Lucene search
+L

5 matches found

Snyk
Snyk
added 2026/06/11 5:16 p.m.4 views

Arbitrary File Upload

Overview codeigniter4/framework is a PHP full-stack web framework that is light, fast, flexible, and secure. Affected versions of this package are vulnerable to Arbitrary File Upload in the extin validation process for file uploads. An attacker can execute arbitrary code by uploading a file with ...

9.8CVSS6.3AI score0.00444EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/11 5:16 p.m.14 views

CodeIgniter4 has a validation bypass when uploading file extensions via `ext_in` rule

Impact The extin upload validation rule checked the MIME-derived guessed extension instead of the client-provided filename extension. As a result, an uploaded file named shell.php containing GIF-like content could pass validation such as:...

9.8CVSS6.1AI score0.00444EPSS
Exploits0References6Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.25 views

PT-2026-48810

Name of the Vulnerable Software and Affected Versions CodeIgniter versions prior to 4.7.3 Description The ext in upload validation rule incorrectly checks the MIME-derived guessed extension instead of the extension provided in the client filename. This allows a file with an executable extension,...

9.8CVSS6.2AI score0.00444EPSS
Exploits0References16
Cvelist
Cvelist
added 2025/12/12 6:32 a.m.45 views

CVE-2025-12655 Hippoo Mobile App for WooCommerce <= 1.7.1 - Missing Authorization to Unauthenticated Limited File Write

The Hippoo Mobile App for WooCommerce plugin for WordPress is vulnerable to arbitrary file write via a missing authorization check in all versions up to, and including, 1.7.1. This is due to the REST API endpoint /wp-json/hippoo/v1/wc/token/savecallback/tokenid being registered with...

5.3CVSS0.00244EPSS
Exploits0References4
CNVD
CNVD
added 2015/08/03 12:0 a.m.3 views

File Upload Vulnerability in Wando OA System

Wando Ezoffice system is a set of jsp-based oa system , the system is based on J2EE architecture technology of three-tier architecture , completely B / S architecture , widely used in various industries . Wando Ezoffice collaborative office platform there is a file upload vulnerability in...

7.1AI score
Exploits0
Rows per page
Query Builder