager.php component that allows for arbitrary file renaming. An attacker can exploit this to execute arbitrary code by renaming a PHP file to an SVG format...

7.5AI score0.00473EPSS
Exploits1References4
EUVD
EUVD
added 2025/12/11 12:0 a.m.10 views

EUVD-2025-202703

An arbitrary file rename vulnerability in the /admin/filer.php component of EasyImages 2.0 v2.8.6 and below allows attackers with Administrator privileges to execute arbitrary code via injecting a crafted payload into an uploaded file name...

9.1CVSS7.2AI score0.00498EPSS
Exploits1References3
EUVD
EUVD
added 2025/12/11 12:0 a.m.6 views

EUVD-2025-202767

An arbitrary file rename vulnerability in the /admin/manager.php component of EasyImages 2.0 v2.8.6 and below allows attackers to execute arbitrary code via renaming a PHP file to a SVG format...

7.3AI score0.00473EPSS
Exploits1References3
Cvelist
Cvelist
added 2025/12/11 12:0 a.m.29 views

CVE-2025-65474

An arbitrary file rename vulnerability in the /admin/manager.php component of EasyImages 2.0 v2.8.6 and below allows attackers to execute arbitrary code via renaming a PHP file to a SVG format...

0.00473EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/12/11 12:0 a.m.4 views

CVE-2025-65473

An arbitrary file rename vulnerability in the /admin/filer.php component of EasyImages 2.0 v2.8.6 and below allows attackers with Administrator privileges to execute arbitrary code via injecting a crafted payload into an uploaded file name...

7.4AI score0.00498EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/12/11 12:0 a.m.3 views

CVE-2025-65474

An arbitrary file rename vulnerability in the /admin/manager.php component of EasyImages 2.0 v2.8.6 and below allows attackers to execute arbitrary code via renaming a PHP file to a SVG format...

7.5AI score0.00473EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/12/11 12:0 a.m.17 views

PT-2025-50635

Name of the Vulnerable Software and Affected Versions EasyImages versions 2.0 through 2.8.6 Description A flaw exists within the /admin/filer.php component that allows attackers with Administrator privileges to execute arbitrary code. This is possible by injecting a crafted payload into an upload...

9.1CVSS7.1AI score0.00498EPSS
Exploits1References5
OSV
OSV
added 2025/12/11 12:0 a.m.5 views

CVE-2025-65474

An arbitrary file rename vulnerability in the /admin/manager.php component of EasyImages 2.0 v2.8.6 and below allows attackers to execute arbitrary code via renaming a PHP file to a SVG format...

8.8CVSS7.8AI score0.00473EPSS
Exploits1References4
CVE
CVE
added 2025/12/11 12:0 a.m.18 views

CVE-2025-65474

CVE-2025-65474 affects EasyImages 2.0 up to and including 2.8.6. The vulnerability resides in the /admin/manager.php component, where insecure file renaming can be exploited to execute arbitrary code by renaming a PHP file to an SVG format. Impact is described as arbitrary code execution with hig...

9.8CVSS7.5AI score0.00473EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2025/12/11 12:0 a.m.14 views

CVE-2025-65473

CVE-2025-65473 affects EasyImages 2.0 through 2.8.6, specifically the /admin/filer.php component. A flaw allows attackers with Administrator privileges to execute arbitrary code by injecting a crafted payload into an uploaded file name, resulting in arbitrary file rename. The Red Hat, CIRCL, NVD,...

9.1CVSS7.4AI score0.00498EPSS
Exploits1References2Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/23 8:39 a.m.8 views

CVE-2024-23634

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. An arbitrary file renaming vulnerability exists in versions prior to 2.23.5 and 2.24.2 that enables an authenticated administrator with permissions to modify stores through the REST...

6CVSS6.9AI score0.00694EPSS
Exploits1References1
CNNVD
CNNVD
added 2024/03/20 12:0 a.m.4 views

GeoServer Security Vulnerabilities

GeoServer is an open source software server written in Java. It allows users to share and edit geospatial data. A security vulnerability exists in GeoServer versions prior to 2.23.5 and prior to 2.24.2, which stems from an arbitrary file renaming vulnerability that allows authenticated...

6CVSS6.7AI score0.00694EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2024/03/20 12:0 a.m.5 views

PT-2024-19986 · Geoserver · Geoserver

Name of the Vulnerable Software and Affected Versions: GeoServer versions prior to 2.23.5 and 2.24.2 Description: An arbitrary file renaming issue exists, allowing an authenticated administrator with permissions to modify stores through the REST Coverage Store or Data Store API to rename arbitrar...

6CVSS7.3AI score0.00694EPSS
Exploits1References11
WPVulnDB
WPVulnDB
added 2024/01/24 12:0 a.m.23 views

Photo Gallery by 10Web - Mobile-Friendly Image Gallery < 1.8.20 - Directory Traversal to Arbitrary File Rename

Description The plugin is vulnerable to Directory Traversal attacks via the renameitem function. This makes it possible for authenticated attackers to rename arbitrary files on the server. Note: By default this can be exploited by administrators only. In the premium version of the plugin,...

5.8CVSS6.4AI score0.01312EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2022/02/28 12:0 a.m.6 views

PT-2022-13138 · WordPress · Learnpress

Name of the Vulnerable Software and Affected Versions: LearnPress WordPress plugin versions prior to 4.1.5 Description: The issue allows users to upload an image as a profile avatar after registration, which is then cropped and saved. A "POST" request is sent to the server to rename and crop the...

4.3CVSS4.5AI score0.03205EPSS
Exploits5References8
CNVD
CNVD
added 2020/04/17 12:0 a.m.3 views

Logic Flaw Vulnerability in ETA CMS (CNVD-2020-26403)

ETA CMS is a simple, practical and efficient website builder. A logical flaw exists in EDA CMS, which can be exploited by an attacker to rename arbitrary files to gain control of the web server...

7.2AI score
Exploits0
Zero Day Initiative
Zero Day Initiative
added 2020/02/11 12:0 a.m.27 views

Symantec Endpoint Protection AvHostPlugin Missing Authentication Arbitrary File Rename Vulnerability

This vulnerability allows local attackers to rename arbitrary files on affected installations of Symantec Endpoint Protection. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...

6.1CVSS3.8AI score0.00363EPSS
Exploits0References1
Rows per page
Query Builder