Lucene search
K

12 matches found

RedhatCVE
RedhatCVE
added 2025/10/29 12:11 a.m.13 views

CVE-2025-56399

alexusmai laravel-file-manager 3.3.1 and before allows an authenticated attacker to achieve Remote Code Execution RCE through a crafted file upload. A file with a '.png extension containing PHP code can be uploaded via the file manager interface. Although the upload appears to fail client-side...

8.8CVSS7.6AI score0.0051EPSS
Exploits2References1
Cvelist
Cvelist
added 2025/10/28 12:0 a.m.13 views

CVE-2025-56399

alexusmai laravel-file-manager 3.3.1 and before allows an authenticated attacker to achieve Remote Code Execution RCE through a crafted file upload. A file with a '.png extension containing PHP code can be uploaded via the file manager interface. Although the upload appears to fail client-side...

0.0051EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2025/10/28 12:0 a.m.7 views

CVE-2025-56399

alexusmai laravel-file-manager 3.3.1 and before allows an authenticated attacker to achieve Remote Code Execution RCE through a crafted file upload. A file with a '.png extension containing PHP code can be uploaded via the file manager interface. Although the upload appears to fail client-side...

7.2AI score0.0051EPSS
Exploits2References1
CVE
CVE
added 2025/10/28 12:0 a.m.41 views

CVE-2025-56399

CVE-2025-56399 affects alexusmai/laravel-file-manager 3.3.1 and earlier. An authenticated user can upload a PNG containing PHP code; the upload may bypass client-side validation and be saved on the server. By using the rename API to switch the extension to .php, the file can be accessed via a pub...

8.8CVSS7.2AI score0.0051EPSS
Exploits2References1
Positive Technologies
Positive Technologies
added 2024/08/09 12:0 a.m.4 views

PT-2024-29450 · Unknown +1 · Productinfoquick +1

Name of the Vulnerable Software and Affected Versions: productinfoquick version 1.0 Description: The issue allows attackers to execute arbitrary code by uploading a crafted PNG file, exploiting an arbitrary file upload vulnerability in the Ueditor component. Recommendations: For version 1.0, upda...

9.8CVSS8.2AI score0.00965EPSS
Exploits0References2
OSV
OSV
added 2024/03/01 6:30 p.m.19 views

GHSA-W5MX-334J-6FWV Bagist Cross-site Scripting vulnerability

Bagisto is vulnerable to cross-site scripting XSS via png file upload vulnerability in product review option...

6.5CVSS6.1AI score0.00522EPSS
Exploits1References6
ATTACKERKB
ATTACKERKB
added 2023/07/20 7:15 p.m.9 views

CVE-2023-37602

An arbitrary file upload vulnerability in the component /workplace!explorer of Alkacon OpenCMS v15.0 allows attackers to execute arbitrary code via uploading a crafted PNG file...

6.1CVSS6.7AI score0.00586EPSS
Exploits1References2
Cvelist
Cvelist
added 2022/12/19 12:0 a.m.27 views

CVE-2022-41418

An issue in the component BlogEngine/BlogEngine.NET/AppCode/Api/UploadController.cs of BlogEngine.NET v3.3.8.0 allows attackers to execute arbitrary code via uploading a crafted PNG file...

7.4AI score0.01156EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/12/19 12:0 a.m.5 views

BlogEngine 路径遍历漏洞

BlogEngine is an open source ASP.NET blog system . The system supports Ajax comments, custom themes and more. BlogEngine v3.3.8.0 version of a security vulnerability , the vulnerability stems from its BlogEngine/BlogEngine.NET/AppCode/Api/UploadController.cs component allows an attacker to upload...

7.2CVSS7.7AI score0.01156EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2022/12/19 12:0 a.m.7 views

CVE-2022-41418

An issue in the component BlogEngine/BlogEngine.NET/AppCode/Api/UploadController.cs of BlogEngine.NET v3.3.8.0 allows attackers to execute arbitrary code via uploading a crafted PNG file...

7.7AI score0.01156EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2021/05/11 12:0 a.m.3 views

PT-2021-3425 · Adobe · Magento

Name of the Vulnerable Software and Affected Versions: Magento versions 2.4.2 and earlier Magento versions 2.4.1-p1 and earlier Magento versions 2.3.6-p1 and earlier Description: The issue is related to insufficient input validation, which could allow a remote attacker to access confidential...

4CVSS4.2AI score0.01425EPSS
Exploits0References11
NVD
NVD
added 2018/02/21 8:29 p.m.21 views

CVE-2018-7302

Tiki 17.1 allows upload of a .PNG file that actually has SVG content, leading to XSS...

5.4CVSS5.5AI score0.00561EPSS
Exploits1References1
Rows per page
Query Builder