3 matches found
CVE-2020-13774
An unrestricted file-upload issue in EditLaunchPadDialog.aspx in Ivanti Endpoint Manager 2019.1 and 2020.1 allows an authenticated attacker to gain remote code execution by uploading a malicious aspx file. The issue is caused by insufficient file extension validation and insecure file operations ...
CVE-2019-7669
Prima Systems FlexAir, Versions 2.3.38 and prior. Improper validation of file extensions when uploading files could allow a remote authenticated attacker to upload and execute malicious applications within the application’s web root with root privileges...
BlackCat CMS File Upload Vulnerability
BlackCat CMS is a content management system CMS based on PHP5 and HTML5 developed by Black Cat team. A security vulnerability exists in BlackCat CMS version 1.2.2, which stems from the program's failure to validate file extensions. The vulnerability can be exploited to upload files with extension...