32 matches found
DaiCuo CMS 安全漏洞
DaiCuo CMS is a PHP news article management system by DaiCuo individual developer. A security vulnerability exists in DaiCuo CMS version V1.3.13, which originates from an arbitrary file upload vulnerability in the image upload function...
EUVD-2021-25966
Malware in sbrugna...
EUVD-2020-10188
Malware in sbrugna...
EUVD-2017-14706
Malware in sbrugna...
EUVD-2022-32398
Malicious code in bioql PyPI...
CVE-2024-54730
Flatnotes...
CVE-2021-38611
A command-injection vulnerability in the Image Upload function of the NASCENT RemKon Device Manager 4.0.0.0 allows attackers to execute arbitrary commands, as root, via shell metacharacters in the filename parameter to assets/index.php...
Server Side Request Forgery (SSRF)
shopxo/shopxo is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to insufficient validation of user-supplied URLs in the image upload function, allowing attackers to craft requests that the server executes on their behalf...
CVE-2025-28092
ShopXO v6.4.0 is vulnerable to Server-Side Request Forgery SSRF via image upload function...
GHSA-P736-G6PG-HJHW ShopXO Vulnerable to Server-Side Request Forgery (SSRF) via Image Upload
ShopXO v6.4.0 is vulnerable to Server-Side Request Forgery SSRF via image upload function...
ShopXO Vulnerable to Server-Side Request Forgery (SSRF) via Image Upload
ShopXO v6.4.0 is vulnerable to Server-Side Request Forgery SSRF via image upload function...
CVE-2025-28092
ShopXO v6.4.0 is vulnerable to Server-Side Request Forgery SSRF via image upload function...
CVE-2025-28092
ShopXO v6.4.0 is vulnerable to Server-Side Request Forgery SSRF via image upload function...
CVE-2025-28092
ShopXO v6.4.0 is vulnerable to Server-Side Request Forgery SSRF via image upload function...
CVE-2022-25037
An issue in wanEditor v4.7.11 and fixed in v.4.7.12 and v.5 was discovered to contain a cross-site scripting XSS vulnerability via the image upload function...
CVE-2024-40513
An issue in themesebrand Chatvia v.5.3.2 allows a remote attacker to execute arbitrary code via the User profile Upload image function...
Arbitrary File Upload
Automad is vulnerable to Arbitrary File Upload. The vulnerability is due to improper file type checks within the image upload function, allowing attackers to execute arbitrary code via a crafted file...
PT-2024-28828 · Automad · Automad
Name of the Vulnerable Software and Affected Versions: Automad version 2.0.0 Description: An arbitrary file upload vulnerability in the image upload function allows attackers to execute arbitrary code via a crafted file. The malicious file has to be prepared and uploaded manually by the admin,...
CVE-2024-40400
An arbitrary file upload vulnerability in the image upload function of Automad v2.0.0 allows attackers to execute arbitrary code via a crafted file...
PT-2024-20095 · WordPress · Aliexpress Dropshipping With Alinext Lite
Name of the Vulnerable Software and Affected Versions: AliExpress Dropshipping with AliNext Lite plugin for WordPress versions up to, and including, 3.3.5 Description: The issue is related to arbitrary file uploads due to missing file type validation in the ajax save image function. This allows...