CVE-2026-4201

A weakness has been identified in glowxq glowxq-oj up to 6f7c723090472057252040fd2bbbdaa1b5ed2393. This vulnerability affects the function Upload of the file business/business-system/src/main/java/com/glowxq/system/admin/controller/SysFileController.java. Executing a manipulation can lead to...

CVE-2026-2550

A vulnerability was found in EFM iptime A6004MX 14.18.2. Affected is the function commitvpnclifileupload of the file /cgi/timepro.cgi. The manipulation results in unrestricted upload. The attack may be performed from remote. The exploit has been made public and could be used. The vendor was...

CVE-2022-50939

e107 CMS version 3.2.1 contains a critical file upload vulnerability that allows authenticated administrators to override arbitrary server files through path traversal. The vulnerability exists in the Media Manager's remote URL upload functionality image.php where the uploadcaption parameter is n...

CVE-2025-14582

CVE-2025-14582 affects CampCodes Online Student Enrollment System v1.0. The vulnerability resides in the file /admin/index.php?page=user-profile, where manipulating the userphoto argument enables unrestricted file upload. Exploitation can be performed remotely and public exploits exist. Multiple ...

CVE-2025-13411

A vulnerability was found in Campcodes Retro Basketball Shoes Online Store 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/adminfootball.php. Performing a manipulation of the argument productimage results in unrestricted upload. The attack is possible to be...

CVE-2025-11470

CVE-2025-11470 affects SourceCodester Hotel and Lodge Management System up to version 1.0. The vulnerability is in an unknown function of the file /manage_website.php , where manipulation of the argument website_image/back_login_image leads to an unrestricted file upload . It is possible to explo...

CVE-2025-9415

GreenCMS ≤ 2.3.0603 contains an unrestricted file upload vulnerability in index.php?m=admin&c=media&a=fileconnect via manipulation of the upload[] parameter. The issue allows remote exploitation and is linked to publicly available exploits. It affects products no longer maintained. Remediation: u...

CVE-2025-9406 xuhuisheng lemon CmsArticleController.java uploadImage unrestricted upload

A weakness has been identified in xuhuisheng lemon up to 1.13.0. This affects the function uploadImage of the file CmsArticleController.java of the component com.mossle.cms.web.CmsArticleController.uploadImage. This manipulation of the argument Upload causes unrestricted upload. The attack can be...

PT-2025-34036 · Emlog Pro · Emlog Pro

Name of the Vulnerable Software and Affected Versions: Emlog Pro versions through 2.5.18 Description: A weakness has been identified that allows for unrestricted file upload. This issue affects the processing of the file /admin/media.php?action=upload&sid=0. Manipulation of the File argument can...

CVE-2024-3736

A vulnerability was found in cym1102 nginxWebUI up to 3.9.9. It has been declared as problematic. Affected by this vulnerability is the function upload of the file /adminPage/main/upload. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been...

CVE-2023-42017

IBM Planning Analytics Local 2.0 could allow a remote attacker to upload arbitrary files, caused by the improper validation of file extensions. By sending a specially crafted HTTP request, a remote attacker could exploit this vulnerability to upload a malicious script, which could allow the...

CVE-2020-12840

ismartgate PRO 1.5.9 is vulnerable to CSRF that allows remote attackers to upload sound files via /index.php...

Yokogawa License Manager Service

1. EXECUTIVE SUMMARY CVSS v8.1 ATTENTION : Exploitable remotely Vendor : Yokogawa Equipment : License Manager Service Vulnerability : Unrestricted Upload of Files with Dangerous Type 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to remotely upload files,...

GarageSales Remote Upload Vulnerability

No description provided by source. Exploit Title: GarageSales Remote Upload Vulnerability Date: 06/04/2010 Author: saidinh0 Software Link: N/A Version: 2004/2008 Tested on: Linux/unix CVE : if exists Code : N/A Email : [email protected] | Intorduction :| Hi everybody , This my first bug Remote Uplo...

CVE-2013-5539

The upload-dialog implementation in Cisco Identity Services Engine ISE allows remote authenticated users to upload files with an arbitrary file type, and consequently conduct attacks against unspecified other systems, via a crafted file, aka Bug ID CSCui67511...

Simple Help Desk Remote Upload Vulnerability

Exploit for php platform in category web applications Author : L3b-r1'z Title : Simple Help Desk Remote Upload Vulnerability Email : email protected Site : Sec4Leb.Com Download : http://simplehelpdesk.com/helpdeskfinal.zip Dork : allintitle: "Help Desk - Log In" Upload Vuln + P0c : First Register...

SOOP Portal Raven 1.0b - Arbitrary File Upload

Exploit Title: SOOP Portal Raven 1.0b Remote Upload Shell Vulnerability Google Dork: "Powered by SOOP Portal Raven 1.0b" Date: 06-12-2010 Author: Sun Army Version: Raven 1.0b Tested on: Win 2003 Exploit 1.Register On Site 2.Shell Renamed to .asp.jpg shell.asp.jpg 3.Go This Page --...

SOOP Portal 2.0 Shell Upload

I N F O Exploit Title: SOOP Portal 2.0 Remote Upload Shell Vulnerability DDate: 05-12-2010 Author: Net.Edit0r Software Link: www.soopportal.com Version: 2.0 Tested on: windows server 2008 Contact: [email protected] [email protected] E X P L O I T 1. Register On Site 2...

Creavion CMS remote upload vulnerability-vulnerability warning-the black bar safety net

Creavion CMS program to use the Fckeditor editor, not the test page delete lead to remote file upload vulnerability. google : "powered by creavion cms" Upload vulnerability page: http://Target/path/admin/FCKeditor/editor/filemanager/browser/default/connectors/test.html...

Multi-Mirror - Arbitrary File Upload

======================================================================================== | Title : Multi-Mirror Remote Upload Vulnerability | Author : indoushka | email : [email protected] | Home : www.iqs3cur1ty.com | Web Site : http://www.p30vel.ir/ | Tested on: windows SP2 Français V.Pnx2...