11 matches found
EUVD-2024-2207
Malicious code in bioql PyPI...
EUVD-2022-24834
Malicious code in bioql PyPI...
EUVD-2022-37451
Malicious code in bioql PyPI...
PT-2025-30936 · Unknown · Code-Projects Document Management System
Name of the Vulnerable Software and Affected Versions: code-projects Document Management System version 1.0 Description: A critical issue has been found in code-projects Document Management System that allows for unrestricted file upload through manipulation of the uploaded file argument in the...
CVE-2025-53891
The CVE-2025-53891 entry affects the TIME LINE website (repository: timelineofficial/Time-Line-) where uploaded files (instruction/media) are not strictly validated for type/size. The root cause is insufficient validation, allowing renamed or oversized files that can cause malicious file uploads,...
PT-2025-27385 · Sourcecodester · Sourcecodester Simple Company Website
Name of the Vulnerable Software and Affected Versions: SourceCodester Simple Company Website version 1.0 Description: A critical issue has been found in the processing of the file /classes/Users.php?f=save, allowing for unrestricted upload through the manipulation of the img argument. This issue...
CVE-2024-46054
OpenVidReview 1.0 is vulnerable to Incorrect Access Control. The /upload route is accessible without authentication, allowing any user to upload files...
CVE-2020-13241
Microweber 1.1.18 allows Unrestricted File Upload because admin/view:modules/loadmodule:usersedit-user=1 does not verify that the file extension used with the Add Image option on the Edit User screen corresponds to an image file...
PT-2025-17003 · Unknown · Aidraw I Draw
Name of the Vulnerable Software and Affected Versions: aidraw I Draw versions n/a through 1.0 Description: The issue allows for the unrestricted upload of files with dangerous types, enabling the use of malicious files. Recommendations: For versions n/a through 1.0, consider restricting file...
CVE-2024-23822 Thruk Incorrect limitation of a pathname to a restricted directory (Path Traversal) (CWE-22)
Thruk is a multibackend monitoring webinterface. Prior to 3.12, the Thruk web monitoring application presents a vulnerability in a file upload form that allows a threat actor to arbitrarily upload files to the server to any path they desire and have permissions for. This vulnerability is known as...
PHP 3.0.x/4.x - Move_Uploaded_File open_basedir Circumvention
source: https://www.securityfocus.com/bid/4325/info PHP is a server side scripting language, designed to be embedded within HTML files. It is available for Windows, Linux, and many Unix based operating systems. It is commonly used for web development, and is very widely deployed. It has been...