3 matches found
SolidInvoice 跨站脚本漏洞
SolidInvoice is an open-source invoice processing application developed by SolidInvoice. Versions of SolidInvoice prior to 2.3.17 contained a cross-site scripting vulnerability. This vulnerability stemmed from the company logo upload feature not verifying file types. As a result, authenticated...
CVE-2020-18462
File Upload vulnerabilty in AikCms v2.0.0 in posteredit.php because the background file management office does not verify the uploaded file...
CVE-2018-14028
In WordPress 4.9.7, plugins uploaded via the admin area are not verified as being ZIP files. This allows for PHP files to be uploaded. Once a PHP file is uploaded, the plugin extraction fails, but the PHP file remains in a predictable wp-content/uploads location, allowing for an attacker to then...