Lucene search
K

39 matches found

ATTACKERKB
ATTACKERKB
added 2025/12/17 9:29 p.m.4 views

CVE-2025-68109

ChurchCRM is an open-source church management system. In versions prior to 6.5.3, the Database Restore functionality does not validate the content or file extension of uploaded files. As a result, an attacker can upload a web shell file and subsequently upload a .htaccess file to enable direct...

9.1CVSS6.4AI score0.01381EPSS
Exploits3References3Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2019-6592

Malware in sbrugna...

7.5CVSS7.6AI score0.01205EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 5:10 a.m.9 views

CVE-2023-50982

Stud.IP 5.x through 5.3.3 allows XSS with resultant upload of executable files, because uploadaction and editaction in AdminSmileysController do not check the file extension. This leads to remote code execution with the privileges of the www-data user. The fixed versions are 5.3.4, 5.2.6, 5.1.7,...

9CVSS7.1AI score0.01286EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:9 a.m.4 views

CVE-2019-14924

An issue was discovered in GCDWebServer before 3.5.3. The method moveItem in the GCDWebUploader class checks the FileExtension of newAbsolutePath but not oldAbsolutePath. By leveraging this vulnerability, an adversary can make an inaccessible file be available the credential of the app, for...

7.5CVSS6.9AI score0.02034EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:9 a.m.5 views

CVE-2017-11178

In FineCMS through 2017-07-11, application/core/controller/style.php allows remote attackers to write to arbitrary files via the contents and filename parameters in a route=style action. For example, this can be used to overwrite a .php file because the file extension is not checked...

7.5CVSS7.7AI score0.00529EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:14 a.m.11 views

CVE-2015-7309

The theme editor in Bolt before 2.2.5 does not check the file extension when renaming files, which allows remote authenticated users to execute arbitrary code by renaming a crafted file and then directly accessing it...

6.5CVSS7.5AI score0.38611EPSS
Exploits2References1
CNNVD
CNNVD
added 2025/04/08 12:0 a.m.6 views

DNN 安全漏洞

DNN aka DotNetNuke is a Microsoft-supported, open-source content management system CMS based on the ASP.NET platform from the U.S. company DNN. The system is easy to install, scalable and feature-rich. A security vulnerability exists in DNN versions prior to 9.13.2, which stems from the fact that...

7.5CVSS6.6AI score0.00165EPSS
Exploits0References3
CVE
CVE
added 2024/09/27 12:0 a.m.35 views

CVE-2024-46441

CVE-2024-46441 affects YPay 1.2.0. The vulnerability arises from an arbitrary file upload where ZIP archives are processed by themePutFile (app/common/util/Upload.php) called from app/admin/controller/ypay/Home.php, with the uncompressed file extension not being checked. Impact stated is arbitrar...

8.8CVSS8.1AI score0.00587EPSS
Exploits0References1
Prion
Prion
added 2023/02/02 1:15 p.m.22 views

Design/Logic Flaw

An issue in Tecrail Responsive FileManager v9.9.5 and below allows attackers to bypass the file extension check mechanism and upload a crafted PHP file, leading to arbitrary code execution...

6.5CVSS8.9AI score0.08627EPSS
Exploits5References4Affected Software1
NVD
NVD
added 2021/06/14 2:15 p.m.50 views

CVE-2021-24347

The SP Project & Document Manager WordPress plugin before 4.22 allows users to upload files, however, the plugin attempts to prevent php and other similar files that could be executed on the server from being uploaded by checking the file extension. It was discovered that php files could still be...

8.8CVSS0.52007EPSS
Exploits8References3
Exploit DB
Exploit DB
added 2020/04/27 12:0 a.m.326 views

PHP-Fusion 9.03.50 - 'Edit Profile' Arbitrary File Upload

Exploit Title: PHP-Fusion 9.03.50 - 'Edit Profile' Arbitrary File Upload Date: 2020-04-24 Author: Besim ALTINOK Vendor Homepage: https://www.php-fusion.co.uk/home.php Software Link: https://sourceforge.net/projects/php-fusion/files/PHP-Fusion%20Archives/9.x/PHP-Fusion%209.03.50.zip/download...

