Lucene search
K

32 matches found

OSV
OSV
added 2024/06/07 9:31 p.m.23 views

GHSA-CR7J-RWMV-VGCH Duplicate Advisory: aimeos-core arbitrary file upload vulnerability

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-rhc2-23c2-ww7c. This link is maintained to preserve external references. Original Description An arbitrary file upload vulnerability in the image upload function of aimeos-core v2024.04 allows attackers to execu...

8.8CVSS7.3AI score
Exploits0References8
OSV
OSV
added 2024/06/07 7:15 p.m.18 views

CVE-2024-36811

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-37295. Reason: This candidate is a reservation duplicate of CVE-2024-37295. Notes: All CVE users should reference CVE-2024-37295 instead of this candidate. All references and descriptions in this candidate have been removed t...

6.9AI score
Exploits0
Cvelist
Cvelist
added 2024/06/07 12:0 a.m.49 views

CVE-2024-36811

...

Exploits0
CVE
CVE
added 2024/06/07 12:0 a.m.56 views

CVE-2024-36811

CVE-2024-36811 is a reserved/duplicate entry for CVE-2024-37295. Connected documents describe Aimeos core vulnerability: before 2024.04.5, an administrative user could upload image-like files containing PHP code, leading to remote code execution in the web server context. A fix is released in 202...

7.4AI score
Exploits0
Vulnrichment
Vulnrichment
added 2024/05/31 4:5 p.m.12 views

CVE-2022-25037

An issue in wanEditor v4.7.11 and fixed in v.4.7.12 and v.5 was discovered to contain a cross-site scripting XSS vulnerability via the image upload function...

6.2AI score0.00268EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/06/07 12:0 a.m.9 views

PT-2023-11847

Name of the Vulnerable Software and Affected Versions Adning Advertising plugin for WordPress versions up to, and including, 1.5.5 Description The issue arises from missing file type validation in the ning upload image function, allowing unauthenticated attackers to upload arbitrary files to the...

9.8CVSS9.3AI score0.06944EPSS
Exploits1References8
NVD
NVD
added 2022/11/14 9:15 p.m.20 views

CVE-2022-43146

An arbitrary file upload vulnerability in the image upload function of Canteen Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file...

7.2CVSS0.00979EPSS
Exploits0References2
Prion
Prion
added 2022/11/14 9:15 p.m.14 views

Design/Logic Flaw

An arbitrary file upload vulnerability in the image upload function of Canteen Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file...

5.8CVSS7.3AI score0.00979EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2022/11/14 12:0 a.m.62 views

CVE-2022-43146

CVE-2022-43146 describes an arbitrary file upload vulnerability in the image upload function of Canteen Management System v1.0 that can lead to remote code execution via a crafted PHP file. Root cause: improper handling/validation of uploaded files enabling execution of attacker-controlled PHP. A...

7.2CVSS7.3AI score0.00979EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2022/03/30 12:0 a.m.3 views

g33kyrash Online Banking System 代码问题漏洞

g33kyrash Online Banking System is an online banking system developed by g33kyrash Personal Developer using PHP and MySQL. A security vulnerability exists in Online Banking System Protect version 1.0, which allows an attacker to execute arbitrary code from a specially crafted PHP file uploaded by...

9.8CVSS8.9AI score0.0263EPSS
Exploits1References3
NVD
NVD
added 2021/11/03 6:15 p.m.27 views

CVE-2020-18261

An arbitrary file upload vulnerability in the image upload function of ED01-CMS v1.0 allows attackers to execute arbitrary commands...

9.8CVSS0.01329EPSS
Exploits1References1
Cvelist
Cvelist
added 2021/08/24 11:5 a.m.27 views

CVE-2021-38611

A command-injection vulnerability in the Image Upload function of the NASCENT RemKon Device Manager 4.0.0.0 allows attackers to execute arbitrary commands, as root, via shell metacharacters in the filename parameter to assets/index.php...

9.8AI score0.01935EPSS
Exploits1References2
Rows per page
Query Builder