5 matches found
GHSA-WXJW-PHJ6-G75W AVideo Vulnerable to Remote Code Execution via MIME/Extension Mismatch in ImageGallery File Upload
Summary The ImageGallery::saveFile method validates uploaded file content using finfo MIME type detection but derives the saved filename extension from the user-supplied original filename without an allowlist check. An attacker can upload a polyglot file valid JPEG magic bytes followed by PHP cod...
Astra Linux – Vulnerability in ffmpeg
A flaw was discovered in FFmpeg’s HLS demuxer. This vulnerability allows bypassing checks for unsafe file extensions and triggering arbitrary demuxers using base64-encoded data URIs, along with specific file extensions...
DEBIAN-CVE-2023-6601
A flaw was found in FFmpeg's HLS demuxer. This vulnerability allows bypassing unsafe file extension checks and triggering arbitrary demuxers via base64-encoded data URIs appended with specific file extensions...
CVE-2017-15285
X-Cart 5.2.23, 5.3.1.9, 5.3.2.13, and 5.3.3 is vulnerable to Remote Code Execution. This vulnerability exists because the application fails to check remote file extensions before saving locally. This vulnerability can be exploited by anyone with Vendor access or higher. One attack methodology is ...
CVE-2017-14482
Removed by vendor...