14 matches found
EUVD-2025-21028
Malicious code in bioql PyPI...
CVE-2025-34100
An unrestricted file upload vulnerability exists in BuilderEngine 3.5.0 via the integration of the elFinder 2.0 file manager and its use of the jQuery File Upload plugin. The plugin fails to properly validate or restrict file types or locations during upload operations, allowing an attacker to...
CVE-2025-34100
An unrestricted file upload vulnerability exists in BuilderEngine 3.5.0 via the integration of the elFinder 2.0 file manager and its use of the jQuery File Upload plugin. The plugin fails to properly validate or restrict file types or locations during upload operations, allowing an attacker to...
CVE-2025-34100 BuilderEngine 3.5.0 RCE via Unauthenticated Arbitrary File Upload
An unrestricted file upload vulnerability exists in BuilderEngine 3.5.0 via the integration of the elFinder 2.0 file manager and its use of the jQuery File Upload plugin. The plugin fails to properly validate or restrict file types or locations during upload operations, allowing an attacker to...
CVE-2025-34100
BuilderEngine 3.5.0 is vulnerable due to the integration of elFinder 2.0 and the jQuery File Upload plugin, which fails to validate file types/locations during uploads. This unauthenticated flow allows uploading a malicious PHP file and executing code on the server, producing full remote code exe...
CVE-2025-34100 BuilderEngine 3.5.0 RCE via Unauthenticated Arbitrary File Upload
An unrestricted file upload vulnerability exists in BuilderEngine 3.5.0 via the integration of the elFinder 2.0 file manager and its use of the jQuery File Upload plugin. The plugin fails to properly validate or restrict file types or locations during upload operations, allowing an attacker to...
BuilderEngine 安全漏洞
BuilderEngine is a web building tool from BuilderEngine, Inc. A security vulnerability exists in BuilderEngine version 3.5.0, which stems from a file upload issue in the elFinder 2.0 file manager and could lead to remote code execution...
PT-2025-29142 · Unknown +1 · Jquery File Upload +2
Name of the Vulnerable Software and Affected Versions: BuilderEngine version 3.5.0 Description: An unrestricted file upload issue exists due to the integration of elFinder 2.0 and the jQuery File Upload plugin. The plugin does not properly validate or restrict file types or locations during uploa...
BuilderEngine Arbitrary File Upload / Execution Exploit
This Metasploit module exploits a vulnerability found in BuilderEngine 3.5.0 via elFinder 2.0. The jquery-file-upload plugin can be abused to upload a malicious file, which would result in arbitrary remote code execution under the context of the web server. This module requires Metasploit:...
BuilderEngine Arbitrary File Upload / Execution
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "BuilderEngine Arbitrary File Upload Vulnerability and execution", 'Description' = %q This module exploits a vulnerability found in BuilderEngine...
BuilderEngine 3.5.0 - Arbitrary File Upload and Execution (Metasploit)
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "BuilderEngine Arbitrary File Upload Vulnerability and execution", 'Description' = %q This module exploits a vulnerability found in BuilderEngine...
BuilderEngine Arbitrary File Upload Vulnerability and execution
This module exploits a vulnerability found in BuilderEngine 3.5.0 via elFinder 2.0. The jquery-file-upload plugin can be abused to upload a malicious file, which would result in arbitrary remote code execution under the context of the web server. This module requires Metasploit:...
BuilderEngine 3.5.0 - Arbitrary File Upload
BuilderEngine 3.5.0 - Arbitrary File Upload...
BuilderEngine 3.5.0 - Arbitrary File Upload
...