5 matches found
Arbitrary File Upload
Overview codeigniter4/framework is a PHP full-stack web framework that is light, fast, flexible, and secure. Affected versions of this package are vulnerable to Arbitrary File Upload in the extin validation process for file uploads. An attacker can execute arbitrary code by uploading a file with ...
CodeIgniter4 has a validation bypass when uploading file extensions via `ext_in` rule
Impact The extin upload validation rule checked the MIME-derived guessed extension instead of the client-provided filename extension. As a result, an uploaded file named shell.php containing GIF-like content could pass validation such as:...
PT-2026-48810
Name of the Vulnerable Software and Affected Versions CodeIgniter versions prior to 4.7.3 Description The ext in upload validation rule incorrectly checks the MIME-derived guessed extension instead of the extension provided in the client filename. This allows a file with an executable extension,...
CVE-2025-12655 Hippoo Mobile App for WooCommerce <= 1.7.1 - Missing Authorization to Unauthenticated Limited File Write
The Hippoo Mobile App for WooCommerce plugin for WordPress is vulnerable to arbitrary file write via a missing authorization check in all versions up to, and including, 1.7.1. This is due to the REST API endpoint /wp-json/hippoo/v1/wc/token/savecallback/tokenid being registered with...
File Upload Vulnerability in Wando OA System
Wando Ezoffice system is a set of jsp-based oa system , the system is based on J2EE architecture technology of three-tier architecture , completely B / S architecture , widely used in various industries . Wando Ezoffice collaborative office platform there is a file upload vulnerability in...