CVE-2026-5670

A vulnerability was found in Cyber-III Student-Management-System up to 1a938fa61e9f735078e9b291d2e6215b4942af3f. This issue affects the function moveuploadedfile of the file /AssignmentSection/submission/upload.php. Performing a manipulation of the argument File results in unrestricted upload. Th...

CVE-2026-5670 Cyber-III Student-Management-System upload.php move_uploaded_file unrestricted upload

A vulnerability was found in Cyber-III Student-Management-System up to 1a938fa61e9f735078e9b291d2e6215b4942af3f. This issue affects the function moveuploadedfile of the file /AssignmentSection/submission/upload.php. Performing a manipulation of the argument File results in unrestricted upload. Th...

CVE-2025-11347

A vulnerability was found in code-projects Student Crud Operation up to 3.3. This vulnerability affects the function moveuploadedfile of the file add.php of the component Add Student Page/Edit Student Page. Performing manipulation results in unrestricted upload. The attack can be initiated...

CVE-2025-11347 code-projects Student Crud Operation Add Student Page/Edit Student add.php move_uploaded_file unrestricted upload

A vulnerability was found in code-projects Student Crud Operation up to 3.3. This vulnerability affects the function moveuploadedfile of the file add.php of the component Add Student Page/Edit Student Page. Performing manipulation results in unrestricted upload. The attack can be initiated...

CVE-2025-11347

CVE-2025-11347 affects code-projects Student Crud Operation up to 3.3, where the function move_uploaded_file in add.php allows unrestricted file upload. The vulnerability can be triggered remotely and the exploit has been publicized. Affected versions are stated as up to 3.3; sources suggest that...

Oracle Linux 6 / 7 : php54 (ELSA-2015-1066)

The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2015-1066 advisory. - fix use after free CVE-2015-1351 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note tha...

CVE-2021-26610

The moveuploadedfile function in godomall5 does not perform an integrity check of extension or authority when user upload file. This vulnerability allows an attacker to execute an remote arbitrary code...

Design/Logic Flaw

The moveuploadedfile function in godomall5 does not perform an integrity check of extension or authority when user upload file. This vulnerability allows an attacker to execute an remote arbitrary code...

CVE-2021-26610 godomall5 remote code execution vulnerability

The moveuploadedfile function in godomall5 does not perform an integrity check of extension or authority when user upload file. This vulnerability allows an attacker to execute an remote arbitrary code...

CVE-2020-20979

An arbitrary file upload vulnerability in the moveuploadedfile function of LJCMS v4.3 allows attackers to execute arbitrary code...

CVE-2019-9858

Remote code execution was discovered in Horde Groupware Webmail 5.2.22 and 5.2.17. Horde/Form/Type.php contains a vulnerable class that handles image upload in forms. When the HordeFormTypeimage method onSubmit is called on uploads, it invokes the functions getImage and getUpload, which uses...

Denial Of Service (DoS)

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The php55 packages provide a recent stable release of PHP with the PEAR 1.9.4, memcache 3.0.8, and mongo 1.4.5 PECL extensions, and a number of additional utilities. The php55 packages have been upgraded to...

Out-Of-Bounds Read

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The php55 packages provide a recent stable release of PHP with the PEAR 1.9.4, memcache 3.0.8, and mongo 1.4.5 PECL extensions, and a number of additional utilities. The php55 packages have been upgraded to...

PHP 5.6.x < 5.6.7 Multiple Vulnerabilities

According to its banner, the version of PHP 5.6.x installed on the remote host is prior to 5.6.7. It is, therefore, affected by multiple vulnerabilities : - A use-after-free error exists related to function 'unserialize', which can allow a remote attacker to execute arbitrary code. Note that this...

php: move_uploaded_file() NUL byte injection in file name

It was found that PHP moveuploadedfile function did not properly handle file names with a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions...

Moderate: Red Hat Security Advisory: php55 security and bug fix update

Updated php55 collection packages that fix multiple security issues and several bugs are now available as part of Red Hat Software Collections 2. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give...

PHP arbitrary file upload Vulnerability, CVE-2 0 1 5-2 3 4 8 analysis and use-vulnerability and early warning-the black bar safety net

Today, security researchers released a medium-risk vulnerabilities--PHP arbitrary file upload Vulnerability, CVE-2 0 1 5-2 3 4 8 in. Typically, the php developer will be the file name suffix, file typeContent-Type, Mime type, file size, etc. to be checked to limit the malicious php script is...

PHP arbitrary file upload Vulnerability, CVE-2 0 1 5-2 3 4 8 analysis-vulnerability warning-the black bar safety net

Last night security news broke of a“PHP arbitrary file upload Vulnerability”, CVE number: CVE-2 0 1 5-2 3 4 8 in. At the time landlord is ready to pack up and go home, see this news my heart a surprised: the lost rivers and lakes for many years the 0 character truncation upload vulnerability and...

CVE-2015-2348

The moveuploadedfile implementation in ext/standard/basicfunctions.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 truncates a pathname upon encountering a \x00 character, which allows remote attackers to bypass intended extension restrictions and create files with unexpected...

UBUNTU-CVE-2015-2348

The moveuploadedfile implementation in ext/standard/basicfunctions.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 truncates a pathname upon encountering a \x00 character, which allows remote attackers to bypass intended extension restrictions and create files with unexpected...