CVE-2022-4949

The AdSanity plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'ajaxupload' function in versions up to, and including, 1.8.1. This makes it possible for authenticated attackers with Contributor+ level privileges to upload arbitrary files on th...

PT-2023-11847

Name of the Vulnerable Software and Affected Versions Adning Advertising plugin for WordPress versions up to, and including, 1.5.5 Description The issue arises from missing file type validation in the ning upload image function, allowing unauthenticated attackers to upload arbitrary files to the...

WordPress Plugin Adning Advertising 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress Plugin Adning Advertising suffers...

Gallagher Controller 6000 安全漏洞

The Gallagher Controller 6000 is an interface between the Gallagher Command Center server and distributed field hardware from Gallagher New Zealand. A security vulnerability exists in the Gallagher Controller 6000 that originates from an attacker being able to cause a buffer overflow via the uplo...

CVE-2023-31708

A Cross-Site Request Forgery CSRF in EyouCMS v1.6.2 allows attackers to execute arbitrary commands via a supplying a crafted HTML file to the Upload software format function...

PT-2023-23427 · Eyoucms · Eyoucms

Name of the Vulnerable Software and Affected Versions: EyouCMS version 1.6.2 Description: A Cross-Site Request Forgery CSRF issue allows attackers to execute arbitrary commands by supplying a crafted HTML file to the Upload software format function. Recommendations: For EyouCMS version 1.6.2,...

Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in Apache Commons FileUpload ( CVE-2023-24998)

Summary A vulnerability in Apache Commons FileUpload used by InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2023-24998 DESCRIPTION: Apache Commons FileUpload and Tomcat are vulnerable to a denial of service, caused by not limit the number of request parts to be...

Stored XSS and CSP Bypass in KiwiTCMS

Description Stored XSS, also known as persistent XSS, is the more damaging of the XSS. It occurs when a malicious script is injected directly into a vulnerable web application. Due to a sanitization problem it is possible to perform a Stored XSS. The problem is that the upload function permit...

CVE-2023-1731

In Meinbergs LTOS versions prior to V7.06.013, the configuration file upload function would not correctly validate the input, which would allow an remote authenticated attacker with high privileges to execute arbitrary commands...

Design/Logic Flaw

An arbitrary file upload vulnerability in the upload function of GDidees CMS 3.9.1 allows attackers to execute arbitrary code via a crafted file...

Path Traversal

github.com/sjqzhang/go-fastdfs is vulnerable to Path Traversal. The vulnerability exists because the Upload function of fileserver.go does not properly check custom paths, which allows an attacker to access files outside the expected directory through the /group1/upload in the File Upload Handler...

PT-2023-2509 · Ftp Admin · Ftp Admin

Name of the Vulnerable Software and Affected Versions: tpAdmin version 1.3.12 Description: The issue affects the Upload function of the file applicationadmincontrollerUpload.php. The manipulation of the file argument leads to unrestricted upload. The attack may be initiated remotely. This allows ...

PT-2023-20669 · Xwiki · Xwiki Platform

Name of the Vulnerable Software and Affected Versions: XWiki Platform versions 14.3-rc-1 through 14.4.5 XWiki Platform versions 14.9-rc-1 and earlier, excluding 14.4.6 and later Description: The issue arises from the org.xwiki.store.script.TemporaryAttachmentsScriptServiceuploadTemporaryAttachmen...

CVE-2022-46309

Vitals ESP upload function has a path traversal vulnerability. A remote attacker with general user privilege can exploit this vulnerability to access arbitrary system files...

FlatPress 跨站脚本漏洞

FlatPress is a Php-based blog building system from the FlatPress community that does not require database support.FlatPress suffers from a cross-site scripting vulnerability that originates in the component XML File Handler/MD File Handler in admin/panels/uploader/admin. The uploader.php file has...

PT-2022-8621 · Unknown · Zhimengzhe Ibarn

Name of the Vulnerable Software and Affected Versions: zhimengzhe iBarn version 1.5 Description: The issue allows remote attackers to run arbitrary code via avatar upload to "index.php". This is due to a file upload vulnerability in the upload function in action/Core.class.php. Recommendations: F...

Stored XSS in kiwiTCMS

Description Stored XSS, also known as persistent XSS, is the more damaging of the XSS. It occurs when a malicious script is injected directly into a vulnerable web application. Due to a sanitization problem it is possible to perform a Stored XSS. The problem is that the upload function permit...

CVE-2022-43146

An arbitrary file upload vulnerability in the image upload function of Canteen Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file...

Design/Logic Flaw

An arbitrary file upload vulnerability in the image upload function of Canteen Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file...

CVE-2022-43146

CVE-2022-43146 describes an arbitrary file upload vulnerability in the image upload function of Canteen Management System v1.0 that can lead to remote code execution via a crafted PHP file. Root cause: improper handling/validation of uploaded files enabling execution of attacker-controlled PHP. A...