Lucene search
K

7 matches found

NVD
NVD
added 2023/12/31 3:15 a.m.17 views

CVE-2023-52275

Gallery3d on Tecno Camon X CA7 devices allows attackers to view hidden images by navigating to data/com.android.gallery3d/.privatealbum/.encryptfiles and guessing the correct image file extension...

2.1CVSS0.00281EPSS
Exploits1References2
Prion
Prion
added 2023/12/31 3:15 a.m.19 views

Design/Logic Flaw

Gallery3d on Tecno Camon X CA7 devices allows attackers to view hidden images by navigating to data/com.android.gallery3d/.privatealbum/.encryptfiles and guessing the correct image file extension...

1.7CVSS7.2AI score0.00281EPSS
Exploits1References2
Prion
Prion
added 2022/03/21 7:15 p.m.22 views

Spoofing

The Amelia WordPress plugin before 1.0.47 stores image blobs into actual files whose extension is controlled by the user, which may lead to PHP backdoors being uploaded onto the site. This vulnerability can be exploited by logged-in users with the custom "Amelia Manager" role...

6.5CVSS8.6AI score0.01439EPSS
Exploits2References1Affected Software1
Metasploit
Metasploit
added 2019/03/19 10:48 p.m.41 views

CMS Made Simple (CMSMS) Showtime2 File Upload RCE

This module exploits a File Upload vulnerability that lead in a RCE in Showtime2 module "CMS Made Simple CMSMS Showtime2 File Upload RCE", 'Description' = %q This module exploits a File Upload vulnerability that lead in a RCE in Showtime2 module = 3.6.2 in CMS Made Simple CMSMS. An authenticated...

6.5CVSS6.8AI score0.45896EPSS
Exploits7
Prion
Prion
added 2019/03/11 6:29 p.m.16 views

Code injection

class.showtime2image.php in CMS Made Simple CMSMS before 2.2.10 does not ensure that a watermark file has a standard image file extension GIF, JPG, JPEG, or PNG...

4CVSS6.4AI score0.45896EPSS
Exploits7References6Affected Software1
NVD
NVD
added 2019/03/06 12:29 a.m.21 views

CVE-2019-9581

phpscheduleit Booked Scheduler 2.7.5 allows arbitrary file upload via the Favicon field, leading to execution of arbitrary Web/custom-favicon.php PHP code, because Presenters/Admin/ManageThemePresenter.php does not ensure an image file extension...

8.8CVSS8.9AI score0.1349EPSS
Exploits4References4
Prion
Prion
added 2019/03/06 12:29 a.m.11 views

Default credentials

phpscheduleit Booked Scheduler 2.7.5 allows arbitrary file upload via the Favicon field, leading to execution of arbitrary Web/custom-favicon.php PHP code, because Presenters/Admin/ManageThemePresenter.php does not ensure an image file extension...

6.5CVSS8.8AI score0.1349EPSS
Exploits4References4Affected Software1
Rows per page
Query Builder