Lucene search
K

292 matches found

Positive Technologies
Positive Technologies
added 2025/12/12 12:0 a.m.5 views

PT-2025-50836

The Paypal Payment Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'buttom image' parameter of the paypal-shortcode shortcode in all versions up to, and including, 1.01 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS5.1AI score0.00188EPSS
Exploits0References6
CNNVD
CNNVD
added 2025/12/11 12:0 a.m.3 views

SourceCodester Real Estate Property Listing App 安全漏洞

SourceCodester Real Estate Property Listing App is an open source real estate listing application from SourceCodester. A security vulnerability exists in version 1.0 of the SourceCodester Real Estate Property Listing App, which stems from an incorrect manipulation of the parameter image in file...

7.2CVSS5AI score0.00384EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2025/12/11 12:0 a.m.6 views

PT-2025-50647

Name of the Vulnerable Software and Affected Versions SourceCodester Real Estate Property Listing App version 1.0 Description A flaw exists in SourceCodester Real Estate Property Listing App version 1.0 that allows for unrestricted file uploads. This is due to manipulation of the image argument...

5.8CVSS4.6AI score0.00384EPSS
Exploits1References7
OSV
OSV
added 2025/12/08 6:15 a.m.9 views

CVE-2025-14219

A weakness has been identified in Campcodes Retro Basketball Shoes Online Store 1.0. The impacted element is an unknown function of the file /admin/adminrunning.php. Executing a manipulation of the argument productimage can lead to unrestricted upload. It is possible to launch the attack remotely...

7.2CVSS5.6AI score0.00286EPSS
Exploits1References5
CNNVD
CNNVD
added 2025/12/08 12:0 a.m.15 views

CampCodes Retro Basketball Shoes Online Store 安全漏洞

CampCodes Retro Basketball Shoes Online Store is an online store for retro basketball shoes from CampCodes, Inc. A security vulnerability exists in Campcodes Retro Basketball Shoes Online Store version 1.0, which stems from incorrect manipulation of the parameter productimage in the file...

7.2CVSS5AI score0.00286EPSS
Exploits1References5
CVE
CVE
added 2025/12/05 12:0 a.m.12 views

CVE-2025-65879

CVE-2025-65879 — Normal mode Warehouse Management System 1.2 is affected by an authenticated arbitrary file deletion vulnerability. The /goods/deleteGoods endpoint accepts a user-controlled goodsimg parameter, which is directly concatenated with the server’s UPLOAD_PATH and passed to File.delete(...

8.1CVSS6.6AI score0.00693EPSS
Exploits1References1Affected Software1
EUVD
EUVD
added 2025/11/24 12:30 a.m.6 views

EUVD-2025-198594

A security flaw has been discovered in projectworlds can pass malicious payloads up to 1.0. This vulnerability affects unknown code of the file /addbook.php. The manipulation of the argument image results in unrestricted upload. The attack can be executed remotely. The exploit has been released t...

6.5CVSS6.3AI score0.00304EPSS
Exploits1References5
NVD
NVD
added 2025/11/24 12:15 a.m.7 views

CVE-2025-13573

A security flaw has been discovered in projectworlds can pass malicious payloads up to 1.0. This vulnerability affects unknown code of the file /addbook.php. The manipulation of the argument image results in unrestricted upload. The attack can be executed remotely. The exploit has been released t...

8.8CVSS0.00304EPSS
Exploits1References4
CNNVD
CNNVD
added 2025/11/24 12:0 a.m.5 views

Projectworlds Advanced Library Management System 代码问题漏洞

Projectworlds Advanced Library Management System is an advanced library management system from Projectworlds India. A code issue vulnerability exists in Projectworlds Advanced Library Management System version 1.0 and prior versions, which stems from the incorrect manipulation of the parameter...

8.8CVSS6.6AI score0.00304EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2025/11/23 12:0 a.m.6 views

PT-2025-47867

A security flaw has been discovered in projectworlds can pass malicious payloads up to 1.0. This vulnerability affects unknown code of the file /add book.php. The manipulation of the argument image results in unrestricted upload. The attack can be executed remotely. The exploit has been released ...

