16 matches found
PT-2026-21890
The Responsive Lightbox & Gallery plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.7.1. This is due to the use of strpos for substring-based hostname validation instead of strict host comparison in the ajax upload image function. This makes...
CVE-2022-26645
A remote code execution RCE vulnerability in Online Banking System Protect v1.0 allows attackers to execute arbitrary code via a crafted PHP file uploaded through the Upload Image function...
CVE-2025-15415
A vulnerability has been found in xnx3 wangmarket up to 6.4. The impacted element is the function uploadImage of the file /sits/uploadImage.do of the component XML File Handler. The manipulation of the argument image leads to unrestricted upload. Remote exploitation of the attack is possible. The...
CVE-2025-15415 xnx3 wangmarket XML File uploadImage.do uploadImage unrestricted upload
A vulnerability has been found in xnx3 wangmarket up to 6.4. The impacted element is the function uploadImage of the file /sits/uploadImage.do of the component XML File Handler. The manipulation of the argument image leads to unrestricted upload. Remote exploitation of the attack is possible. The...
PT-2026-1031
Name of the Vulnerable Software and Affected Versions xnx3 wangmarket versions up to 6.4 Description A flaw exists in the XML File Handler component of xnx3 wangmarket. Specifically, the uploadImage function within the /sits/uploadImage.do file allows for unrestricted file uploads through...
CVE-2025-12189
The Bread & Butter WordPress plugin (Bread & Butter: Gate content + Capture leads + Collect first-party data + Nurture with Ai agents) is affected by a Cross-Site Request Forgery leading to arbitrary file upload via the uploadImage() AJAX handler. Root cause: missing/incorrect nonce validation in...
PT-2025-49207
Name of the Vulnerable Software and Affected Versions Bread & Butter: Gate content + Capture leads + Collect first-party data + Nurture with Ai agents plugin for WordPress versions prior to 7.10.1322 Description The software is susceptible to a Cross-Site Request Forgery issue. This is due to...
EUVD-2025-25656
Malicious code in bioql PyPI...
PT-2025-34592 · Unknown · Xuhuisheng Lemon
Name of the Vulnerable Software and Affected Versions: xuhuisheng lemon versions through 1.13.0 Description: A weakness exists in xuhuisheng lemon up to version 1.13.0. This issue affects the uploadImage function within the CmsArticleController.java file, specifically in the...
CVE-2024-54730
Flatnotes v5.3.1 is vulnerable to denial of service through the upload image function...
CVE-2024-54730
Flatnotes v5.3.1 is vulnerable to denial of service through the upload image function...
CVE-2024-54730
Flatnotes v5.3.1 is vulnerable to denial of service through the upload image function...
CVE-2022-26645
A remote code execution RCE vulnerability in Online Banking System Protect v1.0 allows attackers to execute arbitrary code via a crafted PHP file uploaded through the Upload Image function...
PT-2022-17977
Name of the Vulnerable Software and Affected Versions Online Banking System Protect version 1.0 Description A remote code execution issue allows attackers to execute arbitrary code via a crafted PHP file uploaded through the Upload Image function. Recommendations For Online Banking System Protect...
CVE-2021-39609
Cross Site Scripting XSS vulnerability exiss in FlatCore-CMS 2.0.7 via the upload image function...
1 6 2 1 0 0 Site Navigation 1. 9 local file inclusion vulnerability-vulnerability warning-the black bar safety net
Breaking app breaking vulnerability, but in order to encourage everyone to learn, or sent to. Reject malicious destruction! Program official: http://download.162100.com admin directory run.php the file part of the code is as follows: I find the Upload Directory editor/index.html Use the upload...