280 matches found
Arbitrary file deletion
DedeCMS v5.7.93 was discovered to contain arbitrary file deletion vulnerability in upload.php via the delete parameter...
CVE-2022-30508
CVE-2022-30508 affects DedeCMS v5.7.93, with an arbitrary file deletion vulnerability in upload.php exploitable via the delete parameter. The Red Hat/NVD/PRION/CVE records all reiterate the same description; exploitation details and a confirmed fix are not provided in the connected documents. PT-...
CVE-2022-30508
DedeCMS v5.7.93 was discovered to contain arbitrary file deletion vulnerability in upload.php via the delete parameter...
GHSA-VWH5-78JC-HPJX SunHater KCFinder cross-site scripting (XSS) vulnerability in upload.php
A cross-site scripting XSS vulnerability in upload.php in SunHater KCFinder 3.20-test1, 3.20-test2, 3.12, and earlier allows remote attackers to inject arbitrary web script or HTML via the CKEditorFuncNum parameter...
SunHater KCFinder cross-site scripting (XSS) vulnerability in upload.php
A cross-site scripting XSS vulnerability in upload.php in SunHater KCFinder 3.20-test1, 3.20-test2, 3.12, and earlier allows remote attackers to inject arbitrary web script or HTML via the CKEditorFuncNum parameter...
Safe SVG < 1.9.10 - SVG Sanitisation Bypass
The sanitisation step of the plugin can be bypassed by spoofing the content-type in the POST request to upload a file. Exploiting this vulnerability, an attacker will be able to perform the kinds of attacks that this plugin should prevent mainly XSS, but depending on further use of uploaded SVG...
CVE-2021-35414
Chamilo LMS v1.11.x was discovered to contain a SQL injection via the doc parameter in main/plagiarism/compilatio/upload.php...
Sql injection
Chamilo LMS v1.11.x was discovered to contain a SQL injection via the doc parameter in main/plagiarism/compilatio/upload.php...
CVE-2020-23572
CVE-2020-23572 concerns BEESCMS v4.0, where an arbitrary file upload vulnerability in the /admin/upload.php component enables attackers to execute arbitrary code via a crafted image file. Multiple sources (NVD, Red Hat, CNVD, CVE listings) confirm the issue and its impact; CVSSv3.1 base score is ...
CVE-2021-26794
Privilege escalation in 'upload.php' in FrogCMS SentCMS v0.9.5 allows attacker to execute arbitrary code via crafted php file...
CVE-2021-26794
Privilege escalation in 'upload.php' in FrogCMS SentCMS v0.9.5 allows attacker to execute arbitrary code via crafted php file...
CVE-2021-26794
Privilege escalation in 'upload.php' in FrogCMS SentCMS v0.9.5 allows attacker to execute arbitrary code via crafted php file...
CVE-2021-26794
CVE-2021-26794 affects FrogCMS SentCMS v0.9.5, allowing remote code execution via a crafted PHP file uploaded through upload.php. Multiple connected sources (RH Red Hat, CVE lists, CP advisories, CNVD/CNNVD equivalents, and CVE records) describe it as a privilege escalation leading to arbitrary c...
CVE-2020-21356
An information disclosure vulnerability in upload.php of PopojiCMS 1.2 leads to physical path disclosure of the host when 'name = "file" is deleted during file uploads...
Information disclosure
An information disclosure vulnerability in upload.php of PopojiCMS 1.2 leads to physical path disclosure of the host when 'name = "file" is deleted during file uploads...
CVE-2020-21356
An information disclosure vulnerability in upload.php of PopojiCMS 1.2 leads to physical path disclosure of the host when 'name = "file" is deleted during file uploads...
CVE-2021-20104
Machform prior to version 16 is vulnerable to unauthenticated remote code execution due to insufficient sanitization of file attachments uploaded with forms through upload.php...
GetSimple CMS Cross-Site Scripting Vulnerability (CNVD-2021-45142)
GetSimple CMS is an XML-based, completely self-contained, streamlined content management system. A cross-site scripting vulnerability exists in admin/upload.php in GetSimple CMS version 3.3.16. The vulnerability can be exploited to conduct cross-site scripting attacks by adding comments to the...
GetSimple CMS Remote Code Execution Vulnerability (CNVD-2021-45301)
GetSimple CMS is an XML-based, completely self-contained, streamlined content management system. A remote code execution vulnerability exists in admin/upload.php in GetSimple CMS versions prior to 3.3.16. An attacker can exploit this vulnerability to achieve remote code execution via phar files...
CVE-2021-28976
Remote Code Execution vulnerability in GetSimpleCMS before 3.3.16 in admin/upload.php via phar filess...