PT-2023-5604 · D Link · D-Link Dar-8000 +1

Name of the Vulnerable Software and Affected Versions: D-Link DAR-7000 and DAR-8000 up to 20151231 Description: A critical vulnerability affects the file /Tool/uploadfile.php, allowing unrestricted upload through the manipulation of the file upload argument. This can be initiated remotely,...

CVE-2023-3625

A vulnerability classified as critical was found in Suncreate Mountain Flood Disaster Prevention Monitoring and Early Warning System up to 20230706. This vulnerability affects unknown code of the file /Duty/AjaxHandle/Write/UploadFile.ashx of the component Duty Write-UploadFile. The manipulation ...

PT-2023-25494 · Suncreate · Suncreate Mountain Flood Disaster Prevention Monitoring/Early Warning System

Name of the Vulnerable Software and Affected Versions: Suncreate Mountain Flood Disaster Prevention Monitoring and Early Warning System up to 20230706 Description: A critical issue was discovered, affecting the /Duty/AjaxHandle/Write/UploadFile.ashx file of the Duty Write-UploadFile component. Th...

Information Disclosure

github.com/answerdev/answer is vulnerable to Information Disclosure. The vulnerability exists due to improper validation in the filePath attribute in the uploadFile function of upload.go, which allows an attacker to access the uploaded image and extract the EXIF data...

PT-2023-12173 · Kitecms · Kitecms

Name of the Vulnerable Software and Affected Versions: KiteCMS version 1.1 Description: A File Upload issue allows a remote attacker to execute arbitrary code via the uploadFile function. This enables the attacker to potentially gain control over the system. Recommendations: For KiteCMS version...

KiteCMS 代码问题漏洞

KiteCMS is a website CMS. A security vulnerability exists in KiteCMS v.1.1. An attacker can exploit this vulnerability to execute arbitrary code via the uploadFile function...

CVE-2023-1484

A vulnerability was found in xzjie cms up to 1.0.3 and classified as critical. This issue affects some unknown processing of the file /api/upload. The manipulation of the argument uploadFile leads to unrestricted upload. The attack may be initiated remotely. The associated identifier of this...

PT-2023-17021 · Xzjie Cms · Xzjie Cms

Name of the Vulnerable Software and Affected Versions: xzjie cms versions up to 1.0.3 Description: A critical issue affects the processing of the file "/api/upload". The manipulation of the uploadFile argument leads to unrestricted upload. The attack can be initiated remotely. Recommendations: Fo...

xzjie cms 代码问题漏洞

xzjie cms is xzjie individual developers of the cloud tower guest - cabin content publishing system. A code issue vulnerability exists in xzjie cms 1.0.3 and earlier versions, which stems from a problem with files/api/upload, where manipulation of the parameter uploadFile can lead to unrestricted...

Casdoor arbitrary file deletion vulnerability via uploadFile function

Casdoor before v1.126.1 was discovered to contain an arbitrary file deletion vulnerability via the uploadFile function...

GHSA-F93F-55C2-8C89 Casdoor arbitrary file deletion vulnerability via uploadFile function

Casdoor before v1.126.1 was discovered to contain an arbitrary file deletion vulnerability via the uploadFile function...

CVE-2022-44942

Casdoor before v1.126.1 was discovered to contain an arbitrary file deletion vulnerability via the uploadFile function...

CVE-2022-44942

Casdoor before v1.126.1 was discovered to contain an arbitrary file deletion vulnerability via the uploadFile function...

Arbitrary file deletion

Casdoor before v1.126.1 was discovered to contain an arbitrary file deletion vulnerability via the uploadFile function...

CVE-2022-44942

Casdoor prior to v1.126.1 is affected by CVE-2022-44942 due to an arbitrary file deletion vulnerability in the uploadFile function. The underlying issue allows an attacker with network access and low privileges (no user interaction required) to delete files, with an overall impact on integrity an...

CVE-2022-44942

Casdoor before v1.126.1 was discovered to contain an arbitrary file deletion vulnerability via the uploadFile function...

PT-2022-27342 · Casdoor · Casdoor

Name of the Vulnerable Software and Affected Versions: Casdoor versions prior to 1.126.1 Description: The issue is related to an arbitrary file deletion vulnerability. This vulnerability can be exploited via the uploadFile function. Recommendations: For versions prior to 1.126.1, update to versio...

Google Android 安全漏洞

Google Android is a Linux-based open source operating system from Google, a U.S. company. Google Android is vulnerable to an information disclosure vulnerability caused by the presence of an obfuscated agent in the uploadFile function in FileUploadServiceImpl.java that leads to incorrect file...

Cross site scripting

Cross-Site Scripting XSS vulnerability in MicroStrategy Web SDK 10.11 and earlier, allows remote unauthenticated attackers to execute arbitrary code via the fileToUpload parameter to the uploadFile task...

Netscaut nGeniusONE UploadFile Function Cross-Site Scripting Vulnerability

Netscout NgeniusOne is a centralized application and network performance management solution from Netscout, Inc. A cross-site scripting vulnerability exists in Netscaut nGeniusONE in version 6.3.0 build 1196 and earlier, which stems from a lack of user input validation and filtering of input data...