Lucene search
+L

24 matches found

osv
osv
added 2026/02/23 9:19 p.m.5 views

CVE-2026-3026

A vulnerability has been found in erzhongxmu JEEWMS 3.7. Affected by this issue is some unknown functionality of the file /plug-in/ueditor/jsp/getRemoteImage.jsp of the component UEditor. The manipulation of the argument upfile leads to server-side request forgery. The attack can be initiated...

7.3CVSS5.4AI score0.00351EPSS
Exploits1References4
cnnvd
cnnvd
added 2026/02/23 12:0 a.m.9 views

JeeWMS 代码注入漏洞

JeeWMS is a JAVA-based warehouse management system developed by JeeWMS Corporation in China. Versions of JeeWMS 3.7 and earlier contained a code injection vulnerability. This vulnerability stemmed from improper handling of the parameter ‘myEditor’ in the file...

6.1CVSS5.7AI score0.00289EPSS
Exploits1References4
redhatcve
redhatcve
added 2025/05/23 8:49 a.m.9 views

CVE-2024-41577

An arbitrary file upload vulnerability in the Ueditor component of productinfoquick v1.0 allows attackers to execute arbitrary code via uploading a crafted PNG file...

9.8CVSS7.8AI score0.00965EPSS
Exploits0References1
snyk
snyk
added 2025/04/21 3:31 p.m.4 views

Arbitrary File Upload

Overview Affected versions of this package are vulnerable to Arbitrary File Upload via the ueditor component in the article management module. An attacker can execute arbitrary code by uploading a malicious XML file. Remediation Upgrade net.mingsoft:ms-mcms to version 5.5.0 or higher. References ...

9.8CVSS7.6AI score0.00675EPSS
Exploits1References2
osv
osv
added 2025/04/21 3:31 p.m.10 views

GHSA-3922-2R6R-R4FV MCMS allows arbitrary file uploads in the ueditor component

An arbitrary file upload vulnerability in the ueditor component of MCMS v5.4.3 allows attackers to execute arbitrary code via uploading a crafted file...

9.8CVSS7.7AI score0.00675EPSS
Exploits1References5
github
github
added 2025/04/21 3:31 p.m.24 views

MCMS allows arbitrary file uploads in the ueditor component

An arbitrary file upload vulnerability in the ueditor component of MCMS v5.4.3 allows attackers to execute arbitrary code via uploading a crafted file...

9.8CVSS7.7AI score0.00675EPSS
Exploits1References5Affected Software1
osv
osv
added 2025/04/21 3:15 p.m.8 views

CVE-2025-29287

An arbitrary file upload vulnerability in the ueditor component of MCMS v5.4.3 allows attackers to execute arbitrary code via uploading a crafted file...

9.8CVSS6.1AI score0.00675EPSS
Exploits1References3
nvd
nvd
added 2025/04/21 3:15 p.m.13 views

CVE-2025-29287

An arbitrary file upload vulnerability in the ueditor component of MCMS v5.4.3 allows attackers to execute arbitrary code via uploading a crafted file...

9.8CVSS0.00675EPSS
Exploits1References2
cve
cve
added 2025/04/21 12:0 a.m.99 views

CVE-2025-29287

CVE-2025-29287 affects MCMS v5.4.3 via the ueditor component, enabling arbitrary code execution through crafted file uploads. The vulnerability is known across multiple advisories (Red Hat, GHSA, OSV, NVD, Snyk, etc.), with CVSS v3.1 base score 9.8 (CRITICAL). Public references describe an arbitr...

9.8CVSS7.8AI score0.00675EPSS
Exploits1References2Affected Software1
vulnrichment
vulnrichment
added 2025/04/21 12:0 a.m.7 views

CVE-2025-29287

An arbitrary file upload vulnerability in the ueditor component of MCMS v5.4.3 allows attackers to execute arbitrary code via uploading a crafted file...

9.6AI score0.00675EPSS
Exploits1References2
ptsecurity
ptsecurity
added 2025/04/21 12:0 a.m.8 views

PT-2025-17439

Name of the Vulnerable Software and Affected Versions MCMS version 5.4.3 Description An arbitrary file upload vulnerability in the ueditor component of MCMS allows attackers to execute arbitrary code via uploading a crafted file. Recommendations For MCMS version 5.4.3, consider disabling the...

9.8CVSS6.3AI score0.00675EPSS
Exploits1References19
cnnvd
cnnvd
added 2025/04/21 12:0 a.m.6 views

MingSoft MCMS 安全漏洞

MingSoft MCMS is a complete open source J2ee system from China's MingFei MingSoft. A security vulnerability exists in MingSoft MCMS version v5.4.3, which stems from the ueditor component allowing the upload of specially crafted files, which could lead to the execution of arbitrary code...

9.8CVSS6.8AI score0.00675EPSS
Exploits1References3
nvd
nvd
added 2024/08/12 1:38 p.m.9 views

CVE-2024-41577

An arbitrary file upload vulnerability in the Ueditor component of productinfoquick v1.0 allows attackers to execute arbitrary code via uploading a crafted PNG file...

9.8CVSS0.00965EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2024/08/09 12:0 a.m.9 views

CVE-2024-41577

An arbitrary file upload vulnerability in the Ueditor component of productinfoquick v1.0 allows attackers to execute arbitrary code via uploading a crafted PNG file...

7.8AI score0.00965EPSS
Exploits0References1
cvelist
cvelist
added 2024/08/09 12:0 a.m.14 views

CVE-2024-41577

An arbitrary file upload vulnerability in the Ueditor component of productinfoquick v1.0 allows attackers to execute arbitrary code via uploading a crafted PNG file...

0.00965EPSS
Exploits0References1
nvd
nvd
added 2023/09/15 5:15 p.m.23 views

CVE-2023-42398

An issue in zzCMS v.2023 allows a remote attacker to execute arbitrary code and obtain sensitive information via the ueditor component in controller.php...

9.8CVSS9.6AI score0.01316EPSS
Exploits1References1
osv
osv
added 2023/09/15 5:15 p.m.5 views

CVE-2023-42398

An issue in zzCMS v.2023 allows a remote attacker to execute arbitrary code and obtain sensitive information via the ueditor component in controller.php...

9.8CVSS6.1AI score0.01316EPSS
Exploits1References1
attackerkb
attackerkb
added 2023/09/15 5:15 p.m.4 views

CVE-2023-42398

An issue in zzCMS v.2023 allows a remote attacker to execute arbitrary code and obtain sensitive information via the ueditor component in controller.php...

9.8CVSS7.7AI score0.01316EPSS
Exploits1References2
prion
prion
added 2023/09/15 5:15 p.m.21 views

Code injection

An issue in zzCMS v.2023 allows a remote attacker to execute arbitrary code and obtain sensitive information via the ueditor component in controller.php...

7.5CVSS9.4AI score0.01316EPSS
Exploits1References1Affected Software1
cve
cve
added 2023/09/15 12:0 a.m.97 views

CVE-2023-42398

The CVE-2023-42398 issue affects zzCMS v.2023, where an attacker can remotely execute arbitrary code and disclose sensitive data through the ueditor component in controller.php. The vulnerability is associated with zzCMS 2023 and involves the ueditor integration in controller.php, enabling code e...

9.8CVSS9.4AI score0.01316EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder