7 matches found
Bludit 代码问题漏洞
Bludit is an open-source, lightweight blog content management system developed by Bludit. Bludit has code vulnerabilities that allow authenticated attackers to upload any type of file, potentially leading to remote code execution...
CVE-2026-27895 LAM has incorrect regular expression in PDF export component that allows user to upload files of any type
LDAP Account Manager LAM is a webfrontend for managing entries e.g. users, groups, DHCP settings stored in an LDAP directory. Prior to version 9.5, the PDF export component does not correctly validate uploaded file extensions. This way any file type including .php files can be uploaded. With...
PT-2025-39964
Name of the Vulnerable Software and Affected Versions PAD CMS affected versions not specified Description The software’s photo upload functionality allows a remote attacker to upload files of any type and extension without restriction due to a client-controlled permission check parameter. This ca...
Tangro Business Workflow 代码问题漏洞
Tangro Business Workflow is a German Tangro company's internal control of the contents of SAP documents and the approval process for the visual drawing of the software. A code issue vulnerability exists in tangro Business Workflow versions prior to 1.18.1, which stems from requesting a list of...
CVE-2020-6288
SAP Business Objects Business Intelligence Platform Web Intelligence HTML interface allows an attacker with edit document rights to upload any file including script files without proper file format validation leading to Unrestricted upload of file with dangerous type vulnerability. The attacker c...
CVE-2019-11028
GAT-Ship Web Module before 1.40 suffers from a vulnerability allowing authenticated attackers to upload any file type to the server via the "Documents" area. This vulnerability is related to "uploadDocFile.aspx"...
CVE-2019-7216
An issue was discovered in FileChucker 4.99e-free-e02. filechucker.cgi has a filter bypass that allows a malicious user to upload any type of file by using % characters within the extension, e.g., file.%ph%p becomes file.php...