CVE-2022-48006

An arbitrary file upload vulnerability in taocms v3.0.2 allows attackers to execute arbitrary code via a crafted PHP file. This vulnerability is exploited via manipulation of the upext variable at /include/Model/Upload.php...

CVE-2022-45275

An arbitrary file upload vulnerability in /queuing/admin/ajax.php?action=savesettings of Dynamic Transaction Queuing System v1.0 allows attackers to execute arbitrary code via a crafted PHP file...

CVE-2022-43085

An arbitrary file upload vulnerability in addproduct.php of Restaurant POS System v1.0 allows attackers to execute arbitrary code via a crafted PHP file...

CVE-2022-43083

An arbitrary file upload vulnerability in admin-add-vehicle.php of Vehicle Booking System v1.0 allows attackers to execute arbitrary code via a crafted PHP file...

CVE-2022-43061

Online Tours & Travels Management System v1.0 was discovered to contain an arbitrary file upload vulnerability in the component /operations/travellers.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file...

CVE-2022-24608

Luocms v2.0 is affected by Cross Site Scripting XSS in /admin/news/sortadd.php and /inc/function.php...

WordPress plugin Wilmër 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in the...

PT-2025-22730 · Unknown +1 · Wpfable Fable Extra +1

Name of the Vulnerable Software and Affected Versions: WPFable Fable Extra versions 1.0.0 through 1.0.6 Description: The issue is related to an Improper Control of Filename for Include/Require Statement in PHP Program, also known as 'PHP Remote File Inclusion', which allows PHP Local File...

CVE-2022-43234

An arbitrary file upload vulnerability in the /attachments component of Hoosk v1.8 allows attackers to execute arbitrary code via a crafted PHP file...

CVE-2022-41504

An arbitrary file upload vulnerability in the component /phpaction/editProductImage.php of Billing System Project v1.0 allows attackers to execute arbitrary code via a crafted PHP file...

CVE-2022-40087

Simple College Website v1.0 was discovered to contain an arbitrary file write vulnerability via the function fileputcontents. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file...

CVE-2022-3912

The User Registration WordPress plugin before 2.2.4.1 does not properly restrict the files to be uploaded via an AJAX action available to both unauthenticated and authenticated users, which could allow unauthenticated users to upload PHP files for example...

CVE-2022-36582

An arbitrary file upload vulnerability in the component /phpaction/createProduct.php of Garage Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file...

CVE-2022-34971

An arbitrary file upload vulnerability in the Advertising Management module of Feehi CMS v2.1.1 allows attackers to execute arbitrary code via a crafted PHP file...

CVE-2022-32420

College Management System v1.0 was discovered to contain a remote code execution RCE vulnerability via /College/admin/teacher.php. This vulnerability is exploited via a crafted PHP file...

CVE-2022-32433

itsourcecode Advanced School Management System v1.0 is vulnerable to Arbitrary code execution via ip/school/view/allteacher.php...

CVE-2022-31374

An arbitrary file upload vulnerability /images/background/1.php in of SolarView Compact 6.0 allows attackers to execute arbitrary code via a crafted php file...

CVE-2022-30037

XunRuiCMS v4.3.3 to v4.5.1 vulnerable to PHP file write and CMS PHP file inclusion, allows attackers to execute arbitrary php code, via the add function in cron.php...

CVE-2022-29651

An arbitrary file upload vulnerability in the Select Image function of Online Food Ordering System v1.0 allows attackers to execute arbitrary code via a crafted PHP file...

CVE-2022-29655

An arbitrary file upload vulnerability in the Upload Photos module of Wedding Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file...