Lucene search
K

7 matches found

CNNVD
CNNVD
added 2026/03/27 12:0 a.m.14 views

Bludit 代码问题漏洞

Bludit is an open-source, lightweight blog content management system developed by Bludit. Bludit has code vulnerabilities that allow authenticated attackers to upload any type of file, potentially leading to remote code execution...

8.8CVSS6.1AI score0.01919EPSS
Exploits4References3
OSV
OSV
added 2026/03/17 11:51 p.m.5 views

CVE-2026-27895 LAM has incorrect regular expression in PDF export component that allows user to upload files of any type

LDAP Account Manager LAM is a webfrontend for managing entries e.g. users, groups, DHCP settings stored in an LDAP directory. Prior to version 9.5, the PDF export component does not correctly validate uploaded file extensions. This way any file type including .php files can be uploaded. With...

4.3CVSS6.4AI score0.00419EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/09/30 12:0 a.m.4 views

PT-2025-39964

Name of the Vulnerable Software and Affected Versions PAD CMS affected versions not specified Description The software’s photo upload functionality allows a remote attacker to upload files of any type and extension without restriction due to a client-controlled permission check parameter. This ca...

10CVSS6.9AI score0.00583EPSS
Exploits0References4
CNNVD
CNNVD
added 2020/12/18 12:0 a.m.6 views

Tangro Business Workflow 代码问题漏洞

Tangro Business Workflow is a German Tangro company's internal control of the contents of SAP documents and the approval process for the visual drawing of the software. A code issue vulnerability exists in tangro Business Workflow versions prior to 1.18.1, which stems from requesting a list of...

8.8CVSS7.4AI score0.01234EPSS
Exploits1References3
OSV
OSV
added 2020/09/09 1:15 p.m.5 views

CVE-2020-6288

SAP Business Objects Business Intelligence Platform Web Intelligence HTML interface allows an attacker with edit document rights to upload any file including script files without proper file format validation leading to Unrestricted upload of file with dangerous type vulnerability. The attacker c...

5.3CVSS6.1AI score0.00656EPSS
Exploits0References2
OSV
OSV
added 2019/04/09 2:29 p.m.5 views

CVE-2019-11028

GAT-Ship Web Module before 1.40 suffers from a vulnerability allowing authenticated attackers to upload any file type to the server via the "Documents" area. This vulnerability is related to "uploadDocFile.aspx"...

8.8CVSS5.8AI score0.0274EPSS
Exploits1References4
OSV
OSV
added 2019/01/31 9:29 a.m.3 views

CVE-2019-7216

An issue was discovered in FileChucker 4.99e-free-e02. filechucker.cgi has a filter bypass that allows a malicious user to upload any type of file by using % characters within the extension, e.g., file.%ph%p becomes file.php...

7.8CVSS5.8AI score0.01985EPSS
Exploits1References2
Rows per page
Query Builder