151 matches found
Lightdash version <= 0.510.3 Arbitrary File Read
packages/backend/src/routers in Lightdash before 0.510.3 has insecure file endpoints, e.g., they allow .. directory traversal and do not ensure that an intended file extension .csv or .png is used. id: CVE-2023-35844 info: name: Lightdash version = 0.510.3 Arbitrary File Read author: dwisiswant0...
DRUPAL-CONTRIB-2026-066
The Canvas module allow you to upload image files via a custom API. The validation rules check the file extension of the uploaded file but not the file MIME type. This may allow a malicious user to upload a file that is not an image. Certain web-server configurations may serve the uploaded file...
PT-2026-55223
Name of the Vulnerable Software and Affected Versions Drupal Canvas versions 0.0.0 through 1.4.2 Drupal Canvas versions 1.5.0 through 1.5.2 Drupal Canvas versions 1.6.0 through 1.6.1 Drupal Canvas versions 1.7.0 through 1.7.1 Description An issue exists where the Canvas module allows Cross-Site...
PT-2026-51235
Name of the Vulnerable Software and Affected Versions Craft CMS versions 4.0.0-RC1 and later Description An authenticated path traversal flaw exists in the 'assets/icon' endpoint. The issue occurs because the extension parameter is not validated before the system performs file existence checks. A...
DRUPAL-CORE-2026-009
The JSON:API and REST modules allow you to upload image files to image fields. The validation rules check the file extension of the uploaded file but not the file MIME type. This may allow a malicious user to upload a file that is not an image. Certain web-server configurations may serve the...
PT-2026-50610
Name of the Vulnerable Software and Affected Versions Drupal core affected versions not specified Description The JSON:API and REST modules allow image file uploads to image fields. The validation rules verify the file extension but fail to check the file MIME type Multipurpose Internet Mail...
EUVD-2026-36757
Bludit CMS before version 3.18.4 allows Remote Code Execution RCE via the API Plugin. The POST /api/files/key endpoint in bl-plugins/api/plugin.php fails to perform authorization checks and lacks file extension validation. An attacker with a valid API token can upload a malicious PHP script and...
CVE-2026-38329
Bludit CMS before version 3.18.4 allows Remote Code Execution RCE via the API Plugin. The POST /api/files/key endpoint in bl-plugins/api/plugin.php fails to perform authorization checks and lacks file extension validation. An attacker with a valid API token can upload a malicious PHP script and...
PT-2026-49297
Bludit CMS before version 3.18.4 allows Remote Code Execution RCE via the API Plugin. The POST /api/files/key endpoint in bl-plugins/api/plugin.php fails to perform authorization checks and lacks file extension validation. An attacker with a valid API token can upload a malicious PHP script and...
CVE-2026-38329
Bludit CMS before version 3.18.4 allows Remote Code Execution RCE via the API Plugin. The POST /api/files/key endpoint in bl-plugins/api/plugin.php fails to perform authorization checks and lacks file extension validation. An attacker with a valid API token can upload a malicious PHP script and...
CodeIgniter4 has a validation bypass when uploading file extensions via `ext_in` rule
Impact The extin upload validation rule checked the MIME-derived guessed extension instead of the client-provided filename extension. As a result, an uploaded file named shell.php containing GIF-like content could pass validation such as:...
CVE-2026-6555
The ProSolution WP Client plugin for WordPress is vulnerable to Arbitrary File Upload in versions up to, and including, 2.0.0. This is due to an array validation mismatch where only the first file in the upload array undergoes extension and MIME type validation, while all files are processed and...
CVE-2026-46400
HAX CMS helps manage microsite universe with PHP or NodeJs backends. Starting in version 11.0.6 and prior to version 25.0.0, the file upload functionality in HAXCMS PHP only validates file extensions using a regex pattern without checking the actual file content or MIME type. This allows attacker...
CVE-2026-8134
Concrete CMS 9.5.0 and below fails to sanitize path traversal sequences in the ptComposerFormLayoutSetControlCustomTemplate field when saving page type composer form layouts. An authenticated rogue administrator with composer form editing rights can exploit this to include arbitrary readable file...
PT-2026-47040
Name of the Vulnerable Software and Affected Versions HAX CMS versions 11.0.6 through 24.x Description The file upload functionality in HAXCMS PHP validates file extensions using a regex pattern but fails to verify the actual file content or MIME type Multipurpose Internet Mail Extensions, a...
SOPlanning 代码问题漏洞
SOPlanning is a set of online project management software developed by SOPlanning Company. Versions of SOPlanning 1.55 and earlier had code vulnerabilities. These vulnerabilities stemmed from an unvalidated validation of file extensions during upload. This allowed authenticated attackers to uploa...
CVE-2026-8134
Concrete CMS 9.5.0 and earlier fails to sanitize path traversal in the ptComposerFormLayoutSetControlCustomTemplate field when saving page-type composer form layouts. An authenticated rogue administrator with composer form editing rights can cause arbitrary readable files to be included on the se...
Astra Linux – Vulnerability in Chromium
Insufficient data validation in Extensions in Google Chrome prior to 107.0.5304.62 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted Chrome extension. Chromium security severity: Low...
GHSA-69HX-63PV-F8F4 Ech0 has Stored XSS via SVG Upload and Content-Type Validation Bypass in File Upload
Summary The file upload endpoint validates Content-Type using only the client-supplied multipart header, with no server-side content inspection or file extension validation. Combined with an unauthenticated static file server that determines Content-Type from file extension, this allows an admin ...
VulnCheck KEV: CVE-2025-0520
An unrestricted file upload vulnerability in ShowDoc caused by improper validation of file extension allows execution of arbitrary PHP, leading to remote code execution.This issue affects ShowDoc: before 2.8.7...