11 matches found
EUVD-2019-20000
PhreeBooks ERP 5.2.3 contains an arbitrary file upload vulnerability in the Image Manager component that allows authenticated attackers to upload malicious files by submitting requests to the image upload endpoint. Attackers can upload PHP files through the imgFile parameter to the...
CVE-2023-4988
A vulnerability, which was classified as problematic, was found in Bettershop LaikeTui. This affects an unknown part of the file index.php?module=system=uploadImg. The manipulation of the argument imgFile leads to unrestricted upload. It is possible to initiate the attack remotely. This product...
EUVD-2025-202705
A vulnerability was detected in baowzh hfly up to 638ff9abe9078bc977c132b37acbe1900b63491c. The impacted element is an unknown function of the file /Public/Kindeditor/php/uploadjson.php. Performing manipulation of the argument imgFile results in unrestricted upload. It is possible to initiate the...
CVE-2025-14522
A vulnerability was detected in baowzh hfly up to 638ff9abe9078bc977c132b37acbe1900b63491c. The impacted element is an unknown function of the file /Public/Kindeditor/php/uploadjson.php. Performing manipulation of the argument imgFile results in unrestricted upload. It is possible to initiate the...
CVE-2025-14522
A vulnerability was detected in baowzh hfly up to 638ff9abe9078bc977c132b37acbe1900b63491c. The impacted element is an unknown function of the file /Public/Kindeditor/php/uploadjson.php. Performing manipulation of the argument imgFile results in unrestricted upload. It is possible to initiate the...
CVE-2025-14522 baowzh hfly upload_json.php unrestricted upload
A vulnerability was detected in baowzh hfly up to 638ff9abe9078bc977c132b37acbe1900b63491c. The impacted element is an unknown function of the file /Public/Kindeditor/php/uploadjson.php. Performing manipulation of the argument imgFile results in unrestricted upload. It is possible to initiate the...
CVE-2025-14522 baowzh hfly upload_json.php unrestricted upload
A vulnerability was detected in baowzh hfly up to 638ff9abe9078bc977c132b37acbe1900b63491c. The impacted element is an unknown function of the file /Public/Kindeditor/php/uploadjson.php. Performing manipulation of the argument imgFile results in unrestricted upload. It is possible to initiate the...
hfly 代码问题漏洞
hfly is a travel website by baowzh individual developer. A code issue vulnerability exists in hfly, which stems from the incorrect manipulation of the parameter imgFile in the file /Public/Kindeditor/php/uploadjson.php, which could lead to arbitrary file uploads...
phpwcms 代码问题漏洞
phpwcms is an open source web content management system from slackero open source. It is fast, easy to install and can run on any standard web server platform that supports PHP/MySQL. A code issue vulnerability exists in phpwcms 1.9.45 and 1.10.8 and earlier versions, which stems from an incorrec...
CVE-2025-4258
A vulnerability, which was classified as critical, was found in zhangyanbo2007 youkefu up to 4.2.0. Affected is the function Upload of the file \youkefu-master\src\main\java\com\ukefu\webim\web\handler\resource\MediaController.java. The manipulation of the argument imgFile leads to unrestricted...
youkefu 代码问题漏洞
youkefu is a customer service support application by the individual developer zhangyanbo2007. A code issue vulnerability exists in youkefu 4.2.0 and earlier versions, which originates from the file youkefu-mastersrcmainjavacomukefuwebimwebhandler. Mishandling of the parameter imgFile in...