67 matches found
newbee-mall-plus 安全漏洞
newbee-mall-plus is an open source e-commerce system by newbee-ltd. A security vulnerability exists in version 2.0.0 of newbee-mall-plus, which stems from the incorrect manipulation of the parameter File in the file src/main/java/ltd/newbee/mall/controller/common/UploadController.java, which coul...
CVE-2025-60268
An arbitrary file upload vulnerability exists in JeeWMS 20250820, which is caused by the lack of file checking in the saveFiles function in /jeewms/cgUploadController.do. An attacker with normal privileges was able to upload a malicious file that would lead to remote code execution...
EUVD-2025-33761
An arbitrary file upload vulnerability exists in JeeWMS 20250820, which is caused by the lack of file checking in the saveFiles function in /jeewms/cgUploadController.do. An attacker with normal privileges was able to upload a malicious file that would lead to remote code execution...
CVE-2025-11320
A security vulnerability has been detected in zhuimengshaonian wisdom-education up to 1.0.4. Impacted is the function uploadFile of the file src/main/java/com/education/core/controller/UploadController.java. Such manipulation of the argument File leads to unrestricted upload. It is possible to...
CVE-2025-11320
A security vulnerability has been detected in zhuimengshaonian wisdom-education up to 1.0.4. Impacted is the function uploadFile of the file src/main/java/com/education/core/controller/UploadController.java. Such manipulation of the argument File leads to unrestricted upload. It is possible to...
CVE-2025-11320 zhuimengshaonian wisdom-education UploadController.java uploadFile unrestricted upload
A security vulnerability has been detected in zhuimengshaonian wisdom-education up to 1.0.4. Impacted is the function uploadFile of the file src/main/java/com/education/core/controller/UploadController.java. Such manipulation of the argument File leads to unrestricted upload. It is possible to...
CVE-2025-11320
CVE-2025-11320 affects zhuimengshaonian wisdom-education up to 1.0.4. The vulnerability lies in the uploadFile function in src/main/java/com/education/core/controller/UploadController.java, where improper handling/manipulation of the File argument enables unrestricted file upload. Remote exploita...
EUVD-2025-32485
A security vulnerability has been detected in zhuimengshaonian wisdom-education up to 1.0.4. Impacted is the function uploadFile of the file src/main/java/com/education/core/controller/UploadController.java. Such manipulation of the argument File leads to unrestricted upload. It is possible to...
CVE-2025-11320 zhuimengshaonian wisdom-education UploadController.java uploadFile unrestricted upload
A security vulnerability has been detected in zhuimengshaonian wisdom-education up to 1.0.4. Impacted is the function uploadFile of the file src/main/java/com/education/core/controller/UploadController.java. Such manipulation of the argument File leads to unrestricted upload. It is possible to...
wisdom-education 代码问题漏洞
wisdom-education is a cloud intelligence education platform by zhuimengshaonian individual developer. A code issue vulnerability exists in wisdom-education 1.0.4 and earlier versions, which stems from the incorrect manipulation of the parameter File in the file...
PT-2025-40848
Name of the Vulnerable Software and Affected Versions zhuimengshaonian wisdom-education versions prior to 1.0.5 Description A security issue exists in zhuimengshaonian wisdom-education. The uploadFile function within the file src/main/java/com/education/core/controller/UploadController.java is...
EUVD-2025-26359
Malicious code in bioql PyPI...
CVE-2025-9795
A vulnerability has been found in xujeff tianti 天梯 up to 2.3. The impacted element is the function ajaxUploadFile of the file src/main/java/com/jeff/tianti/controller/UploadController.java. The manipulation of the argument upfile leads to unrestricted upload. It is possible to initiate the attack...
CVE-2025-9795
A vulnerability has been found in xujeff tianti 天梯 up to 2.3. The impacted element is the function ajaxUploadFile of the file src/main/java/com/jeff/tianti/controller/UploadController.java. The manipulation of the argument upfile leads to unrestricted upload. It is possible to initiate the attack...
CVE-2025-9795
CVE-2025-9795 affects xujeff tianti 天梯 up to 2.3. The vulnerable area is the function ajaxUploadFile() in the file src/main/java/com/jeff/tianti/controller/UploadController.java . Manipulating the argument upfile enables an unrestricted file upload, enabling a remote attack. Public disclosure of ...
CVE-2025-9795 xujeff tianti 天梯 UploadController.java ajaxUploadFile unrestricted upload
A vulnerability has been found in xujeff tianti 天梯 up to 2.3. The impacted element is the function ajaxUploadFile of the file src/main/java/com/jeff/tianti/controller/UploadController.java. The manipulation of the argument upfile leads to unrestricted upload. It is possible to initiate the attack...
CVE-2025-9795 xujeff tianti 天梯 UploadController.java ajaxUploadFile unrestricted upload
A vulnerability has been found in xujeff tianti 天梯 up to 2.3. The impacted element is the function ajaxUploadFile of the file src/main/java/com/jeff/tianti/controller/UploadController.java. The manipulation of the argument upfile leads to unrestricted upload. It is possible to initiate the attack...
PT-2025-35511
Name of the Vulnerable Software and Affected Versions: xujeff tianti 天梯 versions prior to 2.3 Description: A vulnerability exists in xujeff tianti 天梯 that allows for unrestricted file uploads. The issue is located in the ajaxUploadFile function within the...
Thinkgem JeeSite 代码问题漏洞
Thinkgem JeeSite is an open source Java EE enterprise-class rapid development platform of China Joyuan Thinkgem company . The platform includes system permissions components , data permissions components , data dictionary components , core tools components , view manipulation components , workflo...
CVE-2019-8093
An arbitrary file access vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can leverage file upload controller for downloadable products to read/delete an arbitary files...