Lucene search
K

6 matches found

NVD
NVD
added 2026/06/19 6:16 p.m.13 views

CVE-2019-25758

Joomla! Component vBizz 1.0.7 contains an unrestricted file upload vulnerability that allows authenticated attackers to upload arbitrary PHP files by submitting malicious files through the profilepic parameter. Attackers can upload PHP files via POST requests to the employee view endpoint and...

8.8CVSS0.0067EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/19 5:35 p.m.4 views

CVE-2019-25758

Joomla! Component vBizz 1.0.7 contains an unrestricted file upload vulnerability that allows authenticated attackers to upload arbitrary PHP files by submitting malicious files through the profilepic parameter. Attackers can upload PHP files via POST requests to the employee view endpoint and...

8.8CVSS6.4AI score0.0067EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/06/19 5:35 p.m.20 views

CVE-2019-25758 Joomla! Component vBizz 1.0.7 Remote Code Execution

Joomla! Component vBizz 1.0.7 contains an unrestricted file upload vulnerability that allows authenticated attackers to upload arbitrary PHP files by submitting malicious files through the profilepic parameter. Attackers can upload PHP files via POST requests to the employee view endpoint and...

8.8CVSS0.0067EPSS
Exploits0References4
CVE
CVE
added 2026/06/19 5:35 p.m.11 views

CVE-2019-25758

CVE-2019-25758 affects Joomla! component vBizz 1.0.7. The vulnerability is an unrestricted file upload in the profile_pic parameter, enabling authenticated attackers to upload arbitrary PHP files. By submitting malicious files via POST to the employee view endpoint, attackers can place PHP code i...

8.8CVSS6.4AI score0.0067EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/01/08 12:0 a.m.4 views

PHPGurukul Staff Leave Management System 代码注入漏洞

PHPGurukul Staff Leave Management System is an employee leave management system from PHPGurukul. A code injection vulnerability exists in version 1.0 of the PHPGurukul Staff Leave Management System, which stems from an incorrect manipulation of the parameter profilepic in the file...

4.8CVSS4.2AI score0.00238EPSS
Exploits1References6
OSV
OSV
added 2025/04/10 2:15 p.m.4 views

CVE-2025-29017

A Remote Code Execution RCE vulnerability exists in Code Astro Internet Banking System 2.0.0 due to improper file upload validation in the profilepic parameter within pagesviewclient.php...

8.8CVSS5.9AI score0.00749EPSS
Exploits2References1
Rows per page
Query Builder