2595 matches found
Design/Logic Flaw
An arbitrary file upload vulnerability in Web@rchiv 1.0 allows attackers to execute arbitrary commands via a crafted PHP file...
CVE-2022-29347
An arbitrary file upload vulnerability in Web@rchiv 1.0 allows attackers to execute arbitrary commands via a crafted PHP file...
CVE-2022-28524
ED01-CMS v20180505 was discovered to contain a SQL injection vulnerability via the component post.php...
CVE-2022-28093
SCBS Online Sports Venue Reservation System v1.0 was discovered to contain a local file inclusion vulnerability which allow attackers to execute arbitrary code via a crafted PHP file...
Design/Logic Flaw
SCBS Online Sports Venue Reservation System v1.0 was discovered to contain a local file inclusion vulnerability which allow attackers to execute arbitrary code via a crafted PHP file...
CVE-2022-28053
Typemill v1.5.3 was discovered to contain an arbitrary file upload vulnerability via the upload function. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file...
CVE-2022-28053
Typemill v1.5.3 was discovered to contain an arbitrary file upload vulnerability via the upload function. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file...
CVE-2022-28440
An arbitrary file upload vulnerability in UCMS v1.6 allows attackers to execute arbitrary code via a crafted PHP file...
Design/Logic Flaw
An arbitrary file upload vulnerability in UCMS v1.6 allows attackers to execute arbitrary code via a crafted PHP file...
CVE-2022-28440
An arbitrary file upload vulnerability in UCMS v1.6 allows attackers to execute arbitrary code via a crafted PHP file...
WordPress VikBooking Hotel Booking Engine & PMS plugin <= 1.5.6 - PHP File Upload vulnerability
PHP File Upload vulnerability discovered by Gabriel3476 in WordPress VikBooking Hotel Booking Engine & PMS plugin versions = 1.5.6. Solution Update the WordPress VikBooking Hotel Booking Engine & PMS plugin to the latest available version at least 1.5.8...
VikBooking Hotel Booking Engine & PMS < 1.5.8 - Admin+ PHP File Upload
The plugin does not properly validate images, allowing high privilege users such as administrators to upload PHP files disguised as images and containing malicious PHP code Edit/add a Characteristics /wp-admin/admin.php?option=comvikbooking&task=carat and upload a fake GIF with PHP code in it as ...
Advanced Uploader <= 4.2 - Subscriber+ Arbitrary File Upload
The plugin allows any authenticated users like subscriber to upload arbitrary files, such as PHP, which could lead to RCE As any authenticated user, upload a PHP file via /wp-admin/upload.php?page=adv-file-upload The file will be at https://example.com/wp-content/uploads/2022/03/.php...
CVE-2022-27257
A PHP Local File Inclusion vulneraility in the default Redbasic theme for Hubzilla before version 7.2 allows remote attackers to include arbitrary php files via the schema parameter...
PT-2022-18334 · Hubzilla · Hubzilla
Name of the Vulnerable Software and Affected Versions: Hubzilla versions prior to 7.2 Description: A PHP Local File Inclusion issue in the default Redbasic theme allows remote attackers to include arbitrary php files via the schema parameter. Recommendations: For versions prior to 7.2, update to...
CVE-2022-27256
A PHP Local File inclusion vulnerability in the Redbasic theme for Hubzilla before version 7.2 allows remote attackers to include arbitrary php files via the schema parameter...
Arbitrary File Upload
express-fileupload is vulnerable to arbitrary file upload. It does not restrict an attacker from uploading a malicious PHP file to execute arbitrary code...
CVE-2022-27140
An arbitrary file upload vulnerability in the file upload module of express-fileupload 1.3.1 allows attackers to execute arbitrary code via a crafted PHP file. NOTE: the vendor's position is that the observed behavior can only occur with "intentional misusing of the API": the express-fileupload...
Design/Logic Flaw
An arbitrary file upload vulnerability in the file upload module of express-fileupload 1.3.1 allows attackers to execute arbitrary code via a crafted PHP file. NOTE: the vendor's position is that the observed behavior can only occur with "intentional misusing of the API": the express-fileupload...
PT-2022-18246 · Unknown · Express-Fileupload
Name of the Vulnerable Software and Affected Versions: express-fileupload version 1.3.1 Description: An arbitrary file upload vulnerability in the file upload module of express-fileupload allows attackers to execute arbitrary code via a crafted PHP file. The vendor's position is that the observed...