7 matches found
CVE-2023-52275
Gallery3d on Tecno Camon X CA7 devices allows attackers to view hidden images by navigating to data/com.android.gallery3d/.privatealbum/.encryptfiles and guessing the correct image file extension...
Design/Logic Flaw
Gallery3d on Tecno Camon X CA7 devices allows attackers to view hidden images by navigating to data/com.android.gallery3d/.privatealbum/.encryptfiles and guessing the correct image file extension...
Spoofing
The Amelia WordPress plugin before 1.0.47 stores image blobs into actual files whose extension is controlled by the user, which may lead to PHP backdoors being uploaded onto the site. This vulnerability can be exploited by logged-in users with the custom "Amelia Manager" role...
CMS Made Simple (CMSMS) Showtime2 File Upload RCE
This module exploits a File Upload vulnerability that lead in a RCE in Showtime2 module "CMS Made Simple CMSMS Showtime2 File Upload RCE", 'Description' = %q This module exploits a File Upload vulnerability that lead in a RCE in Showtime2 module = 3.6.2 in CMS Made Simple CMSMS. An authenticated...
Code injection
class.showtime2image.php in CMS Made Simple CMSMS before 2.2.10 does not ensure that a watermark file has a standard image file extension GIF, JPG, JPEG, or PNG...
CVE-2019-9581
phpscheduleit Booked Scheduler 2.7.5 allows arbitrary file upload via the Favicon field, leading to execution of arbitrary Web/custom-favicon.php PHP code, because Presenters/Admin/ManageThemePresenter.php does not ensure an image file extension...
Default credentials
phpscheduleit Booked Scheduler 2.7.5 allows arbitrary file upload via the Favicon field, leading to execution of arbitrary Web/custom-favicon.php PHP code, because Presenters/Admin/ManageThemePresenter.php does not ensure an image file extension...