20 matches found
CVE-2020-37084 School ERP Pro 1.0 Admin Profile Photo Upload Remote Code Execution Vulnerability
School ERP Pro 1.0 contains a remote code execution vulnerability that allows authenticated admin users to upload arbitrary PHP files as profile photos by bypassing file extension checks. Attackers can exploit improper file validation in pre-editstudent.inc.php to execute arbitrary code on the...
CVE-2020-37084
CVE-2020-37084 affects School ERP Pro 1.0. An authenticated administrator can upload arbitrary PHP files as profile photos by bypassing file extension checks, via improper validation in pre-editstudent.inc.php, enabling remote code execution on the server. The vulnerability is tied to the admin p...
EUVD-2024-54441
Malicious code in bioql PyPI...
EUVD-2025-29372
Malicious code in bioql PyPI...
GHSA-3WGQ-H4FR-CWG5 laravel-crud-wizard-free has File Validation Bypass
Impact Medium Patches Version 3.4.17 fixes illuminate/validation v 8.0.0 to 11.44.0 Workarounds Register \MacropaySolutions\LaravelCrudWizard\Providers\ValidationServiceProvider instead of Illuminate\Validation\ValidationServiceProvider::class if you are using illuminate/validation 11.44.1...
laravel-crud-wizard-free has File Validation Bypass
Impact Medium Patches Version 3.4.17 fixes illuminate/validation v 8.0.0 to 11.44.0 Workarounds Register \MacropaySolutions\LaravelCrudWizard\Providers\ValidationServiceProvider instead of Illuminate\Validation\ValidationServiceProvider::class if you are using illuminate/validation 11.44.1...
CVE-2025-27515
Laravel is a web application framework. When using wildcard validation to validate a given file or image field files., a user-crafted malicious request could potentially bypass the validation rules. This vulnerability is fixed in 11.44.1 and 12.1.1...
Improper Neutralization
Overview Affected versions of this package are vulnerable to Improper Neutralization in Validator.php via wildcard validation for file or image fields, such as files.. This allows a user to bypass validation rules. Remediation Upgrade macropay-solutions/laravel-crud-wizard-free to version 3.4.17 ...
Improper Neutralization
Overview laravel/framework is a PHP framework for web artisans. Affected versions of this package are vulnerable to Improper Neutralization in Validator.php via wildcard validation for file or image fields, such as files.. This allows a user to bypass validation rules. Remediation Upgrade...
Laravel has a File Validation Bypass
When using wildcard validation to validate a given file or image field array files., a user-crafted malicious request could potentially bypass the validation rules...
File Validation Bypass
ibexa/core is vulnerable to File Validation Bypass. The vulnerability is due to inadequate file type validation within the validate function in FileExtensionBlackListValidator.php. When attempting to publish content with rejected file types, the validation fails which does prevent publication, bu...
GHSA-R3XC-PRGR-MG9P Django bypasses validation when using one form field to upload multiple files
In Django 3.2 before 3.2.19, 4.x before 4.1.9, and 4.2 before 4.2.1, it was possible to bypass validation when using one form field to upload multiple files. This multiple upload has never been supported by forms.FileField or forms.ImageField only the last uploaded file was validated. However,...
Zyrex Popup < 1.1 - Admin+ Arbitrary File Upload
The plugin does not validate the type of files uploaded when creating a popup, allowing a high privileged user such as an Administrator to upload arbitrary files, even when modifying the file system is disallowed, such as in a multisite install. PoC Create a new popup by filling in anything in th...
Arbitrary File Upload
encore/laravel-admin is vulnerable to Arbitrary File Upload. The vulnerability exists because the library does not properly validate files uploaded, allowing an attacker to bypass the file upload restrictions by uploading a malicious .php file...
JobBoardWP < 1.2.2 - Unauthenticated Arbitrary File Upload
The plugin does not properly validate file names and types in its file upload functionalities, allowing unauthenticated users to upload arbitrary files such as PHP. PoC Setup: 1. Install the vulnerable plugin jobboardwp version 1.2.1 2. In the toast message that appears on the plugin's...
GHSA-279P-PC38-XX4P JFinal file validation vulnerability
In JFinal cos before 2019-08-13, as used in JFinal 4.4, there is a vulnerability that can bypass the isSafeFile function: one can upload any type of file. For example, a .jsp file may be stored and almost immediately deleted, but this deletion step does not occur for certain exceptions...
UBUNTU-CVE-2020-13675
Drupal's JSON:API and REST/File modules allow file uploads through their HTTP APIs. The modules do not correctly run all file validation, which causes an access bypass vulnerability. An attacker might be able to upload files that bypass the file validation process implemented by modules on the si...
CVE-2022-22531
The F0743 Create Single Payment application of SAP S/4HANA - versions 100, 101, 102, 103, 104, 105, 106, does not check uploaded or downloaded files. This allows an attacker with basic user rights to run arbitrary script code, resulting in sensitive information being disclosed or modified...
DRUPAL-CORE-2021-008
Drupal's JSON:API and REST/File modules allow file uploads through their HTTP APIs. The modules do not correctly run all file validation, which causes an access bypass vulnerability. An attacker might be able to upload files that bypass the file validation process implemented by modules on the...
Automne 4.1.0 Race Condition
// ------------------------------------------------------------------------ // Software................Automne 4.1.0 // Vulnerability...........Race Condition // Threat Level............Very Critical 5/5 // Download................http://en.automne-cms.org/ // Release Date............3/2/2011 //...