Lucene search
K

856 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 1:19 a.m.8 views

CVE-2022-3076

The CM Download Manager WordPress plugin before 2.8.6 allows high privilege users such as admin to upload arbitrary files by setting the any extension via the plugin's setting, which could be used by admins of multisite blog to upload PHP files for example...

7.2CVSS6.8AI score0.01054EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:46 a.m.6 views

CVE-2022-4328

The WooCommerce Checkout Field Manager WordPress plugin before 18.0 does not validate files to be uploaded, which could allow unauthenticated attackers to upload arbitrary files such as PHP on the server...

9.8CVSS7.1AI score0.04427EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:50 p.m.5 views

CVE-2022-43277

Canteen Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via ip/youthappam/phpaction/editFile.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file...

7.2CVSS8.3AI score0.0095EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:32 p.m.3 views

CVE-2022-1939

The Allow svg files WordPress plugin before 1.1 does not properly validate uploaded files, which could allow high privilege users such as admin to upload PHP files even when they are not allowed to...

7.2CVSS6.9AI score0.01403EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:49 p.m.8 views

CVE-2022-30529

File upload vulnerability in asith-eranga ISIC tour booking through version published on Feb 13th 2018, allows attackers to upload arbitrary files via /system/application/libs/js/tinymce/plugins/filemanager/dialog.php and /system/application/libs/js/tinymce/plugins/filemanager/upload.php...

7.2CVSS7.1AI score0.00953EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:37 p.m.7 views

CVE-2021-25780

An arbitrary file upload vulnerability has been identified in posts.php in Baby Care System 1.0. The vulnerability could be exploited by an remote attacker to upload content to the server, including PHP files, which could result in command execution and obtaining a shell...

7.2CVSS7.5AI score0.02469EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:13 p.m.8 views

CVE-2021-36454

Cross Site Scripting XSS vulnerability in Naviwebs Navigate Cms 2.9 via the navigate-quickse parameter to 1 backups\backups.php, 2 blocks\blocks.php, 3 brands\brands.php, 4 comments\comments.php, 5 coupons\coupons.php, 6 feeds\feeds.php, 7 functions\functions.php, 8 items\items.php, 9...

5.4CVSS6AI score0.00552EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:4 p.m.5 views

CVE-2021-24721

The Loco Translate WordPress plugin before 2.5.4 mishandles data inputs which get saved to a file, which can be renamed to an extension ending in .php, resulting in authenticated "translator" users being able to inject PHP code into files ending with .php in web accessible locations...

6.5CVSS6.7AI score0.0091EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:24 p.m.8 views

CVE-2021-25003

The WPCargo Track & Trace WordPress plugin before 6.9.0 contains a file which could allow unauthenticated attackers to write a PHP file anywhere on the web server, leading to RCE...

9.8CVSS6.9AI score0.56148EPSS
Exploits3References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:54 p.m.5 views

CVE-2020-25735

webTareas through 2.1 allows XSS in clients/editclient.php, extensions/addextension.php, administration/addannouncement.php, administration/departments.php, administration/locations.php, expenses/claimtype.php, projects/editproject.php, and general/newnotifications.php...

6.1CVSS6.1AI score0.01407EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 3:56 p.m.6 views

CVE-2020-23973

KandNconcepts Club CMS 1.1 and 1.2 has SQL Injection via the 'team.php,player.php,club.php' id parameter...

9.8CVSS8.3AI score0.01563EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 1:50 p.m.10 views

CVE-2014-5107

concrete5 before 5.6.3 allows remote attackers to obtain the installation path via a direct request to 1 system/basics/editor.php, 2 system/view.php, 3 system/environment/filestoragelocations.php, 4 system/mail/importers.php, 5 system/mail/method.php, 6 system/permissions/filetypes.php, 7...

5CVSS6.9AI score0.0296EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 12:29 p.m.8 views

CVE-2010-4608

Habari 0.6.5 allows remote attackers to obtain sensitive information via a direct request to 1 header.php and 2 commentsitems.php in system/admin/, which reveals the installation path in an error message...

5CVSS6.4AI score0.02492EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 12:16 p.m.5 views

CVE-2012-1645

The CDN module 6.x-2.2 and 7.x-2.2 for Drupal, when running in Origin Pull mode with the "Far Future expiration" option enabled, allows remote attackers to read arbitrary PHP files via unspecified vectors, as demonstrated by reading settings.php...

2.6CVSS7.2AI score0.014EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:59 a.m.8 views

CVE-2011-3709

b2evolution 3.3.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by locales/ruRU/ru-RU.locale.php and certain other files...

5CVSS6.5AI score0.01343EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:42 a.m.6 views

CVE-2019-12530

Incorrect access control was discovered in the stdonato Dashboard plugin through 0.9.7 for GLPI, affecting df.php, issue.php, load.php, mem.php, traf.php, and uptime.php in front/sh...

9.8CVSS7AI score0.01514EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:11 a.m.7 views

CVE-2011-3793

Pixie 1.04 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by admin/modules/static.php and certain other files...

5CVSS6.5AI score0.01967EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:37 a.m.7 views

CVE-2019-17490

app\modules\polygon\controllers\ProblemController in Jiangnan Online Judge aka jnoj 0.8.0 allows arbitrary file upload, as demonstrated by PHP code with a .php filename but the image/png content type to the web/polygon/problem/tests URI...

8.8CVSS7.2AI score0.01494EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:27 a.m.10 views

CVE-2011-3703

AneCMS 1.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by widgets/menu/index.php and certain other files...

5CVSS6.5AI score0.01335EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:47 a.m.5 views

CVE-2013-1468

Cross-site request forgery CSRF vulnerability in the LocalFiles Editor plugin in Piwigo before 2.4.7 allows remote attackers to hijack the authentication of administrators for requests that create arbitrary PHP files via unspecified vectors...

7.6CVSS7.6AI score0.05726EPSS
Exploits10References1
Rows per page
Query Builder