Lucene search
K

20 matches found

Vulnrichment
Vulnrichment
added 2026/02/03 10:9 p.m.5 views

CVE-2020-37084 School ERP Pro 1.0 Admin Profile Photo Upload Remote Code Execution Vulnerability

School ERP Pro 1.0 contains a remote code execution vulnerability that allows authenticated admin users to upload arbitrary PHP files as profile photos by bypassing file extension checks. Attackers can exploit improper file validation in pre-editstudent.inc.php to execute arbitrary code on the...

8.6CVSS6.9AI score0.00814EPSS
Exploits1References4
CVE
CVE
added 2026/02/03 10:9 p.m.13 views

CVE-2020-37084

CVE-2020-37084 affects School ERP Pro 1.0. An authenticated administrator can upload arbitrary PHP files as profile photos by bypassing file extension checks, via improper validation in pre-editstudent.inc.php, enabling remote code execution on the server. The vulnerability is tied to the admin p...

8.6CVSS6.9AI score0.00814EPSS
Exploits1References4Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2024-54441

Malicious code in bioql PyPI...

9CVSS6.5AI score0.00638EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-29372

Malicious code in bioql PyPI...

9.8CVSS6.3AI score0.00685EPSS
Exploits1References5
OSV
OSV
added 2025/03/12 3:56 p.m.13 views

GHSA-3WGQ-H4FR-CWG5 laravel-crud-wizard-free has File Validation Bypass

Impact Medium Patches Version 3.4.17 fixes illuminate/validation v 8.0.0 to 11.44.0 Workarounds Register \MacropaySolutions\LaravelCrudWizard\Providers\ValidationServiceProvider instead of Illuminate\Validation\ValidationServiceProvider::class if you are using illuminate/validation 11.44.1...

6.9CVSS6.6AI score0.00685EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2025/03/12 3:56 p.m.21 views

laravel-crud-wizard-free has File Validation Bypass

Impact Medium Patches Version 3.4.17 fixes illuminate/validation v 8.0.0 to 11.44.0 Workarounds Register \MacropaySolutions\LaravelCrudWizard\Providers\ValidationServiceProvider instead of Illuminate\Validation\ValidationServiceProvider::class if you are using illuminate/validation 11.44.1...

9.8CVSS7AI score0.00685EPSS
Exploits1References5Affected Software1
RedhatCVE
RedhatCVE
added 2025/03/07 7:37 p.m.23 views

CVE-2025-27515

Laravel is a web application framework. When using wildcard validation to validate a given file or image field files., a user-crafted malicious request could potentially bypass the validation rules. This vulnerability is fixed in 11.44.1 and 12.1.1...

9.8CVSS7AI score0.00685EPSS
Exploits1References1
Snyk
Snyk
added 2025/03/05 7:41 p.m.4 views

Improper Neutralization

Overview Affected versions of this package are vulnerable to Improper Neutralization in Validator.php via wildcard validation for file or image fields, such as files.. This allows a user to bypass validation rules. Remediation Upgrade macropay-solutions/laravel-crud-wizard-free to version 3.4.17 ...

9.8CVSS6.8AI score0.00685EPSS
Exploits1References2
Snyk
Snyk
added 2025/03/05 7:41 p.m.4 views

Improper Neutralization

Overview laravel/framework is a PHP framework for web artisans. Affected versions of this package are vulnerable to Improper Neutralization in Validator.php via wildcard validation for file or image fields, such as files.. This allows a user to bypass validation rules. Remediation Upgrade...

9.8CVSS6.9AI score0.00685EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2025/03/05 7:9 p.m.120 views

Laravel has a File Validation Bypass

When using wildcard validation to validate a given file or image field array files., a user-crafted malicious request could potentially bypass the validation rules...

9.8CVSS7.1AI score0.00685EPSS
Exploits1References5Affected Software1
Veracode
Veracode
added 2024/03/22 5:23 a.m.11 views

File Validation Bypass

ibexa/core is vulnerable to File Validation Bypass. The vulnerability is due to inadequate file type validation within the validate function in FileExtensionBlackListValidator.php. When attempting to publish content with rejected file types, the validation fails which does prevent publication, bu...

