2595 matches found
CVE-2022-27140
CVE-2022-27140 affects the express-fileupload module (version 1.3.1). The vulnerability arises from improper validation in the file upload mechanism, allowing an attacker to upload a crafted PHP file and potentially execute arbitrary code. Vendor notes this behavior can occur only with intentiona...
CVE-2022-27129
An arbitrary file upload vulnerability at /admin/ajax.php in zbzcms v1.0 allows attackers to execute arbitrary code via a crafted PHP file...
CVE-2022-27129
An arbitrary file upload vulnerability at /admin/ajax.php in zbzcms v1.0 allows attackers to execute arbitrary code via a crafted PHP file...
CVE-2022-27131
An arbitrary file upload vulnerability at /zbzedit/php/zbz.php in zbzcms v1.0 allows attackers to execute arbitrary code via a crafted PHP file...
Design/Logic Flaw
An arbitrary file upload vulnerability at /zbzedit/php/zbz.php in zbzcms v1.0 allows attackers to execute arbitrary code via a crafted PHP file...
CVE-2022-27131
An arbitrary file upload vulnerability at /zbzedit/php/zbz.php in zbzcms v1.0 allows attackers to execute arbitrary code via a crafted PHP file...
CVE-2022-27131
CVE-2022-27131 affects zbzcms v1.0, with an arbitrary file upload vulnerability at /zbzedit/php/zbz.php that allows code execution via a crafted PHP file. Connected records from NVD/Red Hat/CNVD/CVE list confirm the vulnerability details across multiple sources; exploitation status and official r...
CVE-2021-46367
RiteCMS version 3.1.0 and below suffers from a remote code execution vulnerability in the admin panel. An authenticated attacker can upload a PHP file and bypass the .htacess configuration to deny execution of .php files in media and files directory by default...
CVE-2021-46367
RiteCMS version 3.1.0 and below suffers from a remote code execution vulnerability in the admin panel. An authenticated attacker can upload a PHP file and bypass the .htacess configuration to deny execution of .php files in media and files directory by default...
Remote code execution
RiteCMS version 3.1.0 and below suffers from a remote code execution vulnerability in the admin panel. An authenticated attacker can upload a PHP file and bypass the .htacess configuration to deny execution of .php files in media and files directory by default...
CVE-2021-46367
RiteCMS version 3.1.0 and below suffers from a remote code execution vulnerability in the admin panel. An authenticated attacker can upload a PHP file and bypass the .htacess configuration to deny execution of .php files in media and files directory by default...
CVE-2021-46367
Summary (CVE-2021-46367): RiteCMS 3.1.0 and earlier contains a remote code execution vulnerability in the admin panel. An authenticated attacker can upload a PHP file and bypass the .htaccess configuration to execute PHP files in the media/files directories, leading to remote code execution. Root...
CVE-2022-27357
Ecommerce-Website v1 was discovered to contain an arbitrary file upload vulnerability via /customerregister.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file...
CVE-2022-27357
Ecommerce-Website v1 was discovered to contain an arbitrary file upload vulnerability via /customerregister.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file...
CVE-2022-27061
AeroCMS v0.0.1 was discovered to contain an arbitrary file upload vulnerability via the Post Image function under the Admin panel. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file...
CVE-2022-27349
Social Codia SMS v1 was discovered to contain an arbitrary file upload vulnerability via addteacher.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file...
Design/Logic Flaw
Zoo Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via /publichtml/applyvacancy. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file...
Design/Logic Flaw
Musical World v1 was discovered to contain an arbitrary file upload vulnerability via uploadedsongs.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file...
Design/Logic Flaw
Simple House Rental System v1 was discovered to contain an arbitrary file upload vulnerability via /app/register.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file...
CVE-2022-27352
Simple House Rental System v1 was discovered to contain an arbitrary file upload vulnerability via /app/register.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file...