PT-2024-39890 · 07Flycms +1 · 07Flycms +1

Name of the Vulnerable Software and Affected Versions: 07FLYCMS version 1.3.8 07FLY-CMS version 1.3.8 07FlyCRM version 1.3.8 Description: A critical issue was found in the uploadFile function of the Module Plug-In Handler component, located in the file...

CVE-2024-33109

Directory Traversal in the web interface of the Tiptel IP 286 with firmware version 2.61.13.10 allows attackers to overwrite arbitrary files on the phone via the Ringtone upload function...

Unrestricted File Upload

FeehiCMS is vulnerable to unrestricted file upload. The vulnerability is due to insufficient input validation in the FriendlyLink argument, which allows attackers to upload files without proper restrictions in the update function of FeehiCMS...

Microweber CMS 1.2.10 Local File Inclusion (Authenticated)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Microweber CMS v1.2.10 Local File Inclusion Authenticated', 'Description' = %q Microweber CMS v1.2.10 has a backup functionality. Upload and...

WordPress plugin YayExtra 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

Arbitrary File Upload

Automad is vulnerable to Arbitrary File Upload. The vulnerability is due to improper file type checks within the image upload function, allowing attackers to execute arbitrary code via a crafted file...

PT-2024-28828 · Automad · Automad

Name of the Vulnerable Software and Affected Versions: Automad version 2.0.0 Description: An arbitrary file upload vulnerability in the image upload function allows attackers to execute arbitrary code via a crafted file. The malicious file has to be prepared and uploaded manually by the admin,...

CVE-2024-40400

An arbitrary file upload vulnerability in the image upload function of Automad v2.0.0 allows attackers to execute arbitrary code via a crafted file...

CVE-2024-6319

The IMGspider plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'upload' function in all versions up to, and including, 2.3.10. This makes it possible for authenticated attackers, with contributor-level and above permissions, to upload arbitra...

CVE-2024-3123

CHANGING Mobile One Time Password's uploading function in a hidden page does not filter file type properly. Remote attackers with administrator privilege can exploit this vulnerability to upload and run malicious file to execute system commands...

PT-2024-20095 · WordPress · Aliexpress Dropshipping With Alinext Lite

Name of the Vulnerable Software and Affected Versions: AliExpress Dropshipping with AliNext Lite plugin for WordPress versions up to, and including, 3.3.5 Description: The issue is related to arbitrary file uploads due to missing file type validation in the ajax save image function. This allows...

GHSA-CR7J-RWMV-VGCH Duplicate Advisory: aimeos-core arbitrary file upload vulnerability

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-rhc2-23c2-ww7c. This link is maintained to preserve external references. Original Description An arbitrary file upload vulnerability in the image upload function of aimeos-core v2024.04 allows attackers to execu...

CVE-2024-36811

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-37295. Reason: This candidate is a reservation duplicate of CVE-2024-37295. Notes: All CVE users should reference CVE-2024-37295 instead of this candidate. All references and descriptions in this candidate have been removed t...

CVE-2024-36811

...

CVE-2024-36811

CVE-2024-36811 is a reserved/duplicate entry for CVE-2024-37295. Connected documents describe Aimeos core vulnerability: before 2024.04.5, an administrative user could upload image-like files containing PHP code, leading to remote code execution in the web server context. A fix is released in 202...

CVE-2022-25038

wanEditor v4.7.11 was discovered to contain a cross-site scripting XSS vulnerability via the video upload function...

CVE-2022-25037

An issue in wanEditor v4.7.11 and fixed in v.4.7.12 and v.5 was discovered to contain a cross-site scripting XSS vulnerability via the image upload function...

CVE-2022-25038

wanEditor v4.7.11 was discovered to contain a cross-site scripting XSS vulnerability via the video upload function...

PT-2024-11532 · Waneditor · Waneditor

Name of the Vulnerable Software and Affected Versions: wanEditor version 4.7.11 Description: The issue is related to a cross-site scripting XSS vulnerability. This vulnerability was discovered in the video upload function, allowing potential exploitation. Recommendations: For wanEditor version...

PT-2024-26564 · Box-Im · Box-Im

Name of the Vulnerable Software and Affected Versions: Box-IM version 2.0 Description: The issue allows attackers to execute arbitrary code via uploading a crafted PDF file, exploiting an arbitrary file upload vulnerability in the Upload function. Recommendations: For Box-IM version 2.0, consider...