13 matches found
EUVD-2025-204594
Flatnux 2021-03.25 contains an authenticated file upload vulnerability that allows administrative users to upload arbitrary PHP files through the file manager. Attackers with admin credentials can upload malicious PHP scripts to the web root directory, enabling remote code execution on the server...
EUVD-2022-44533
Malicious code in bioql PyPI...
PT-2025-34700
Name of the Vulnerable Software and Affected Versions: WebErpMesv2 version 1.17 Description: A file upload vulnerability exists in the app/Http/Controllers/FactoryController.php controller. An authenticated attacker can upload arbitrary files, including PHP scripts. These files are accessible via...
CVE-2019-9189
Prima Systems FlexAir, Versions 2.4.9api3 and prior. The application allows the upload of arbitrary Python scripts when configuring the main central controller. These scripts can be immediately executed because of root code execution, not as a web server user, allowing an authenticated attacker t...
CVE-2019-9189
Summary of CVE-2019-9189 (FlexAir): Prima Systems FlexAir, versions 2.4.9api3 and earlier, allows uploading arbitrary Python scripts when configuring the main central controller. These scripts can be executed immediately with root privileges, enabling an authenticated attacker to gain full system...
HongCMS Arbitrary Script File Upload Vulnerability
HongCMS is an open source lightweight content management system CMS. HongCMS 3.0.0 suffers from an arbitrary script file upload vulnerability. An attacker can exploit this vulnerability by uploading arbitrary script files via admin/index.php/template/upload URI to execute PHP code...
CVE-2018-13021
An issue was discovered in HongCMS 3.0.0. There is an Arbitrary Script File Upload issue that can result in PHP code execution via the admin/index.php/template/upload URI...
CVE-2018-13021
An issue was discovered in HongCMS 3.0.0. There is an Arbitrary Script File Upload issue that can result in PHP code execution via the admin/index.php/template/upload URI...
File Upload Vulnerability in UFIDA Financials
UFIDA Financials is a financial management software. A file upload vulnerability exists in UFIDA Financial System. Vulnerability payload: http://target/TaskManager/EBankTaskServlet?m=1&taskjson=cnvdtest&taskname=... /... /R9iPortal/upload/cnvd.jsp%00&optionType=create Submitting the above request...
JSBoard 2.0.x Remote Arbitrary Script Upload Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/11983/info JSBoard is reported prone to a vulnerability that can allow a remote attacker to upload arbitrary PHP scripts to a vulnerable server. This issue results from insufficient sanitization of user-supplied input. If...
MediaWiki 1.3.x Remote Arbitrary Script Upload Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/11985/info MediaWiki is reported prone to a vulnerability that can allow a remote attacker to upload arbitrary PHP scripts to a vulnerable server. This issue results from insufficient sanitization of user-supplied input. ...
MediaWiki 1.3.x - Arbitrary Script Upload
source: https://www.securityfocus.com/bid/11985/info MediaWiki is reported prone to a vulnerability that can allow a remote attacker to upload arbitrary PHP scripts to a vulnerable server. This issue results from insufficient sanitization of user-supplied input. If successful, the attacker can...
JSBoard 2.0.x - Arbitrary Script Upload
JSBoard 2.0.x - Arbitrary Script Upload source: https://www.securityfocus.com/bid/11983/info JSBoard is reported prone to a vulnerability that can allow a remote attacker to upload arbitrary PHP scripts to a vulnerable server. This issue results from insufficient sanitization of user-supplied...