Lucene search
K

7 matches found

EUVD
EUVD
added 2026/06/15 9:30 p.m.7 views

EUVD-2026-36757

Bludit CMS before version 3.18.4 allows Remote Code Execution RCE via the API Plugin. The POST /api/files/key endpoint in bl-plugins/api/plugin.php fails to perform authorization checks and lacks file extension validation. An attacker with a valid API token can upload a malicious PHP script and...

6.2AI score0.00627EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.15 views

PT-2026-49297

Bludit CMS before version 3.18.4 allows Remote Code Execution RCE via the API Plugin. The POST /api/files/key endpoint in bl-plugins/api/plugin.php fails to perform authorization checks and lacks file extension validation. An attacker with a valid API token can upload a malicious PHP script and...

6.3AI score0.00627EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-26521

Malicious code in bioql PyPI...

9.1CVSS6.4AI score0.00446EPSS
Exploits1References1
CNVD
CNVD
added 2025/09/05 12:0 a.m.4 views

Online Shopping Portal File Upload Vulnerability

Online Shopping Portal is an online store. A file upload vulnerability exists in Online Shopping Portal, which stems from a lack of extension validation in /admin/insert-product.php, and can be exploited by an attacker to cause arbitrary file uploads...

9.1CVSS7AI score0.00446EPSS
Exploits1References1
NVD
NVD
added 2025/09/03 3:15 p.m.4 views

CVE-2025-57148

phpgurukul Online Shopping Portal 2.0 is vulnerable to Arbitrary File Upload in /admin/insert-product.php, due to the lack of extension validation...

9.1CVSS0.00446EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/09/03 12:0 a.m.2 views

CVE-2025-57148

phpgurukul Online Shopping Portal 2.0 is vulnerable to Arbitrary File Upload in /admin/insert-product.php, due to the lack of extension validation...

6.4AI score0.00446EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/09/03 12:0 a.m.8 views

CVE-2025-57148

phpgurukul Online Shopping Portal 2.0 is vulnerable to Arbitrary File Upload in /admin/insert-product.php, due to the lack of extension validation...

0.00446EPSS
Exploits1References2
Rows per page
Query Builder