7AI score
Exploits0
OSV
OSV
added 2023/05/07 3:30 a.m.2 views

GHSA-R3XC-PRGR-MG9P Django bypasses validation when using one form field to upload multiple files

In Django 3.2 before 3.2.19, 4.x before 4.1.9, and 4.2 before 4.2.1, it was possible to bypass validation when using one form field to upload multiple files. This multiple upload has never been supported by forms.FileField or forms.ImageField only the last uploaded file was validated. However,...

9.8CVSS5.8AI score0.0138EPSS
Exploits0References12
WPVulnDB
WPVulnDB
added 2023/04/04 12:0 a.m.18 views

Zyrex Popup < 1.1 - Admin+ Arbitrary File Upload

The plugin does not validate the type of files uploaded when creating a popup, allowing a high privileged user such as an Administrator to upload arbitrary files, even when modifying the file system is disallowed, such as in a multisite install. PoC Create a new popup by filling in anything in th...

7.2CVSS9AI score0.00962EPSS
Exploits2Affected Software1
Veracode
Veracode
added 2023/03/02 5:0 a.m.53 views

Arbitrary File Upload

encore/laravel-admin is vulnerable to Arbitrary File Upload. The vulnerability exists because the library does not properly validate files uploaded, allowing an attacker to bypass the file upload restrictions by uploading a malicious .php file...

7.2CVSS6.8AI score0.02382EPSS
Exploits3References5Affected Software1
WPVulnDB
WPVulnDB
added 2022/11/28 12:0 a.m.17 views

JobBoardWP < 1.2.2 - Unauthenticated Arbitrary File Upload

The plugin does not properly validate file names and types in its file upload functionalities, allowing unauthenticated users to upload arbitrary files such as PHP. PoC Setup: 1. Install the vulnerable plugin jobboardwp version 1.2.1 2. In the toast message that appears on the plugin's...

7.5CVSS2.3AI score0.01354EPSS
Exploits2Affected Software1
OSV
OSV
added 2022/05/25 7:21 p.m.1 views

GHSA-279P-PC38-XX4P JFinal file validation vulnerability

In JFinal cos before 2019-08-13, as used in JFinal 4.4, there is a vulnerability that can bypass the isSafeFile function: one can upload any type of file. For example, a .jsp file may be stored and almost immediately deleted, but this deletion step does not occur for certain exceptions...

7.5CVSS5.8AI score0.01743EPSS
Exploits1References5
OSV
OSV
added 2022/02/11 4:15 p.m.6 views

UBUNTU-CVE-2020-13675

Drupal's JSON:API and REST/File modules allow file uploads through their HTTP APIs. The modules do not correctly run all file validation, which causes an access bypass vulnerability. An attacker might be able to upload files that bypass the file validation process implemented by modules on the si...

9.8CVSS7.2AI score0.01217EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2022/01/14 8:15 p.m.9 views

CVE-2022-22531

The F0743 Create Single Payment application of SAP S/4HANA - versions 100, 101, 102, 103, 104, 105, 106, does not check uploaded or downloaded files. This allows an attacker with basic user rights to run arbitrary script code, resulting in sensitive information being disclosed or modified...

8.1CVSS7.3AI score0.00849EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2021/09/15 3:22 p.m.3 views

DRUPAL-CORE-2021-008

Drupal's JSON:API and REST/File modules allow file uploads through their HTTP APIs. The modules do not correctly run all file validation, which causes an access bypass vulnerability. An attacker might be able to upload files that bypass the file validation process implemented by modules on the...

9.8CVSS7AI score0.01217EPSS
Exploits0References1
Packet Storm
Packet Storm
added 2011/03/07 12:0 a.m.26 views

Automne 4.1.0 Race Condition

// ------------------------------------------------------------------------ // Software................Automne 4.1.0 // Vulnerability...........Race Condition // Threat Level............Very Critical 5/5 // Download................http://en.automne-cms.org/ // Release Date............3/2/2011 //...

7.4AI score
Exploits0
Rows per page
Query Builder