3 matches found
CVE-2022-27140
An arbitrary file upload vulnerability in the file upload module of express-fileupload 1.3.1 allows attackers to execute arbitrary code via a crafted PHP file. NOTE: the vendor's position is that the observed behavior can only occur with "intentional misusing of the API": the express-fileupload...
Design/Logic Flaw
An arbitrary file upload vulnerability in the file upload module of express-fileupload 1.3.1 allows attackers to execute arbitrary code via a crafted PHP file. NOTE: the vendor's position is that the observed behavior can only occur with "intentional misusing of the API": the express-fileupload...
CVE-2022-27140
CVE-2022-27140 affects the express-fileupload module (version 1.3.1). The vulnerability arises from improper validation in the file upload mechanism, allowing an attacker to upload a crafted PHP file and potentially execute arbitrary code. Vendor notes this behavior can occur only with intentiona...