CVE-2025-4259

A vulnerability has been found in newbee-mall 1.0 and classified as critical. Affected by this vulnerability is the function Upload of the file ltd/newbee/mall/controller/common/UploadController.java. The manipulation of the argument File leads to unrestricted upload. The attack can be launched...

CVE-2025-4259

A vulnerability has been found in newbee-mall 1.0 and classified as critical. Affected by this vulnerability is the function Upload of the file ltd/newbee/mall/controller/common/UploadController.java. The manipulation of the argument File leads to unrestricted upload. The attack can be launched...

CVE-2025-3807

A vulnerability, which was classified as critical, was found in zhenfeng13 My-BBS 1.0. This affects the function Upload of the file src/main/java/com/my/bbs/controller/common/UploadController.java of the component Endpoint. The manipulation leads to unrestricted upload. It is possible to initiate...

CVE-2024-56975

InvoicePlane all versions tested as of December 2024 v.1.6.11 and before contains a remote code execution vulnerability in the uploadfile method of the Upload controller...

CVE-2024-56975

InvoicePlane all versions tested as of December 2024 v.1.6.11 and before contains a remote code execution vulnerability in the uploadfile method of the Upload controller...

CVE-2024-56975

InvoicePlane all versions tested as of December 2024 v.1.6.11 and before contains a remote code execution vulnerability in the uploadfile method of the Upload controller...

CVE-2024-56975

InvoicePlane all versions tested as of December 2024 v.1.6.11 and before contains a remote code execution vulnerability in the uploadfile method of the Upload controller...

CVE-2024-56975

CVE-2024-56975 affects InvoicePlane versions 1.6.11 and earlier, with a remote code execution vulnerability in the upload_file method of the Upload controller. The issue is confirmed across multiple feeds; the root cause is exposure of the upload functionality enabling code execution. The connect...

CVE-2025-0399

A vulnerability was found in StarSea99 starsea-mall 1.0. It has been declared as critical. This vulnerability affects the function UploadController of the file src/main/java/com/siro/mall/controller/common/uploadController.java. The manipulation of the argument file leads to unrestricted upload...

starsea-mall 安全漏洞

starsea-mall is a springboot +thymeleaf based Xiaomi mall management system by StarSea99 individual developer. A security vulnerability exists in starsea-mall version 1.0, which originates from the parameter file file of the UploadController function in the file...

CVE-2024-13191

A vulnerability, which was classified as critical, has been found in ZeroWdd myblog 1.0. This issue affects the function upload of the file src/main/java/com/wdd/myblog/controller/admin/uploadController.java. The manipulation of the argument file leads to unrestricted upload. The attack may be...

myblog 安全漏洞

myblog is a personal blog by the individual developer of ZeroWdd. A security vulnerability exists in version 1.0 of myblog, which stems from the parameter file in the file src/main/java/com/wdd/myblog/controller/admin/uploadController.java that can lead to unrestricted uploads...

PT-2025-2049 · Unknown · Zerowdd Myblog

Name of the Vulnerable Software and Affected Versions: ZeroWdd myblog version 1.0 Description: A critical issue has been found in the upload function of the file src/main/java/com/wdd/myblog/controller/admin/uploadController.java. The manipulation of the file argument leads to unrestricted upload...

CVE-2024-13022

A vulnerability, which was classified as critical, was found in taisan tarzan-cms 1.0.0. This affects the function UploadResponse of the file src/main/java/com/tarzan/cms/modules/admin/controller/common/UploadController.java of the component Article Management. The manipulation of the argument fi...

PT-2024-39360 · Jflow · Jflow

Name of the Vulnerable Software and Affected Versions: JFlow version 2.0.0 Description: A problematic issue affects the function AttachmentUploadController of the component Attachment Handler, specifically in the file "/WF/Ath/EntityMutliFile Load.do". The manipulation of the argument oid leads t...

inxedu 安全漏洞

Inxedu inxedu is a set of open source online education platform from China's Inxu Times Inxedu company. The platform includes an online school system, a live broadcasting system, an examination system and a marketing website. inxedu v2.0.6 version of a security vulnerability , the vulnerability...

PT-2024-26551 · Inxedu · Inxedu

Name of the Vulnerable Software and Affected Versions: inxedu version 2.0.6 Description: The issue is related to an arbitrary file upload vulnerability in the ImageUploadController.class component. This allows attackers to execute arbitrary code by uploading a crafted jsp file. Recommendations: F...

CVE-2024-22824

An issue in Timo v.2.0.3 allows a remote attacker to execute arbitrary code via the filetype restrictions in the UploadController.java component...

CVE-2024-1116

A vulnerability was found in openBI up to 1.0.8. It has been classified as critical. Affected is the function index of the file /application/plugins/controller/Upload.php. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed t...

PT-2022-25854 · Unknown · Blogengine.Net

Name of the Vulnerable Software and Affected Versions: BlogEngine.NET version 3.3.8.0 Description: An issue in the component BlogEngine/BlogEngine.NET/AppCode/Api/UploadController.cs allows attackers to execute arbitrary code via uploading a crafted PNG file. Recommendations: For BlogEngine.NET...