CVE-2026-7733 funadmin Frontend Chunked Upload Endpoint UploadService.php chunkUpload unrestricted upload

A flaw has been found in funadmin up to 7.1.0-rc6. This affects the function UploadService::chunkUpload of the file app/common/service/UploadService.php of the component Frontend Chunked Upload Endpoint. This manipulation of the argument File causes unrestricted upload. The attack is possible to ...

FunAdmin 访问控制错误漏洞

FunAdmin is an open-source backend development system developed using ThinkPHP6 and Layui. Versions of FunAdmin 7.1.0-rc6 and earlier contain an access control vulnerability. This vulnerability stems from the UploadService::chunkUpload function in the Frontend Chunked Upload Endpoint, where the...

Cross-site scripting (XSS) from unsanitized uploaded SVG files in Kirby

Impact An editor with write access to the Kirby Panel can upload an SVG or XML file that contains harmful content like tags. The direct link to that file can be sent to other users or visitors of the site. If the victim opens that link in a browser where they are logged in to Kirby, the script wi...

TPshop open source mall file upload vulnerabilities exist in the foreground

TPshop open source mall is developed with the latest version of ThinkPHP shop mall. TPshop open source mall front-end file upload vulnerability. Allow attackers to upload webshell, get server privileges...

Wordpress Frontend Upload插件任意文件上传漏洞

No description provided by source. Exploit Title: Frontend Upload Wordpress Plugin - File Arbitrary Upload Date: 10/02/2014 Author: Daniel Godoy Author Mail: DanielGodoyatGobiernoFederaldotcom Author Web: www.delincuentedigital.com.ar Software: Frontend Upload...

Wordpress Frontend Upload Plugin - Arbitrary File Upload Vulnerability

Exploit for php platform in category web applications Exploit Title: Frontend Upload Wordpress Plugin - File Arbitrary Upload Date: 10/02/2014 Author: Daniel Godoy Author Mail: DanielGodoyatGobiernoFederaldotcom Author Web: www.delincuentedigital.com.ar Software: Frontend Upload...

WordPress Plugin Frontend Upload - Arbitrary File Upload

WordPress Plugin Frontend Upload - Arbitrary File Upload Exploit Title: Frontend Upload Wordpress Plugin - File Arbitrary Upload Date: 10/02/2014 Author: Daniel Godoy Author Mail: DanielGodoyatGobiernoFederaldotcom Author Web: www.delincuentedigital.com.ar Software: Frontend Upload...

WordPress Frontend Upload Plugin - Arbitrary File Upload

Frontend Upload plugin is prone to an arbitrary file upload vulnerability. It allows an attacker to upload arbitrary files to the affected computer. Solution Upgrade the plugin...

WordPress Plugin Frontend Upload - Arbitrary File Upload

Exploit Title: Frontend Upload Wordpress Plugin - File Arbitrary Upload Date: 10/02/2014 Author: Daniel Godoy Author Mail: DanielGodoyatGobiernoFederaldotcom Author Web: www.delincuentedigital.com.ar Software: Frontend Upload...