Lucene search
K

15 matches found

Positive Technologies
Positive Technologies
added 2026/01/06 12:0 a.m.6 views

PT-2026-1424

Name of the Vulnerable Software and Affected Versions MasterStudy LMS WordPress Plugin versions through 3.7.6 Description The MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin for WordPress is susceptible to unauthorized modification and deletion of data. This is due to a...

5.4CVSS6.3AI score0.00146EPSS
Exploits0References6
Cvelist
Cvelist
added 2025/12/15 6:0 a.m.27 views

CVE-2025-11363 Royal Elementor Addons and Templates < 1.7.1037 - Unauthenticated Media File Upload

The Royal Addons for Elementor WordPress plugin before 1.7.1037 does not have proper authorisation, allowing unauthenticated users to upload media files via the wpraddonsuploadfile action...

0.00273EPSS
Exploits0References1
CVE
CVE
added 2025/12/15 6:0 a.m.24 views

CVE-2025-11363

The CVE-2025-11363 entry concerns the WordPress plugin Royal Addons for Elementor (Royal Elementor Addons and Templates). Multiple connected sources confirm a vulnerability where the plugin versions up to 1.7.1036 lack proper authorization, allowing unauthenticated users to upload media files via...

5.3CVSS6.6AI score0.00273EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/08/24 12:0 a.m.5 views

Vvveb 安全漏洞

Vvveb is a powerful and easy-to-use CMS from Givan Personal Developers for building websites, blogs or e-commerce stores. A security vulnerability exists in Vvveb version 1.0.7.2 and earlier, which stems from the incorrect operation of the parameter files in the /system/traits/media.php file...

9.8CVSS6.5AI score0.00454EPSS
Exploits1References5
CVE
CVE
added 2025/01/23 12:0 a.m.68 views

CVE-2024-53923

CVE-2024-53923 – Centreon Web : Multiple sources (Red Hat, Snyk, CVE listings, PT Security, etc.) confirm a SQL injection in the media-upload form that can be triggered by a user with high privileges. Affected versions include Centreon Web 23.04.x (to 23.04.23), 23.10.x (to 23.10.18), 24.04.x (to...

9.1CVSS8AI score0.004EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/06/19 10:52 a.m.10 views

CVE-2023-2751 Upload Resume <= 1.2.0 - Captcha Bypass

The Upload Resume WordPress plugin through 1.2.0 does not validate the captcha parameter when uploading a resume via the resumeuploadform shortcode, allowing unauthenticated visitors to upload arbitrary media files to the site...

7AI score0.0051EPSS
Exploits2References1
CNVD
CNVD
added 2022/04/07 12:0 a.m.17 views

HorizontCMS Code Issues Vulnerabilities

HorizontCMS is a customer relationship management web platform for individual developers. A security vulnerability exists in HorizontCMS before 1.0.0-beta.3, which can be exploited by attackers to upload .htaccess and .hello files by using the media file upload feature...

9.8CVSS6.9AI score0.01195EPSS
Exploits0References1
CVE
CVE
added 2019/02/25 6:0 a.m.43 views

CVE-2018-20791

CVE-2018-20791 affects tecrail Responsive FileManager 9.13.4. The issue is an XSS via a media file upload, caused by mishandling of the media_preview action, allowing an attacker to inject script/HTML through the filename. Connected sources confirm the product/version and the vulnerability class;...

6.1CVSS5.9AI score0.00815EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2017/01/17 9:59 a.m.14 views

Server side request forgery (ssrf)

The media-file upload feature in GeniXCMS through 0.0.8 allows remote attackers to conduct SSRF attacks via a URL, as demonstrated by a URL with an intranet IP address...

4.3CVSS7.4AI score0.0157EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2017/01/17 9:59 a.m.15 views

CVE-2017-5518

The media-file upload feature in GeniXCMS through 0.0.8 allows remote attackers to conduct SSRF attacks via a URL, as demonstrated by a URL with an intranet IP address...

7.4CVSS7.4AI score0.0157EPSS
Exploits1References2
CVE
CVE
added 2017/01/17 9:22 a.m.48 views

CVE-2017-5518

GeniXCMS media-file upload feature up to version 0.0.8 is affected by an SSRF vulnerability. The issue arises when the upload mechanism processes a URL, enabling remote attackers to fetch internal network resources (e.g., intranet addresses). The CVE description consistently states SSRF via a URL...

7.4CVSS7.3AI score0.0157EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2017/01/17 9:22 a.m.17 views

CVE-2017-5518

The media-file upload feature in GeniXCMS through 0.0.8 allows remote attackers to conduct SSRF attacks via a URL, as demonstrated by a URL with an intranet IP address...

7.4AI score0.0157EPSS
Exploits1References2
OSV
OSV
added 2016/09/02 1:59 a.m.3 views

CVE-2016-6483

The media-file upload feature in vBulletin before 3.8.7 Patch Level 6, 3.8.8 before Patch Level 2, 3.8.9 before Patch Level 1, 4.x before 4.2.2 Patch Level 6, 4.2.3 before Patch Level 2, 5.x before 5.2.0 Patch Level 3, 5.2.1 before Patch Level 1, and 5.2.2 before Patch Level 1 allows remote...

8.6CVSS5.8AI score0.11945EPSS
Exploits6References7
CVE
CVE
added 2016/09/02 1:0 a.m.108 views

CVE-2016-6483

The CVE-2016-6483 issue in vBulletin enables remote SSRF via the media-file upload feature, where a crafted URL can trigger a redirection HTTP response. Affected versions include 3.8.x up to 3.8.7 Patch Level 6, 3.8.8 up to Patch Level 2, 3.8.9 up to Patch Level 1, 4.x up to 4.2.2 Patch Level 6, ...

8.6CVSS8.2AI score0.11945EPSS
Exploits6References7Affected Software1
Packet Storm
Packet Storm
added 2010/05/12 12:0 a.m.39 views

Fast Free Media 1.3 Adult Site Shell Upload

======================================================================================== | Title : Fast Free Media V 1.3 Adult Site Upload Shell Exploiot | Author : indoushka | email : [email protected] | Home : www.iqs3cur1ty.com | Script : Powered by FastFreeMedia.com All Videos Copyright ©...

Exploits0
Rows per page
Query Builder