7.4AI score
Exploits0
CVE
CVE
added 2017/10/12 8:0 a.m.65 views

CVE-2017-15285

X-Cart 5.2.23, 5.3.1.9, 5.3.2.13, and 5.3.3 are vulnerable to Remote Code Execution due to improper validation of uploaded file extensions before saving locally. The issue can be exploited by anyone with Vendor access or higher by uploading an image file in a product catalog attachment, then uplo...

8.8CVSS8.8AI score0.02072EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2017/07/17 1:18 p.m.16 views

CVE-2017-1000002

ATutor versions 2.2.1 and earlier are vulnerable to a directory traversal and file extension check bypass in the Course component resulting in code execution. ATutor versions 2.2.1 and earlier are vulnerable to a directory traversal vulnerability in the Course Icon component resulting in...

9.8CVSS7AI score
Exploits0References3
CVE
CVE
added 2017/07/13 8:0 p.m.49 views

CVE-2017-1000002

CVE-2017-1000002 affects ATutor

9.8CVSS9.3AI score0.30833EPSS
Exploits0References3Affected Software1
0day.today
0day.today
added 2017/05/31 12:0 a.m.47 views

OV3 Online Administration 3.0 - Remote Code Execution Vulnerability

Exploit for php platform in category web applications !-- OV3 Online Administration 3.0 Authenticated Code Execution Vendor: novaCapta Software & Consulting GmbH Product web page: http://www.meacon.de Affected version: 3.0 Summary: With the decision to use the OV3 as a platform for your data...

7.1AI score
Exploits0
Exploit DB
Exploit DB
added 2016/07/06 12:0 a.m.19 views

PaKnPost Pro 1.14 - Multiple Vulnerabilities

Exploit Title: PaKnPost Pro Arbitrary File Upload & Remote Code Execution Date: 2016-07-06 Product: PaKnPost Pro Vendor Homepage: http://www.paknpost.org Software Link: https://sourceforge.net/projects/paknpost/ Version: =1.14 Tested on: Windows, Linux Exploit Authors: Edvin Rustemagic, Grega...

7.4AI score
Exploits0
0day.today
0day.today
added 2016/07/06 12:0 a.m.16 views

PaKnPost Pro 1.14 - Multiple Vulnerabilities

Exploit for php platform in category web applications Exploit Title: PaKnPost Pro Arbitrary File Upload & Remote Code Execution Date: 2016-07-06 Product: PaKnPost Pro Vendor Homepage: http://www.paknpost.org Software Link: https://sourceforge.net/projects/paknpost/ Version: =1.14 Tested on:...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/05/12 12:0 a.m.19 views

蝉知CMS5.3 CRSF getshell

简要描述: 蝉知CMS5.3 CRSF getshell 详细说明: /system/module/package/control.php public function upload$type = 'extension' $this-view-canManage = array'result' = 'success'; if!$this-loadModel'guarder'-verify $this-view-canManage = $this-loadModel'common'-verifyAdmin; if$SERVER'REQUESTMETHOD' == 'POST'...

7AI score
Exploits0
exploitpack
exploitpack
added 2015/04/21 12:0 a.m.71 views

GoAutoDial CE 3.3-1406088000 - Authentication Bypass Arbitrary File Upload Command Injection

GoAutoDial CE 3.3-1406088000 - Authentication Bypass Arbitrary File Upload Command Injection Affected software: GoAutoDial Affected version: 3.3-1406088000 GoAdmin and previous releases of GoAutodial 3.3 Associated CVEs: CVE-2015-2842, CVE-2015-2843, CVE-2015-2844, CVE-2015-2845 Vendor advisory:...

10CVSS1.2AI score0.71687EPSS
Exploits11
myhack58
myhack58
added 2015/03/06 12:0 a.m.24 views

Malware cleanup to Gravity Forms arbitrary file upload-vulnerability warning-the black bar safety net

Regular malware detection cleanup process, we encountered one case of infection, caused our attention. Our environment does not have any special or fancy stuff, just updated wordpress and 3 expired plug-in; this situation is quite reasonable. The processing process ends, the environment is clean...

6.9AI score
Exploits0
Rows per page
Query Builder