5 matches found
UBUNTU-CVE-2025-8177
A vulnerability was found in LibTIFF up to 4.7.0. It has been rated as critical. This issue affects the function setrow of the file tools/thumbnail.c. The manipulation leads to buffer overflow. An attack has to be approached locally. The patch is named e8c9d6c616b19438695fd829e58ae4fde5bfbc22. It...
Arbitrary File Upload
concrete5/concrete5 is vulnerable to Arbitrary File Upload. The vulnerability exists due to the lack of sanitization in the Thumbnail file upload section, which allows an attacker to upload maliciously crafted PDF, SVG, or HTML files, potentially leading to Cross-Site Scripting XSS attacks...
GHSA-WRP2-6V6J-HFMG ConcreteCMS vulnerable to Stored Cross-site Scripting
Concrete CMS v9.2.1 is affected by Arbitrary File Upload vulnerability via the Thumbnail file upload, which allows Cross-Site Scripting XSS...
CVE-2023-44763
Summary: Concrete CMS v9.2.1 is affected by an arbitrary file upload vulnerability via the Thumbnail upload, enabling Cross-Site Scripting (XSS). The issue stems from insufficient validation/sanitization of uploaded files, allowing malicious content to be stored/executed. Several connected source...
UBUNTU-CVE-2018-20148
In WordPress before 4.9.9 and 5.x before 5.0.1, contributors could conduct PHP object injection attacks via crafted metadata in a wp.getMediaItem XMLRPC call. This is caused by mishandling of serialized data at phar:// URLs in the wpgetattachmentthumbfile function in wp-includes/post.php...