Lucene search
K

26 matches found

Vulnrichment
Vulnrichment
added 2026/06/15 10:4 a.m.11 views

CVE-2026-34027 Upload restriction bypass in Wertheim SafeController Software allows authenticated users to upload arbitrary files

The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains insufficient server-side file type validation in the /safe/contract/uploadcustomdocuments endpoint. The application validates uploaded files based on the user-controlled HTTP Content-Type value and accepts the upload ...

5.3CVSS5.4AI score0.00305EPSS
Exploits1References2
OSV
OSV
added 2026/06/12 7:32 p.m.14 views

GHSA-HWVQ-2W67-RVXP TYPO3 CMS has Broken Access Control in its Form Framework

Problem Backend users with file write permissions were able to upload form definition files with mixed-case extensions e.g., .FORM.YAML to bypass the Form Framework's upload restriction. Maliciously crafted form definition files can be used to execute arbitrary SQL statements, allowing attackers ...

7.6CVSS6.1AI score0.00253EPSS
Exploits0References7
NVD
NVD
added 2026/06/09 11:16 a.m.16 views

CVE-2026-47346

Backend users with file write permissions were able to upload form definition files with mixed-case extensions e.g., .FORM.YAML to bypass the Form Framework's upload restriction. Maliciously crafted form definition files can be used to execute arbitrary SQL statements, allowing attackers to...

7.6CVSS0.00253EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/01/14 11:19 p.m.6 views

CVE-2022-50906

e107 CMS 3.2.1 contains an upload restriction bypass vulnerability that allows authenticated administrators to upload malicious SVG files through the media manager. Attackers with admin privileges can exploit this vulnerability to upload SVG files with embedded cross-site scripting XSS payloads...

4.8CVSS6.3AI score0.00353EPSS
Exploits1References1
CVE
CVE
added 2026/01/13 10:51 p.m.16 views

CVE-2022-50907

Affected software: e107 CMS 3.2.1. Issue: a file upload restriction bypass in the Media Manager import flow allows authenticated admin users to upload PHP files outside restricted locations, enabling remote code execution. Root cause: manipulation of the upload URL parameter enables placing malic...

8.6CVSS7.9AI score0.01049EPSS
Exploits1References4Affected Software1
CNNVD
CNNVD
added 2026/01/13 12:0 a.m.6 views

e107 跨站脚本漏洞

e107 is an open source, free and PHP and MySQL based Content Management System CMS from the E107 team. The system supports a variety of plug-ins and appearance themes, and can be used as a personal blog, discussion community, archive repository and so on. A cross-site scripting vulnerability exis...

4.8CVSS5.7AI score0.00353EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/01/13 12:0 a.m.6 views

PT-2026-2382

Name of the Vulnerable Software and Affected Versions e107 CMS version 3.2.1 Description An authenticated administrator can bypass upload restrictions in e107 CMS. This allows the upload of malicious SVG files through the media manager. Successful exploitation enables attackers to upload SVG file...

6.4CVSS6.1AI score0.00353EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2026/01/09 12:1 p.m.8 views

CVE-2018-19196

An issue was discovered in XiaoCms 20141229. It allows remote attackers to execute arbitrary code by using the type parameter to bypass the standard admin\controller\uploadfile.php restrictions on uploaded file types jpg, jpeg, bmp, png, gif, as demonstrated by an...

9.8CVSS8.2AI score0.033EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.15 views

EUVD-2022-1919

Malicious code in bioql PyPI...

9.1CVSS9.1AI score0.04213EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2023/08/31 4:15 p.m.4 views

CVE-2023-41717

Inappropriate file type control in Zscaler Proxy versions 3.6.1.25 and prior allows local attackers to bypass file download/upload restrictions...

5.5CVSS5.8AI score0.00364EPSS
Exploits1References2
Exploit DB
Exploit DB
added 2023/05/13 12:0 a.m.426 views

Job Portal 1.0 - File Upload Restriction Bypass

/jobportal/applicant/ 2.- Select profile image and load a valid image. 3. Turn Burp/ZAP Intercept On 4. Select webshell - ex: shell.png 5. Alter request in the upload... Update 'filename' to desired extension. ex: shell.php Not neccesary change content type to 'image/png' Example exploitation...

