7 matches found
OpenClaw 代码问题漏洞
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a server-side request forgery vulnerability that stems from a server-side request forgery vulnerability in QQBot direct media uploads that skips URL authentication. An attacker can exploit this...
CVE-2026-22799
Summary: CVE-2026-22799 affects the open-source CMS emlog. Versions prior to 2.6.1 expose the REST API endpoint /index.php?rest-api=upload without proper validation of file types, extensions, or content. This allows authenticated attackers (with a valid API key or an admin session cookie) to uplo...
CVE-2026-22799 emlog Arbitrary File Upload Vulnerability
Emlog is an open source website building system. emlog v2.6.1 and earlier exposes a REST API endpoint /index.php?rest-api=upload for media file uploads. The endpoint fails to implement proper validation of file types, extensions, and content, allowing authenticated attackers with a valid API key ...
CVE-2023-53933
Serendipity 2.4.0 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files with .phar extension. Attackers can upload files with system command payloads to the media upload endpoint and execute arbitrary commands on the server...
CVE-2023-53933 Serendipity 2.4.0 Authenticated Remote Code Execution via File Upload
Serendipity 2.4.0 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files with .phar extension. Attackers can upload files with system command payloads to the media upload endpoint and execute arbitrary commands on the server...
CVE-2023-53933
CVE-2023-53933 affects Serendipity 2.4.0. An authenticated attacker can upload PHP files with a .phar extension via the media upload endpoint, enabling remote code execution on the server. The vulnerability arises from accepting or processing uploaded files in a way that allows execution of syste...
PT-2025-51971
Name of the Vulnerable Software and Affected Versions Serendipity version 2.4.0 Description An authenticated attacker can upload malicious PHP files with a .phar extension, leading to remote code execution. Attackers can upload files containing system command payloads to the media upload endpoint...