10 matches found
CVE-2026-5615
A weakness has been identified in givanz Vvvebjs up to 2.0.5. The affected element is an unknown function of the file upload.php of the component File Upload Endpoint. This manipulation of the argument uploadAllowExtensions causes cross site scripting. Remote exploitation of the attack is possibl...
CVE-2020-37054 Navigate CMS 2.8.7 - Cross-Site Request Forgery
Navigate CMS 2.8.7 contains a cross-site request forgery vulnerability that allows attackers to upload malicious extensions through a crafted HTML page. Attackers can trick authenticated administrators into executing arbitrary file uploads by leveraging the extension upload functionality without...
ImpressCMS 代码问题漏洞
ImpressCMS is a MySQL-based, modular content management system CMS from ImpressCMS. The system includes modules for press releases, forums and photo albums. A code issue vulnerability exists in ImpressCMS version 1.4.4, which stems from improperly cleaned file upload extensions, and could allow a...
EUVD-2017-3366
Malware in sbrugna...
CVE-2025-48471
CVE-2025-48471 pertains to FreeScout (PHP/Laravel). The vulnerability arises from insufficient validation of uploaded files, allowing files with phtml and phar extensions to be uploaded, which can enable remote code execution when hosted on Apache. The issue affects FreeScout versions prior to 1....
PT-2023-18780 · Splunk · Splunk Enterprise
Name of the Vulnerable Software and Affected Versions: Splunk Enterprise versions prior to 8.1.13 Splunk Enterprise versions prior to 8.2.10 Splunk Enterprise versions prior to 9.0.4 Description: The lookup table upload feature in Splunk Enterprise allowed users to upload lookup tables with...
CVE-2022-2356
The Frontend File Manager & Sharing WordPress plugin before 1.1.3 does not filter file extensions when letting users upload files on the server, which may lead to malicious code being uploaded...
Code injection
In Earcms Ear Music through 4.1 build 20170710, remote authenticated users can execute arbitrary PHP code by changing the allowable music-upload extensions to include .php in addition to .mp3 and .m4a in admin.php?iframe=configupload, and then using user.php/music/add/ to upload the code...
CVE-2017-11756
In Earcms Ear Music through 4.1 build 20170710, remote authenticated users can execute arbitrary PHP code by changing the allowable music-upload extensions to include .php in addition to .mp3 and .m4a in admin.php?iframe=configupload, and then using user.php/music/add/ to upload the code...
Multiple Cross-Site Request Forgery Vulnerabilities in Zimbra Collaboration
Zimbra can provide open source email server software and shared calendars. Multiple cross-site request forgery CSRF vulnerabilities in versions prior to Zimbra Collaboration 8.7.0 allow remote attackers to hijack the authentication of unspecified victims via vectors including 1 client-side upload...