169 matches found
CVE-2026-34027 Upload restriction bypass in Wertheim SafeController Software allows authenticated users to upload arbitrary files
The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains insufficient server-side file type validation in the /safe/contract/uploadcustomdocuments endpoint. The application validates uploaded files based on the user-controlled HTTP Content-Type value and accepts the upload ...
EUVD-2026-35393
TYPO3 CMS has Broken Access Control in its Form Framework...
GHSA-HWVQ-2W67-RVXP TYPO3 CMS has Broken Access Control in its Form Framework
Problem Backend users with file write permissions were able to upload form definition files with mixed-case extensions e.g., .FORM.YAML to bypass the Form Framework's upload restriction. Maliciously crafted form definition files can be used to execute arbitrary SQL statements, allowing attackers ...
CVE-2026-47346
Backend users with file write permissions were able to upload form definition files with mixed-case extensions e.g., .FORM.YAML to bypass the Form Framework's upload restriction. Maliciously crafted form definition files can be used to execute arbitrary SQL statements, allowing attackers to...
CVE-2022-50906
e107 CMS 3.2.1 contains an upload restriction bypass vulnerability that allows authenticated administrators to upload malicious SVG files through the media manager. Attackers with admin privileges can exploit this vulnerability to upload SVG files with embedded cross-site scripting XSS payloads...
CVE-2022-50907
Affected software: e107 CMS 3.2.1. Issue: a file upload restriction bypass in the Media Manager import flow allows authenticated admin users to upload PHP files outside restricted locations, enabling remote code execution. Root cause: manipulation of the upload URL parameter enables placing malic...
e107 跨站脚本漏洞
e107 is an open source, free and PHP and MySQL based Content Management System CMS from the E107 team. The system supports a variety of plug-ins and appearance themes, and can be used as a personal blog, discussion community, archive repository and so on. A cross-site scripting vulnerability exis...
PT-2026-2382
Name of the Vulnerable Software and Affected Versions e107 CMS version 3.2.1 Description An authenticated administrator can bypass upload restrictions in e107 CMS. This allows the upload of malicious SVG files through the media manager. Successful exploitation enables attackers to upload SVG file...
CVE-2018-19196
An issue was discovered in XiaoCms 20141229. It allows remote attackers to execute arbitrary code by using the type parameter to bypass the standard admin\controller\uploadfile.php restrictions on uploaded file types jpg, jpeg, bmp, png, gif, as demonstrated by an...
CVE-2022-23043
Zenario CMS 9.2 allows an authenticated admin user to bypass the file upload restriction by creating a new 'File/MIME Types' using the '.phar' extension. Then an attacker can upload a malicious file, intercept the request and change the extension to '.phar' in order to run commands on the server...
CVE-2019-7861
Insufficient server-side validation of user input could allow an attacker to bypass file upload restrictions in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2...
Advantech WebAccess/SCADA Code Issue Vulnerability
Advantech WebAccess/SCADA is a set of SCADA software based on browser architecture from Advantech, China. The software supports dynamic graphical display and real-time data control, and provides remote control and management of automation equipment. A code issue vulnerability exists in Advantech...
EUVD-2020-18751
Malware in sbrugna...
EUVD-2015-9181
Malware in sbrugna...
EUVD-2021-21275
Malware in sbrugna...
EUVD-2021-21277
Malware in sbrugna...
EUVD-2019-3545
Malware in sbrugna...
EUVD-2002-2309
Malware in sbrugna...
EUVD-2019-17344
Malware in sbrugna...
EUVD-2015-0164
Malware in sbrugna...