CVE-2026-3026

A vulnerability has been found in erzhongxmu JEEWMS 3.7. Affected by this issue is some unknown functionality of the file /plug-in/ueditor/jsp/getRemoteImage.jsp of the component UEditor. The manipulation of the argument upfile leads to server-side request forgery. The attack can be initiated...

CVE-2026-3026

A vulnerability has been found in erzhongxmu JEEWMS 3.7. Affected by this issue is some unknown functionality of the file /plug-in/ueditor/jsp/getRemoteImage.jsp of the component UEditor. The manipulation of the argument upfile leads to server-side request forgery. The attack can be initiated...

CVE-2026-3026

CVE-2026-3026 affects erzhongxmu JEEWMS 3.7. The issue targets the /plug-in/ueditor/jsp/getRemoteImage.jsp component of UEditor, where manipulating the upfile argument triggers a server-side request forgery (SSRF). Exploitation is remote and publicly disclosed; the vendor was contacted but did no...

JeeWMS 代码问题漏洞

JeeWMS is a JAVA-based warehouse management system developed by JeeWMS Corporation in China. Version 3.7 of JeeWMS contains code vulnerabilities. These vulnerabilities stem from improper handling of the upfile parameter in the component UEditor’s file/plug-in/ueditor/jsp/getRemoteImage.jsp, which...

PT-2026-21557

Name of the Vulnerable Software and Affected Versions erzhongxmu JEEWMS version 3.7 Description A server-side request forgery issue exists due to the manipulation of the upfile argument in the /plug-in/ueditor/jsp/getRemoteImage.jsp file. This can be exploited remotely. The exploit has been...

CVE-2024-9291

A vulnerability classified as problematic has been found in kalvinGit kvf-admin up to f12a94dc1ebb7d1c51ee978a85e4c7ed75c620ff. Affected is an unknown function of the file /ueditor/upload?configPath=ueditor/config.json&action=uploadfile of the component XML File Handler. The manipulation of the...

PT-2024-39546 · Unknown · Kalvingit Kvf-Admin

Name of the Vulnerable Software and Affected Versions: kalvinGit kvf-admin up to f12a94dc1ebb7d1c51ee978a85e4c7ed75c620ff Description: A problematic vulnerability has been found in the XML File Handler component of kalvinGit kvf-admin. The issue affects an unknown function of the file...

CVE-2024-7705

A vulnerability was found in Fujian mwcms 1.0.0. It has been declared as critical. Affected by this vulnerability is the function uploadeditor of the file /uploadeditor.html?action=uploadimage of the component Image Upload. The manipulation of the argument upfile leads to unrestricted upload. The...

MWCMS 代码问题漏洞

MWCMS is a content management system of China's CodeWing Network Technology Company. A code issue exists in MWCMS version 1.0.0, which is caused by an unrestricted file upload vulnerability in the upfile parameter of the /uploadfile.html page...

PT-2024-38526 · Unknown · Fujian Mwcms

Name of the Vulnerable Software and Affected Versions: Fujian mwcms version 1.0.0 Description: A critical issue affects the uploadimage function of the file /uploadfile.html. The manipulation of the upfile argument leads to unrestricted upload. This issue can be exploited remotely. The exploit ha...

CVE-2024-7342

A vulnerability was found in Baidu UEditor 1.4.3.3. It has been classified as problematic. This affects an unknown part of the file /ueditor/php/controller.php?action=uploadfile&encode=utf-8. The manipulation of the argument upfile leads to unrestricted upload. It is possible to initiate the atta...

Baidu UEditor 代码问题漏洞

Baidu UEditor is a WYSIWYG rich text web editor from the Chinese company Baidu. A code issue vulnerability exists in Baidu UEditor version 1.4.3.3, which stems from the operation of the parameter upfile that can lead to unrestricted uploads...

FeMiner wms 代码问题漏洞

FeMiner wms is a repository management system for individual developers of the Chinese front-end miner FeMiner. A security vulnerability exists in FeMiner wms, which stems from some unknown functionality in the file /product/savenewproduct.php?flag=1, where the operation of the parameter upfile...

CVE-2018-20528

JEECMS 9 has SSRF via the ueditor/getRemoteImage.jspx upfile parameter...

CVE-2017-14323

SSRF Server Side Request Forgery in getRemoteImage.php in Ueditor in Onethink V1.0 and V1.1 allows remote attackers to obtain sensitive information, attack intranet hosts, or possibly trigger remote command execution via the upfile parameter...

SSRF Vulnerability in Jspxcms Enterprise Open Source Web Content Management System

jspxcms is an open source, Java-based content management system CMS. An SSRF vulnerability exists in the source and upfile parameters of the classes\com\jspxcms\core\web\fore\UploadController.java file in Jspxcms, which allows an attacker to initiate a request to an intranet host to obtain the...