6.5CVSS7AI score0.00304EPSS
Exploits1References5
NVD
NVD
added 2025/11/20 12:15 a.m.8 views

CVE-2025-13423

A flaw has been found in Campcodes Retro Basketball Shoes Online Store 1.0. The impacted element is an unknown function of the file /admin/adminproduct.php. Executing a manipulation of the argument productimage can lead to unrestricted upload. The attack may be launched remotely. The exploit has...

7.2CVSS0.00297EPSS
Exploits1References5
CNNVD
CNNVD
added 2025/11/07 12:0 a.m.4 views

Projectworlds Online Notes Sharing Platform 安全漏洞

Projectworlds Online Notes Sharing Platform is an online notes sharing platform from Projectworlds India. A security vulnerability exists in Projectworlds Online Notes Sharing Platform version 1.0, which stems from an incorrect manipulation of the parameter image in the file...

9.8CVSS6.5AI score0.00359EPSS
Exploits1References5
OSV
OSV
added 2025/10/27 2:15 a.m.4 views

CVE-2025-12201

A vulnerability was identified in ajayrandhawa User-Management-PHP-MYSQL up to fedcf58797bf2791591606f7b61fdad99ad8bff1. This affects an unknown part of the file /admin/edit-user.php of the component User Management Interface. Such manipulation of the argument image leads to unrestricted upload. ...

7.2CVSS5.5AI score0.00513EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2025/10/27 12:0 a.m.8 views

PT-2025-43759

Name of the Vulnerable Software and Affected Versions ajayrandhawa User-Management-PHP-MYSQL versions prior to fedcf58797bf2791591606f7b61fdad99ad8bff1 Description A flaw exists within the User Management Interface component of the software, specifically concerning file uploads. Manipulation of t...

5.8CVSS6.3AI score0.00513EPSS
Exploits1References6
CNNVD
CNNVD
added 2025/10/27 12:0 a.m.6 views

User-Management-PHP-MYSQL 代码问题漏洞

User-Management-PHP-MYSQL is a secure user management system by Ajay Randhawa Personal Developer. A code issue vulnerability exists in User-Management-PHP-MYSQL that stems from incorrect manipulation of the parameter image in the file /admin/edit-user.php, which could lead to arbitrary file uploa...

7.2CVSS5.1AI score0.00513EPSS
Exploits1References4
NVD
NVD
added 2025/10/20 7:15 p.m.6 views

CVE-2025-61488

An issue in Senayan Library Management System SLiMS 9 Bulian v.9.6.1 allows a remote attacker to execute arbitrary code via the scrapimage.php component and the imageURL parameter...

7.6CVSS0.0033EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/10/20 12:0 a.m.10 views

CVE-2025-61488

An issue in Senayan Library Management System SLiMS 9 Bulian v.9.6.1 allows a remote attacker to execute arbitrary code via the scrapimage.php component and the imageURL parameter...

0.0033EPSS
Exploits0References1
CNVD
CNVD
added 2025/10/13 12:0 a.m.2 views

Online Hotel Reservation System editpicexec.php file arbitrary file upload vulnerability

Online Hotel Reservation System is an online hotel reservation system. Online Hotel Reservation System has an arbitrary file upload vulnerability that stems from a lack of valid validation of uploaded files by the parameter image in the file /admin/editpicexec.php. No details of the vulnerability...

8.8CVSS7.2AI score0.00299EPSS
Exploits1References1
CNVD
CNVD
added 2025/10/13 12:0 a.m.2 views

Online Hotel Reservation System addslideexec.php file arbitrary file upload vulnerability

Online Hotel Reservation System is an online hotel reservation system. Online Hotel Reservation System has an arbitrary file upload vulnerability that stems from a lack of valid validation of uploaded files by the parameter image in the file /admin/addslideexec.php. No details of the vulnerabilit...

9.8CVSS7.2AI score0.00364EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/10/09 3:13 a.m.4 views

CVE-2025-11426

A security flaw has been discovered in projectworlds Advanced Library Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /editbook.php. The manipulation of the argument image results in unrestricted upload. It is possible to launch the attack remotely. T...

8.8CVSS6.2AI score0.00302EPSS
Exploits1References1
Rows per page
Query Builder