32 matches found
GHSA-CR7J-RWMV-VGCH Duplicate Advisory: aimeos-core arbitrary file upload vulnerability
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-rhc2-23c2-ww7c. This link is maintained to preserve external references. Original Description An arbitrary file upload vulnerability in the image upload function of aimeos-core v2024.04 allows attackers to execu...
CVE-2024-36811
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-37295. Reason: This candidate is a reservation duplicate of CVE-2024-37295. Notes: All CVE users should reference CVE-2024-37295 instead of this candidate. All references and descriptions in this candidate have been removed t...
CVE-2024-36811
...
CVE-2024-36811
CVE-2024-36811 is a reserved/duplicate entry for CVE-2024-37295. Connected documents describe Aimeos core vulnerability: before 2024.04.5, an administrative user could upload image-like files containing PHP code, leading to remote code execution in the web server context. A fix is released in 202...
CVE-2022-25037
An issue in wanEditor v4.7.11 and fixed in v.4.7.12 and v.5 was discovered to contain a cross-site scripting XSS vulnerability via the image upload function...
PT-2023-11847
Name of the Vulnerable Software and Affected Versions Adning Advertising plugin for WordPress versions up to, and including, 1.5.5 Description The issue arises from missing file type validation in the ning upload image function, allowing unauthenticated attackers to upload arbitrary files to the...
CVE-2022-43146
An arbitrary file upload vulnerability in the image upload function of Canteen Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file...
Design/Logic Flaw
An arbitrary file upload vulnerability in the image upload function of Canteen Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file...
CVE-2022-43146
CVE-2022-43146 describes an arbitrary file upload vulnerability in the image upload function of Canteen Management System v1.0 that can lead to remote code execution via a crafted PHP file. Root cause: improper handling/validation of uploaded files enabling execution of attacker-controlled PHP. A...
g33kyrash Online Banking System 代码问题漏洞
g33kyrash Online Banking System is an online banking system developed by g33kyrash Personal Developer using PHP and MySQL. A security vulnerability exists in Online Banking System Protect version 1.0, which allows an attacker to execute arbitrary code from a specially crafted PHP file uploaded by...
CVE-2020-18261
An arbitrary file upload vulnerability in the image upload function of ED01-CMS v1.0 allows attackers to execute arbitrary commands...
CVE-2021-38611
A command-injection vulnerability in the Image Upload function of the NASCENT RemKon Device Manager 4.0.0.0 allows attackers to execute arbitrary commands, as root, via shell metacharacters in the filename parameter to assets/index.php...