Grav Form Plugin has an Anonymous Page Content Overwrite via Form File Upload filename Override

Summary Tested on Form 9.0.3 released on April, 28th The Form plugin's file upload handler at user/plugins/form/classes/Form.php:583 accepts a POST-supplied filename parameter $filename = $post'filename' ?? $upload'file''name' that overrides the original uploaded filename. The override passes...

CVE-2026-33647

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the ImageGallery::saveFile method validates uploaded file content using finfo MIME type detection but derives the saved filename extension from the user-supplied original filename without an allowlist check. An...

CVE-2026-33647

WWBN AVideo (versions up to 26.0) is affected by a RCE in ImageGallery::saveFile(), where MIME-type validation via finfo passes a polyglot file with a .php extension because the saved filename extension is derived from the user-provided name without an allowlist. An attacker can upload a file wit...

EUVD-2019-2889

Malware in sbrugna...

CVE-2025-58745

The CVE-2025-58745 entry concerns WeGIA, a Web manager for charitable institutions. Technical details from connected documents show an arbitrary file upload vulnerability where MIME-type validation for Excel files at /html/socio/sistema/controller/controla_xlsx.php can be bypassed by embedding Ex...

PT-2023-30910 · Unknown · Statamic Cms

Name of the Vulnerable Software and Affected Versions: Statamic CMS versions prior to 3.4.15 and 4.36.0 Description: The issue allows HTML files crafted to look like images to be uploaded, bypassing mime validation. This is applicable on front-end forms using the "Forms" feature with an assets...

CVE-2019-11185

The WP Live Chat Support Pro plugin through 8.0.26 for WordPress contains an arbitrary file upload vulnerability. This results from an incomplete patch for CVE-2018-12426. Arbitrary file upload is achieved by using a non-blacklisted executable file extension in conjunction with a whitelisted file...

Design/Logic Flaw

The WP Live Chat Support Pro plugin through 8.0.26 for WordPress contains an arbitrary file upload vulnerability. This results from an incomplete patch for CVE-2018-12426. Arbitrary file upload is achieved by using a non-blacklisted executable file extension in conjunction with a whitelisted file...

CVE-2019-11185

The WP Live Chat Support Pro plugin through 8.0.26 for WordPress contains an arbitrary file upload vulnerability. This results from an incomplete patch for CVE-2018-12426. Arbitrary file upload is achieved by using a non-blacklisted executable file extension in conjunction with a whitelisted file...

ReVou Twitter Clone File Upload

--------------------------------------------------------- Portal Name: ReVou Twitter Clone Arbitrary File Upload Vulnerability Version: All version Vendor : http://www.revou.com/ Demo: http://www.revou.com/demo/ Author : S.W.A.T. , [email protected] Vulnerability : wWw.BaTLaGH.CoM...

ReVou Twitter Clone Arbitrary File Upload Vulnerability

No description provided by source. --------------------------------------------------------- Portal Name: ReVou Twitter Clone Arbitrary File Upload Vulnerability Version: All version Vendor : http://www.revou.com/ Demo: http://www.revou.com/demo/ Author : S.W.A.T. , [email protected] Vulnerabili...

ReVou Twitter Clone Arbitrary File Upload Vulnerability

Exploit for unknown platform in category web applications ======================================================= ReVou Twitter Clone Arbitrary File Upload Vulnerability ======================================================= --------------------------------------------------------- Portal Name:...

ReVou Twitter Clone - Arbitrary File Upload

--------------------------------------------------------- Portal Name: ReVou Twitter Clone Arbitrary File Upload Vulnerability Version: All version Vendor : http://www.revou.com/ Demo: http://www.revou.com/demo/ Author : S.W.A.T. , [email protected] Vulnerability : wWw.BaTLaGH.CoM...

Mini File Host 1.x Arbitrary PHP File Upload Vulnerability

No description provided by source. --------------------------------------------------------- Portal Name: Mini File Host Version: All version Vendor : http://www.galaxyscripts.com Dork: inurl:index.php?page=img Powered By Mini File Host Author : PouyaServer , [email protected] Vulnerability ...

Mini File Host 1.x Arbitrary PHP File Upload Vulnerability

Exploit for unknown platform in category web applications ========================================================== Mini File Host 1.x Arbitrary PHP File Upload Vulnerability ========================================================== --------------------------------------------------------- Port...

Mini File Host 1.x - Arbitrary .PHP File Upload

Mini File Host 1.x - Arbitrary .PHP File Upload --------------------------------------------------------- Portal Name: Mini File Host Version: All version Vendor : http://www.galaxyscripts.com Dork: inurl:index.php?page=img Powered By Mini File Host Author : PouyaServer , [email protected]...

Mini File Host 1.x - Arbitrary '.PHP' File Upload

--------------------------------------------------------- Portal Name: Mini File Host Version: All version Vendor : http://www.galaxyscripts.com Dork: inurl:index.php?page=img Powered By Mini File Host Author : PouyaServer , [email protected] Vulnerability : Uploader Bypass...