83 matches found
CVE-2026-42879
FacturaScripts is an open source accounting and invoicing software. In 2025.81 and earlier, an authenticated unrestricted file upload vulnerability exists in FacturaScripts' product image upload functionality. An attacker with valid credentials can upload a PHP file disguised as a GIF image using...
CVE-2025-15110
A vulnerability has been found in jackq XCMS up to 3fab5342cc509945a7ce1b8ec39d19f701b89261. Affected is the function Upload of the file Admin/Home/Controller/ProductImageController.class.php of the component Backend. Such manipulation of the argument File leads to unrestricted upload. It is...
EUVD-2025-205482
A vulnerability has been found in jackq XCMS up to 3fab5342cc509945a7ce1b8ec39d19f701b89261. Affected is the function Upload of the file Admin/Home/Controller/ProductImageController.class.php of the component Backend. Such manipulation of the argument File leads to unrestricted upload. It is...
CVE-2025-15110
A vulnerability has been found in jackq XCMS up to 3fab5342cc509945a7ce1b8ec39d19f701b89261. Affected is the function Upload of the file Admin/Home/Controller/ProductImageController.class.php of the component Backend. Such manipulation of the argument File leads to unrestricted upload. It is...
CVE-2025-15110
A vulnerability has been found in jackq XCMS up to 3fab5342cc509945a7ce1b8ec39d19f701b89261. Affected is the function Upload of the file Admin/Home/Controller/ProductImageController.class.php of the component Backend. Such manipulation of the argument File leads to unrestricted upload. It is...
CVE-2025-15110
The CVE describes a flaw in jackq XCMS Backend where the Upload function in Admin/Home/Controller/ProductImageController.class.php mishandles the File argument, enabling unrestricted remote file uploads. Multiple sources confirm the affected component and argue that manipulating the File paramete...
CVE-2025-15110 jackq XCMS Backend ProductImageController.class.php upload unrestricted upload
A vulnerability has been found in jackq XCMS up to 3fab5342cc509945a7ce1b8ec39d19f701b89261. Affected is the function Upload of the file Admin/Home/Controller/ProductImageController.class.php of the component Backend. Such manipulation of the argument File leads to unrestricted upload. It is...
CVE-2025-15110 jackq XCMS Backend ProductImageController.class.php upload unrestricted upload
A vulnerability has been found in jackq XCMS up to 3fab5342cc509945a7ce1b8ec39d19f701b89261. Affected is the function Upload of the file Admin/Home/Controller/ProductImageController.class.php of the component Backend. Such manipulation of the argument File leads to unrestricted upload. It is...
PT-2025-53626
Name of the Vulnerable Software and Affected Versions jackq XCMS versions prior to 3fab5342cc509945a7ce1b8ec39d19f701b89261 Description A flaw exists in jackq XCMS that allows for unrestricted file upload. The issue is located in the Upload function within the...
XCMS 代码问题漏洞
XCMS is a CMS website builder system by JackQ Individual Developer. A code issue vulnerability exists in jackq XCMS, which stems from an incorrect manipulation of the parameter File in the file Admin/Home/Controller/ProductImageController.class.php, which could lead to unlimited uploads...
CVE-2025-14219
A weakness has been identified in Campcodes Retro Basketball Shoes Online Store 1.0. The impacted element is an unknown function of the file /admin/adminrunning.php. Executing a manipulation of the argument productimage can lead to unrestricted upload. It is possible to launch the attack remotely...
CVE-2025-14219
A weakness has been identified in Campcodes Retro Basketball Shoes Online Store 1.0. The impacted element is an unknown function of the file /admin/adminrunning.php. Executing a manipulation of the argument productimage can lead to unrestricted upload. It is possible to launch the attack remotely...
CVE-2025-14219
CVE-2025-14219 concerns Campcodes Retro Basketball Shoes Online Store 1.0. The weakness is in an unknown function of the file /admin/admin_running.php where manipulation of the argument product_image enables unrestricted file upload. This could allow remote attackers to upload arbitrary files, wi...
EUVD-2025-201667
A weakness has been identified in Campcodes Retro Basketball Shoes Online Store 1.0. The impacted element is an unknown function of the file /admin/adminrunning.php. Executing manipulation of the argument productimage can lead to unrestricted upload. It is possible to launch the attack remotely...
CampCodes Retro Basketball Shoes Online Store 安全漏洞
CampCodes Retro Basketball Shoes Online Store is an online store for retro basketball shoes from CampCodes, Inc. A security vulnerability exists in Campcodes Retro Basketball Shoes Online Store version 1.0, which stems from incorrect manipulation of the parameter productimage in the file...
CVE-2025-13423
A flaw has been found in Campcodes Retro Basketball Shoes Online Store 1.0. The impacted element is an unknown function of the file /admin/adminproduct.php. Executing a manipulation of the argument productimage can lead to unrestricted upload. The attack may be launched remotely. The exploit has...
CVE-2025-13411
A vulnerability was found in Campcodes Retro Basketball Shoes Online Store 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/adminfootball.php. Performing a manipulation of the argument productimage results in unrestricted upload. The attack is possible to be...
CVE-2025-13423
A flaw has been found in Campcodes Retro Basketball Shoes Online Store 1.0. The impacted element is an unknown function of the file /admin/adminproduct.php. Executing a manipulation of the argument productimage can lead to unrestricted upload. The attack may be launched remotely. The exploit has...
CampCodes Retro Basketball Shoes Online Store 代码问题漏洞
CampCodes Retro Basketball Shoes Online Store is an online store for retro basketball shoes from CampCodes, Inc. A code issue vulnerability exists in CampCodes Retro Basketball Shoes Online Store version 1.0, which stems from incorrect manipulation of the parameter productimage in the file...
CVE-2025-13423 Campcodes Retro Basketball Shoes Online Store admin_product.php unrestricted upload
A flaw has been found in Campcodes Retro Basketball Shoes Online Store 1.0. The impacted element is an unknown function of the file /admin/adminproduct.php. Executing a manipulation of the argument productimage can lead to unrestricted upload. The attack may be launched remotely. The exploit has...