8 matches found
CVE-2026-37700
Cross Site Scripting vulnerability in MaxSite CMS v.109.2 allows a remote attacker to obtain sensitive information via the Backend page file upload endpoint used by adminpage...
CVE-2025-2708 zhijiantianya ruoyi-vue-pro Backend File Upload Interface upload path traversal
A vulnerability, which was classified as critical, was found in zhijiantianya ruoyi-vue-pro 2.4.1. This affects an unknown part of the file /admin-api/infra/file/upload of the component Backend File Upload Interface. The manipulation of the argument path leads to path traversal. It is possible to...
CVE-2024-46373
Dedecms V5.7.115 contains an arbitrary code execution via file upload vulnerability in the backend...
CVE-2024-28190 Contao core bundle vulnerable to cross site scripting in the file manager
Contao is an open source content management system. Starting in version 4.0.0 and prior to version 4.13.40 and 5.3.4, users can inject malicious code in filenames when uploading files back end and front end, which is then executed in tooltips and popups in the back end. Contao versions 4.13.40 an...
CVE-2022-40886
DedeCMS 5.7.98 has a file upload vulnerability in the background...
Backend File Upload Vulnerability in phpSQLiteCMS
phpSQLiteCMS is an open source web content management system based on PHP and SQLite. A backend file upload vulnerability exists in phpSQLiteCMS, which can be exploited by attackers to gain control of a web server...
OFCMS backend editUploadImage method has file upload vulnerability
OFCMS is a content management system developed based on java technology. A file upload vulnerability exists in the editUploadImage method in the background of OFCMS, which can be exploited by an attacker to upload a webshell and gain access to the server, posing an information leakage and...
KingTop CMS -- Tupy Technology Backend File Upload Vulnerability
KingTop CMS is a set of easy to learn , simple operation of the open source content management system . KingTop CMS -- Tupy Technology backend file upload vulnerability , attackers can upload webshell through the vulnerability , so as to obtain sensitive information...