26 matches found
CVE-2026-34027 Upload restriction bypass in Wertheim SafeController Software allows authenticated users to upload arbitrary files
The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains insufficient server-side file type validation in the /safe/contract/uploadcustomdocuments endpoint. The application validates uploaded files based on the user-controlled HTTP Content-Type value and accepts the upload ...
GHSA-HWVQ-2W67-RVXP TYPO3 CMS has Broken Access Control in its Form Framework
Problem Backend users with file write permissions were able to upload form definition files with mixed-case extensions e.g., .FORM.YAML to bypass the Form Framework's upload restriction. Maliciously crafted form definition files can be used to execute arbitrary SQL statements, allowing attackers ...
CVE-2026-47346
Backend users with file write permissions were able to upload form definition files with mixed-case extensions e.g., .FORM.YAML to bypass the Form Framework's upload restriction. Maliciously crafted form definition files can be used to execute arbitrary SQL statements, allowing attackers to...
CVE-2022-50906
e107 CMS 3.2.1 contains an upload restriction bypass vulnerability that allows authenticated administrators to upload malicious SVG files through the media manager. Attackers with admin privileges can exploit this vulnerability to upload SVG files with embedded cross-site scripting XSS payloads...
CVE-2022-50907
Affected software: e107 CMS 3.2.1. Issue: a file upload restriction bypass in the Media Manager import flow allows authenticated admin users to upload PHP files outside restricted locations, enabling remote code execution. Root cause: manipulation of the upload URL parameter enables placing malic...
e107 跨站脚本漏洞
e107 is an open source, free and PHP and MySQL based Content Management System CMS from the E107 team. The system supports a variety of plug-ins and appearance themes, and can be used as a personal blog, discussion community, archive repository and so on. A cross-site scripting vulnerability exis...
PT-2026-2382
Name of the Vulnerable Software and Affected Versions e107 CMS version 3.2.1 Description An authenticated administrator can bypass upload restrictions in e107 CMS. This allows the upload of malicious SVG files through the media manager. Successful exploitation enables attackers to upload SVG file...
CVE-2018-19196
An issue was discovered in XiaoCms 20141229. It allows remote attackers to execute arbitrary code by using the type parameter to bypass the standard admin\controller\uploadfile.php restrictions on uploaded file types jpg, jpeg, bmp, png, gif, as demonstrated by an...
EUVD-2022-1919
Malicious code in bioql PyPI...
CVE-2023-41717
Inappropriate file type control in Zscaler Proxy versions 3.6.1.25 and prior allows local attackers to bypass file download/upload restrictions...
Job Portal 1.0 - File Upload Restriction Bypass
/jobportal/applicant/ 2.- Select profile image and load a valid image. 3. Turn Burp/ZAP Intercept On 4. Select webshell - ex: shell.png 5. Alter request in the upload... Update 'filename' to desired extension. ex: shell.php Not neccesary change content type to 'image/png' Example exploitation...
e107 CMS v3.2.1 - Multiple Vulnerabilities
Exploit Title: e107 CMS v3.2.1 - Multiple Vulnerabilities Exploit Author: Hubert Wojciechowski Contact Author: email protected Vendor Homepage: https://e107.org/ Software Link: https://e107.org/download Version: 3.2.1 Tested on: Windows 10 using XAMPP, Apache/2.4.48 Win64 OpenSSL/1.1.1l PHP/7.4.2...
e107 CMS v3.2.1 - Multiple Vulnerabilities
Exploit Title: e107 CMS v3.2.1 - Multiple Vulnerabilities Date: 30/04/2022 Exploit Author: Hubert Wojciechowski Contact Author: [email protected] Vendor Homepage: https://e107.org/ Software Link: https://e107.org/download Version: 3.2.1 Tested on: Windows 10 using XAMPP, Apache/2.4.48 Win64...
CVE-2022-0951 File Upload Restriction Bypass leading to Stored XSS Vulnerability in star7th/showdoc
File Upload Restriction Bypass leading to Stored XSS Vulnerability in GitHub repository star7th/showdoc prior to 2.10.4...
CVE-2022-23043
Zenario CMS 9.2 allows an authenticated admin user to bypass the file upload restriction by creating a new 'File/MIME Types' using the '.phar' extension. Then an attacker can upload a malicious file, intercept the request and change the extension to '.phar' in order to run commands on the server...
Mageia: Security Advisory (MGASA-2015-0109)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
NOKIA NetAct 18A 代码问题漏洞
NOKIA NetAct 18A is an application system from Nokia Finland. It provides best-in-class applications to enable seamless day-to-day network operations, including configuration management, monitoring and software management. A security vulnerability exists in Nokia NetAct 18A, which can be exploite...
Sentrifugo 3.2 - File Upload Restriction Bypass
Sentrifugo 3.2 - File Upload Restriction Bypass Exploit Title: Sentrifugo 3.2 - File Upload Restriction Bypass Google Dork: N/A Date: 8/29/2019 Exploit Author: creosote Vendor Homepage: http://www.sentrifugo.com/ Version: 3.2 Tested on: Ubuntu 18.04 CVE : CVE-2019-15813 Multiple File Upload...
Adobe Patches Critical Photoshop, Digital Edition Flaws
Adobe on Tuesday released its March Security Update, reporting and fixing only two critical flaws: one in Photoshop CC and one in Adobe Digital Editions. Both critical flaws could allow a bad actor to achieve arbitrary code execution in the context of the current user, Adobe said. The company sai...
SUSE: Security Advisory for flash-player (SUSE-SU-2015:0493-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...