7.4AI score
Exploits0
0day.today
0day.today
added 2022/05/12 12:0 a.m.238 views

e107 CMS v3.2.1 - Multiple Vulnerabilities

Exploit Title: e107 CMS v3.2.1 - Multiple Vulnerabilities Exploit Author: Hubert Wojciechowski Contact Author: email protected Vendor Homepage: https://e107.org/ Software Link: https://e107.org/download Version: 3.2.1 Tested on: Windows 10 using XAMPP, Apache/2.4.48 Win64 OpenSSL/1.1.1l PHP/7.4.2...

0.4AI score
Exploits0
Exploit DB
Exploit DB
added 2022/05/11 12:0 a.m.278 views

e107 CMS v3.2.1 - Multiple Vulnerabilities

Exploit Title: e107 CMS v3.2.1 - Multiple Vulnerabilities Date: 30/04/2022 Exploit Author: Hubert Wojciechowski Contact Author: [email protected] Vendor Homepage: https://e107.org/ Software Link: https://e107.org/download Version: 3.2.1 Tested on: Windows 10 using XAMPP, Apache/2.4.48 Win64...

7.4AI score
Exploits0
OSV
OSV
added 2022/03/15 8:20 a.m.19 views

CVE-2022-0951 File Upload Restriction Bypass leading to Stored XSS Vulnerability in star7th/showdoc

File Upload Restriction Bypass leading to Stored XSS Vulnerability in GitHub repository star7th/showdoc prior to 2.10.4...

8.2CVSS7AI score0.0087EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2022/02/24 3:15 p.m.24 views

CVE-2022-23043

Zenario CMS 9.2 allows an authenticated admin user to bypass the file upload restriction by creating a new 'File/MIME Types' using the '.phar' extension. Then an attacker can upload a malicious file, intercept the request and change the extension to '.phar' in order to run commands on the server...

7.2CVSS5.8AI score0.01436EPSS
Exploits1References3
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.172 views

Mageia: Security Advisory (MGASA-2015-0109)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

10CVSS9.5AI score0.71536EPSS
Exploits5References5
CNNVD
CNNVD
added 2021/03/25 12:0 a.m.4 views

NOKIA NetAct 18A 代码问题漏洞

NOKIA NetAct 18A is an application system from Nokia Finland. It provides best-in-class applications to enable seamless day-to-day network operations, including configuration management, monitoring and software management. A security vulnerability exists in Nokia NetAct 18A, which can be exploite...

6.5CVSS6.6AI score0.01437EPSS
Exploits1References2
exploitpack
exploitpack
added 2019/08/30 12:0 a.m.60 views

Sentrifugo 3.2 - File Upload Restriction Bypass

Sentrifugo 3.2 - File Upload Restriction Bypass Exploit Title: Sentrifugo 3.2 - File Upload Restriction Bypass Google Dork: N/A Date: 8/29/2019 Exploit Author: creosote Vendor Homepage: http://www.sentrifugo.com/ Version: 3.2 Tested on: Ubuntu 18.04 CVE : CVE-2019-15813 Multiple File Upload...

6.5CVSS0.5AI score0.33236EPSS
Exploits7
ThreatPost
ThreatPost
added 2019/03/12 3:53 p.m.70 views

Adobe Patches Critical Photoshop, Digital Edition Flaws

Adobe on Tuesday released its March Security Update, reporting and fixing only two critical flaws: one in Photoshop CC and one in Adobe Digital Editions. Both critical flaws could allow a bad actor to achieve arbitrary code execution in the context of the current user, Adobe said. The company sai...

10CVSS1AI score0.67091EPSS
Exploits0References6
OpenVAS
OpenVAS
added 2015/10/16 12:0 a.m.30 views

SUSE: Security Advisory for flash-player (SUSE-SU-2015:0493-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

10CVSS9AI score0.71536EPSS
Exploits5References1
Rows per page
Query Builder