10 matches found
PT-2026-29483
A vulnerability was identified in Shandong Hoteam InforCenter PLM up to 8.3.8. The impacted element is the function uploadFileToIIS of the file /Base/BaseHandler.ashx. The manipulation of the argument File leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit i...
EUVD-2022-43370
Malicious code in bioql PyPI...
CVE-2025-6282
A vulnerability was found in xlang-ai OpenAgents up to ff2e46440699af1324eb25655b622c4a131265bb and classified as critical. Affected by this issue is the function createuploadfile of the file backend/api/file.py. The manipulation leads to path traversal. The exploit has been disclosed to the publ...
CVE-2022-40048
Flatpress v1.2.1 was discovered to contain a remote code execution RCE vulnerability in the Upload File function...
LRQA Nettitude PoshC2 安全漏洞
LRQA Nettitude PoshC2 is an agent-aware C2 framework from LRQA used to help penetration testers with red teaming, late exploits, and lateral movement. A security vulnerability exists in LRQA Nettitude PoshC2 that stems from an uploadfile function that allows execution of arbitrary code via a...
CVE-2024-46226
A stored cross site scripting XSS vulnerability in HelpDeskZ v2.0.2 allows remote attackers to execute arbitrary JavaScript in the administration panel by including a malicious payload into the file name and upload file function when creating a new ticket...
WordPress plugin Admin and Customer Messages After Order for WooCommerce: OrderConvo 代码问题漏洞
WordPress and the WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress plugin Admin and Customer Messag...
CVE-2022-40048
Flatpress v1.2.1 was discovered to contain a remote code execution RCE vulnerability in the Upload File function...
PT-2022-25176 · Flatpress · Flatpress
Name of the Vulnerable Software and Affected Versions: Flatpress version 1.2.1 Description: A remote code execution issue was found in the Upload File function, allowing for potential code execution. Recommendations: For version 1.2.1, consider disabling the Upload File function until a patch is...
IBM Business Automation Workflow Cross-Site Scripting Vulnerability (CNVD-2021-101696)
IBM Business Automation Workflow is a workflow automation solution from IBM Corporation of the United States. The product is primarily used for workflow management, compliance management, and has features such as workflow visibility and scalability.IBM Business Automation Workflow has a cross-sit...