7 matches found
EUVD-2026-36757
Bludit CMS before version 3.18.4 allows Remote Code Execution RCE via the API Plugin. The POST /api/files/key endpoint in bl-plugins/api/plugin.php fails to perform authorization checks and lacks file extension validation. An attacker with a valid API token can upload a malicious PHP script and...
PT-2026-49297
Bludit CMS before version 3.18.4 allows Remote Code Execution RCE via the API Plugin. The POST /api/files/key endpoint in bl-plugins/api/plugin.php fails to perform authorization checks and lacks file extension validation. An attacker with a valid API token can upload a malicious PHP script and...
EUVD-2025-26521
Malicious code in bioql PyPI...
Online Shopping Portal File Upload Vulnerability
Online Shopping Portal is an online store. A file upload vulnerability exists in Online Shopping Portal, which stems from a lack of extension validation in /admin/insert-product.php, and can be exploited by an attacker to cause arbitrary file uploads...
CVE-2025-57148
phpgurukul Online Shopping Portal 2.0 is vulnerable to Arbitrary File Upload in /admin/insert-product.php, due to the lack of extension validation...
CVE-2025-57148
phpgurukul Online Shopping Portal 2.0 is vulnerable to Arbitrary File Upload in /admin/insert-product.php, due to the lack of extension validation...
CVE-2025-57148
phpgurukul Online Shopping Portal 2.0 is vulnerable to Arbitrary File Upload in /admin/insert-product.php, due to the lack of extension validation...