CVE-2023-51643

Allegra uploadFile Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be...

CVE-2023-51643 Allegra uploadFile Directory Traversal Remote Code Execution Vulnerability

Allegra uploadFile Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be...

CVE-2023-51643 Allegra uploadFile Directory Traversal Remote Code Execution Vulnerability

Allegra uploadFile Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be...

Allegra 路径遍历漏洞

Allegra is a project management software for mid-sized organizations from Allegra. A path traversal vulnerability exists in Allegra, which stems from the uploadFile feature containing a directory traversal remote code execution vulnerability...

CVE-2024-9855 07FLYCMS/07FLY-CMS/07FlyCRM Module Plug-In sysmodule_1 uploadFile unrestricted upload

A vulnerability was found in 07FLYCMS, 07FLY-CMS and 07FlyCRM 1.3.8. It has been declared as critical. Affected by this vulnerability is the function uploadFile of the file /admin/SysModule/upload/ajaxmodel/upload/uploadfilepath/sysmodule1 of the component Module Plug-In Handler. The manipulation...

CVE-2024-9855 07FLYCMS/07FLY-CMS/07FlyCRM Module Plug-In sysmodule_1 uploadFile unrestricted upload

A vulnerability was found in 07FLYCMS, 07FLY-CMS and 07FlyCRM 1.3.8. It has been declared as critical. Affected by this vulnerability is the function uploadFile of the file /admin/SysModule/upload/ajaxmodel/upload/uploadfilepath/sysmodule1 of the component Module Plug-In Handler. The manipulation...

CVE-2024-9291

A vulnerability classified as problematic has been found in kalvinGit kvf-admin up to f12a94dc1ebb7d1c51ee978a85e4c7ed75c620ff. Affected is an unknown function of the file /ueditor/upload?configPath=ueditor/config.json&action=uploadfile of the component XML File Handler. The manipulation of the...

VulnCheck KEV: CVE-2024-13981

LiveBOS, an object-oriented business architecture middleware suite developed by Apex Software Co., Ltd., contains an arbitrary file upload vulnerability in its UploadFile.do;.js.jsp endpoint. This flaw affects the LiveBOS Server component and allows unauthenticated remote attackers to upload...

GO-2022-1153 Casdoor arbitrary file deletion vulnerability via uploadFile function in github.com/casdoor/casdoor

Casdoor arbitrary file deletion vulnerability via uploadFile function in github.com/casdoor/casdoor...

CVE-2024-7706

A vulnerability was found in Fujian mwcms 1.0.0. It has been rated as critical. Affected by this issue is the function uploadimage of the file /uploadfile.html. The manipulation of the argument upfile leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclose...

MWCMS 代码问题漏洞

MWCMS is a content management system of China's CodeWing Network Technology Company. A code issue exists in MWCMS version 1.0.0, which is caused by an unrestricted file upload vulnerability in the upfile parameter of the /uploadfile.html page...

PT-2024-38276 · Baidu · Baidu Ueditor

Name of the Vulnerable Software and Affected Versions: Baidu UEditor version 1.4.3.3 Description: A vulnerability was found in Baidu UEditor, affecting an unknown part of the file "/ueditor/php/controller.php?action=uploadfile&encode=utf-8". The manipulation of the upfile argument leads to...

CVE-2024-6730 Nanjing Xingyuantu Technology SparkShop uploadFile unrestricted upload

A vulnerability was found in Nanjing Xingyuantu Technology SparkShop up to 1.1.6. It has been rated as critical. This issue affects some unknown processing of the file /api/Common/uploadFile. The manipulation of the argument file leads to unrestricted upload. The attack may be initiated remotely...

Nanjing Xingyuantu Technology SparkShop Code Issue Vulnerability

Nanjing Xingyuantu Technology SparkShop is an open source shopping mall from Nanjing Xingyuantu Technology, a Chinese company. A code issue vulnerability exists in Nanjing Xingyuantu Technology SparkShop 1.1.6 and earlier versions, which stems from the parameter file in the file...

CVE-2023-32166

D-Link D-View uploadFile Directory Traversal Arbitrary File Creation Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of D-Link D-View. Authentication is required to exploit this vulnerability. The specific flaw exists within the...

CVE-2023-32166

D-Link D-View uploadFile Directory Traversal Arbitrary File Creation Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of D-Link D-View. Authentication is required to exploit this vulnerability. The specific flaw exists within the...

PT-2024-6688 · Abb · Nexus Series +2

Name of the Vulnerable Software and Affected Versions: ABB ASPECT Enterprise versions through 3.08.01 ABB NEXUS Series versions through 3.08.01 ABB MATRIX Series versions through 3.08.01 Description: An improper input validation vulnerability exists in the uploadFile function within the...

CVE-2024-29273

There is Stored Cross-Site Scripting XSS in dzzoffice 2.02.1 SC UTF8 in uploadfile to index.php, with the XSS payload in an SVG document...

CVE-2024-29273

There is Stored Cross-Site Scripting XSS in dzzoffice 2.02.1 SC UTF8 in uploadfile to index.php, with the XSS payload in an SVG document...

CVE-2024-29273

Affected software: dzzoffice 2.02.1 SC UTF8. Vulnerability: Stored XSS via an SVG payload uploaded to uploadfile/index.php, exploiting insufficient input filtering/escaping. Impact: could allow execution of arbitrary script in the victim’s browser (per CVE description; CVSS base 6.1, UI: Required...