Lucene search
+L

6 matches found

veracode
veracode
added 2023/12/28 10:49 a.m.24 views

Arbitrary File Upload

dilab/resumable.php is vulnerable to Arbitrary File Upload. The vulnerability arises due to a lack of file upload path validation within Resumable.php. An attacker can arbitrarily upload any non existing file on the filesystem...

8.1CVSS6.8AI score0.00712EPSS
Exploits0References5Affected Software1
nvd
nvd
added 2023/12/26 6:15 p.m.19 views

CVE-2023-52086

resumable.php aka PHP backend for resumable.js 0.1.4 before 3c6dbf5 allows arbitrary file upload anywhere in the filesystem via ../ in multipart/form-data content to upload.php. File overwrite hasn't been possible with the code available in GitHub in recent years, however...

8.1CVSS0.00712EPSS
Exploits0References5
prion
prion
added 2023/12/26 6:15 p.m.14 views

Design/Logic Flaw

resumable.php aka PHP backend for resumable.js 0.1.4 before 3c6dbf5 allows arbitrary file upload anywhere in the filesystem via ../ in multipart/form-data content to upload.php. File overwrite hasn't been possible with the code available in GitHub in recent years, however...

5.1CVSS7.5AI score0.00712EPSS
Exploits0References5Affected Software1
cve
cve
added 2023/12/26 12:0 a.m.38 views

CVE-2023-52086

Resumable.php (PHP backend for resumable.js) vulnerable to Arbitrary File Upload. Versions 0.1.4 through 3c6dbf5 allow uploading arbitrary files anywhere on the filesystem via ../ in multipart/form-data to upload.php. The risk is enabling attackers to place files outside the intended directory; f...

8.1CVSS8.2AI score0.00712EPSS
Exploits0References5Affected Software1
cvelist
cvelist
added 2023/12/26 12:0 a.m.30 views

CVE-2023-52086

resumable.php aka PHP backend for resumable.js 0.1.4 before 3c6dbf5 allows arbitrary file upload anywhere in the filesystem via ../ in multipart/form-data content to upload.php. File overwrite hasn't been possible with the code available in GitHub in recent years, however...

8.5AI score0.00712EPSS
Exploits0References5
osv
osv
added 2023/12/26 12:0 a.m.28 views

CVE-2023-52086

resumable.php aka PHP backend for resumable.js 0.1.4 before 3c6dbf5 allows arbitrary file upload anywhere in the filesystem via ../ in multipart/form-data content to upload.php. File overwrite hasn't been possible with the code available in GitHub in recent years, however...

8.1CVSS7.5AI score0.00712EPSS
Exploits0References7
Rows per page
Query Builder