EUVD-2025-197911

The Gravity Forms plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the legacy chunked upload mechanism in all versions up to, and including, 2.9.21.1. This is due to the extension blacklist not including .phar files, which can be uploaded through...

EUVD-2023-58518

Malicious code in bioql PyPI...

CVE-2023-6274

A vulnerability was found in Byzoro Smart S80 up to 20231108. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /sysmanage/updatelib.php of the component PHP File Handler. The manipulation of the argument fileupload leads to unrestricted...

CVE-2023-6274

A vulnerability was found in Byzoro Smart S80 up to 20231108. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /sysmanage/updatelib.php of the component PHP File Handler. The manipulation of the argument fileupload leads to unrestricted...

Out-of-bounds

A vulnerability was found in Beijing Baichuo Smart S80 up to 20231108. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /sysmanage/updatelib.php of the component PHP File Handler. The manipulation of the argument fileupload leads to...

CVE-2023-6274 Byzoro Smart S80 PHP File updatelib.php unrestricted upload

A vulnerability was found in Byzoro Smart S80 up to 20231108. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /sysmanage/updatelib.php of the component PHP File Handler. The manipulation of the argument fileupload leads to unrestricted...

CVE-2023-6274

Byzoro Smart S80 up to 20231108 has a vulnerability in /sysmanage/updatelib.php (PHP File Handler) where the file_upload parameter can be manipulated to achieve unrestricted uploads. The vulnerability is exploitable remotely and the exploit has been publicly disclosed (VDB-246103). Connected advi...

CVE-2023-0783

A vulnerability was found in EcShop 4.1.5. It has been classified as critical. This affects an unknown part of the file /ecshop/admin/template.php of the component PHP File Handler. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been...

Design/Logic Flaw

A vulnerability was found in EcShop 4.1.5. It has been classified as critical. This affects an unknown part of the file /ecshop/admin/template.php of the component PHP File Handler. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been...

CVE-2023-0783 EcShop PHP File template.php unrestricted upload

A vulnerability was found in EcShop 4.1.5. It has been classified as critical. This affects an unknown part of the file /ecshop/admin/template.php of the component PHP File Handler. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been...

CVE-2023-0783

Summary (CVE-2023-0783): EcShop 4.1.5 is affected by a vulnerability in the PHP File Handler, specifically the /ecshop/admin/template.php file, enabling unrestricted upload. Remote initiation is possible; the vulnerability is publicly disclosed (VDB-220641) and reported across multiple feeds (NVD...

PT-2023-16524 · Ecshop · Ecshop

Name of the Vulnerable Software and Affected Versions: EcShop version 4.1.5 Description: A critical issue affects the PHP File Handler component, specifically the /ecshop/admin/template.php file, leading to unrestricted upload. The attack can be initiated remotely. Recommendations: For EcShop...