12 matches found
CVE-2025-56399
alexusmai laravel-file-manager 3.3.1 and before allows an authenticated attacker to achieve Remote Code Execution RCE through a crafted file upload. A file with a '.png extension containing PHP code can be uploaded via the file manager interface. Although the upload appears to fail client-side...
CVE-2025-56399
alexusmai laravel-file-manager 3.3.1 and before allows an authenticated attacker to achieve Remote Code Execution RCE through a crafted file upload. A file with a '.png extension containing PHP code can be uploaded via the file manager interface. Although the upload appears to fail client-side...
CVE-2025-56399
alexusmai laravel-file-manager 3.3.1 and before allows an authenticated attacker to achieve Remote Code Execution RCE through a crafted file upload. A file with a '.png extension containing PHP code can be uploaded via the file manager interface. Although the upload appears to fail client-side...
CVE-2025-56399
CVE-2025-56399 affects alexusmai/laravel-file-manager 3.3.1 and earlier. An authenticated user can upload a PNG containing PHP code; the upload may bypass client-side validation and be saved on the server. By using the rename API to switch the extension to .php, the file can be accessed via a pub...
PT-2024-29450 · Unknown +1 · Productinfoquick +1
Name of the Vulnerable Software and Affected Versions: productinfoquick version 1.0 Description: The issue allows attackers to execute arbitrary code by uploading a crafted PNG file, exploiting an arbitrary file upload vulnerability in the Ueditor component. Recommendations: For version 1.0, upda...
GHSA-W5MX-334J-6FWV Bagist Cross-site Scripting vulnerability
Bagisto is vulnerable to cross-site scripting XSS via png file upload vulnerability in product review option...
CVE-2023-37602
An arbitrary file upload vulnerability in the component /workplace!explorer of Alkacon OpenCMS v15.0 allows attackers to execute arbitrary code via uploading a crafted PNG file...
CVE-2022-41418
An issue in the component BlogEngine/BlogEngine.NET/AppCode/Api/UploadController.cs of BlogEngine.NET v3.3.8.0 allows attackers to execute arbitrary code via uploading a crafted PNG file...
BlogEngine 路径遍历漏洞
BlogEngine is an open source ASP.NET blog system . The system supports Ajax comments, custom themes and more. BlogEngine v3.3.8.0 version of a security vulnerability , the vulnerability stems from its BlogEngine/BlogEngine.NET/AppCode/Api/UploadController.cs component allows an attacker to upload...
CVE-2022-41418
An issue in the component BlogEngine/BlogEngine.NET/AppCode/Api/UploadController.cs of BlogEngine.NET v3.3.8.0 allows attackers to execute arbitrary code via uploading a crafted PNG file...
PT-2021-3425 · Adobe · Magento
Name of the Vulnerable Software and Affected Versions: Magento versions 2.4.2 and earlier Magento versions 2.4.1-p1 and earlier Magento versions 2.3.6-p1 and earlier Description: The issue is related to insufficient input validation, which could allow a remote attacker to access confidential...
CVE-2018-7302
Tiki 17.1 allows upload of a .PNG file that actually has SVG content, leading to XSS...