280 matches found
CVE-2023-46730 Server-Side Request Forgery in groupoffice
Group-Office is an enterprise CRM and groupware tool. In affected versions there is full Server-Side Request Forgery SSRF vulnerability in the /api/upload.php endpoint. The /api/upload.php endpoint does not filter URLs which allows a malicious user to cause the server to make resource requests to...
flusity CMS Arbitrary File Upload Vulnerability
flusity CMS is a user interaction interface solution that you can easily change or add code to. Flusity CMS suffers from an arbitrary file upload vulnerability that stems from the lack of validation of the uploaded file in the handleFileUpload function in core/tools/upload.php with the parameter...
CVE-2023-5812 flusity CMS upload.php handleFileUpload unrestricted upload
A vulnerability has been found in flusity CMS and classified as critical. Affected by this vulnerability is the function handleFileUpload of the file core/tools/upload.php. The manipulation of the argument uploadedfile leads to unrestricted upload. The attack can be launched remotely. The exploit...
PT-2023-26497 · Openrapid · Openrapid Rapidcms
Name of the Vulnerable Software and Affected Versions: OpenRapid RapidCMS versions up to 1.3.1 Description: A critical issue affects the file /admin/upload.php, where the manipulation of the file argument leads to unrestricted upload. The attack can be initiated remotely. The exploit has been...
CVE-2023-34833
An arbitrary file upload vulnerability in the component /api/upload.php of ThinkAdmin v6 allows attackers to execute arbitrary code via a crafted file...
CVE-2022-34128
The Cartography aka positions plugin before 6.0.1 for GLPI allows remote code execution via PHP code in the POST data to front/upload.php...
CVE-2023-2036
A vulnerability was found in Campcodes Video Sharing Website 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file upload.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed...
Sql injection
A vulnerability was found in Campcodes Video Sharing Website 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file upload.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed...
Server side request forgery (ssrf)
UNSUPPORTED WHEN ASSIGNED A vulnerability, which was classified as critical, was found in yuan1994 tpAdmin 1.3.12. Affected is the function remote of the file application\admin\controller\Upload.php. The manipulation of the argument url leads to server-side request forgery. It is possible to laun...
CVE-2023-1971 yuan1994 tpAdmin Upload.php remote server-side request forgery
UNSUPPORTED WHEN ASSIGNED A vulnerability, which was classified as critical, was found in yuan1994 tpAdmin 1.3.12. Affected is the function remote of the file application\admin\controller\Upload.php. The manipulation of the argument url leads to server-side request forgery. It is possible to laun...
CVE-2023-1970 yuan1994 tpAdmin Upload.php Upload unrestricted upload
UNSUPPORTED WHEN ASSIGNED A vulnerability, which was classified as problematic, has been found in yuan1994 tpAdmin 1.3.12. This issue affects the function Upload of the file application\admin\controller\Upload.php. The manipulation of the argument file leads to unrestricted upload. The attack may...
PT-2023-2442 · Ftp Admin · Ftp Admin
Name of the Vulnerable Software and Affected Versions: tpAdmin version 1.3.12 Description: A critical vulnerability was found in the function remote of the file applicationadmincontrollerUpload.php. The manipulation of the argument url leads to server-side request forgery. It is possible to launc...
CVE-2023-1739 SourceCodester Simple and Beautiful Shopping Cart System upload.php unrestricted upload
A vulnerability was found in SourceCodester Simple and Beautiful Shopping Cart System 1.0 and classified as critical. This issue affects some unknown processing of the file upload.php. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The exploit has been...
PT-2023-17204 · Sourcecodester · Sourcecodester Simple/Beautiful Shopping Cart System
Name of the Vulnerable Software and Affected Versions: SourceCodester Simple and Beautiful Shopping Cart System version 1.0 Description: A critical issue affects the processing of the file upload.php, leading to unrestricted upload. The attack can be initiated remotely. Recommendations: For...
CVE-2022-48006
An arbitrary file upload vulnerability in taocms v3.0.2 allows attackers to execute arbitrary code via a crafted PHP file. This vulnerability is exploited via manipulation of the upext variable at /include/Model/Upload.php...
Unrestricted file upload
File upload vulnerability in asith-eranga ISIC tour booking through version published on Feb 13th 2018, allows attackers to upload arbitrary files via /system/application/libs/js/tinymce/plugins/filemanager/dialog.php and /system/application/libs/js/tinymce/plugins/filemanager/upload.php...
CVE-2022-3771 easyii CMS File Upload Management Upload.php file unrestricted upload
A vulnerability, which was classified as critical, has been found in easyii CMS. This issue affects the function file of the file helpers/Upload.php of the component File Upload Management. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The identifier...
CVE-2022-2419 URVE Web Manager upload.php unrestricted upload
A vulnerability was found in URVE Web Manager. It has been declared as critical. This vulnerability affects unknown code of the file internal/collector/upload.php. The manipulation leads to unrestricted upload. Access to the local network is required for this attack to succeed. The exploit has be...
CVE-2022-30508
DedeCMS v5.7.93 was discovered to contain arbitrary file deletion vulnerability in upload.php via the delete parameter...
CVE-2022-30508
DedeCMS v5.7.93 was discovered to contain arbitrary file deletion vulnerability in upload.php via the delete parameter...