15 matches found
EUVD-2026-23702
A security vulnerability has been detected in Collabora KodExplorer up to 4.52. Affected by this issue is some unknown functionality of the file /app/controller/share.class.php of the component fileUpload Endpoint. The manipulation of the argument fileUpload leads to improper authorization. Remot...
CVE-2026-6572
A security vulnerability has been detected in Collabora KodExplorer up to 4.52. Affected by this issue is some unknown functionality of the file /app/controller/share.class.php of the component fileUpload Endpoint. The manipulation of the argument fileUpload leads to improper authorization. Remot...
CVE-2023-7330
Ruijie NBR series routers contain an unauthenticated arbitrary file upload vulnerability via /ddi/server/fileupload.php. The endpoint accepts attacker-supplied values in the name and uploadDir parameters and saves the provided multipart file content without adequate validation or sanitization of...
CVE-2023-7330 Ruijie Networks NBR Routers Unauthenticated Arbitrary File Upload via fileupload.php
Ruijie NBR series routers contain an unauthenticated arbitrary file upload vulnerability via /ddi/server/fileupload.php. The endpoint accepts attacker-supplied values in the name and uploadDir parameters and saves the provided multipart file content without adequate validation or sanitization of...
CVE-2023-7330
CVE-2023-7330 affects Ruijie NBR series routers. An unauthenticated arbitrary file upload vulnerability exists via /ddi/server/fileupload.php where attacker-controlled values in the name and uploadDir parameters are accepted and the multipart file content is saved without proper validation or san...
VulnCheck KEV: CVE-2023-7330
Ruijie NBR series routers contain an unauthenticated arbitrary file upload vulnerability via /ddi/server/fileupload.php. The endpoint accepts attacker-supplied values in the name and uploadDir parameters and saves the provided multipart file content without adequate validation or sanitization of...
CVE-2025-27224
TRUfusion Enterprise through 7.10.4.0 uses the /trufusionPortal/fileupload endpoint to upload files. However, the application doesn't properly sanitize the input to this endpoint, ultimately allowing path traversal sequences to be included. This can be used to write to any filename with any file...
CVE-2025-27224
TRUfusion Enterprise through 7.10.4.0 uses the /trufusionPortal/fileupload endpoint to upload files. However, the application doesn't properly sanitize the input to this endpoint, ultimately allowing path traversal sequences to be included. This can be used to write to any filename with any file...
CVE-2025-27224
TRUfusion Enterprise (versions up to 7.10.4.0) is affected by insecure handling of the /trufusionPortal/fileupload endpoint, where input is not properly sanitized, enabling path traversal sequences to write arbitrary files anywhere on the local server and potentially execute code. Root cause: ins...
EUVD-2025-36212
TRUfusion Enterprise through 7.10.4.0 uses the /trufusionPortal/fileupload endpoint to upload files. However, the application doesn't properly sanitize the input to this endpoint, ultimately allowing path traversal sequences to be included. This can be used to write to any filename with any file...
PT-2025-43987
Name of the Vulnerable Software and Affected Versions TRUfusion Enterprise versions through 7.10.4.0 Description The application does not properly sanitize input to the /trufusionPortal/fileupload endpoint, allowing path traversal sequences to be included. This can allow writing to any filename...
CVE-2025-27224
TRUfusion Enterprise through 7.10.4.0 uses the /trufusionPortal/fileupload endpoint to upload files. However, the application doesn't properly sanitize the input to this endpoint, ultimately allowing path traversal sequences to be included. This can be used to write to any filename with any file...
PT-2024-26527 · Unknown · Farcry Core
Name of the Vulnerable Software and Affected Versions: FarCry Core framework versions prior to 7.2.14 Description: The issue allows attackers to execute arbitrary code via uploading a crafted .cfm file to the /fileupload/upload.cfm endpoint. Recommendations: For versions prior to 7.2.14, update t...
PT-2024-27878 · Vesystem · Vesystem Cloud Desktop
Name of the Vulnerable Software and Affected Versions: Vesystem Cloud Desktop versions up to 20240408 Description: A critical vulnerability was found in Vesystem Cloud Desktop, affecting the file /Public/webuploader/0.1.5/server/fileupload.php. The manipulation of the file argument leads to...
PT-2022-2322 · Wso2 · Wso2 Identity Server Analytics +5
Name of the Vulnerable Software and Affected Versions: WSO2 API Manager versions 2.2.0 through 4.0.0 WSO2 Identity Server versions 5.2.0 through 5.11.0 WSO2 Identity Server Analytics versions 5.4.0, 5.4.1, 5.5.0, and 5.6.0 WSO2 Identity Server as Key Manager versions 5.3.0 through 5.11.0 WSO2...