CVE-2024-29273

There is Stored Cross-Site Scripting XSS in dzzoffice 2.02.1 SC UTF8 in uploadfile to index.php, with the XSS payload in an SVG document...

CVE-2024-25166

Cross Site Scripting vulnerability in 71CMS v.1.0.0 allows a remote attacker to execute arbitrary code via the uploadfile action parameter in the controller.php file...

CVE-2024-25166

Cross Site Scripting vulnerability in 71CMS v.1.0.0 allows a remote attacker to execute arbitrary code via the uploadfile action parameter in the controller.php file...

Cross site scripting

Cross Site Scripting vulnerability in 71CMS v.1.0.0 allows a remote attacker to execute arbitrary code via the uploadfile action parameter in the controller.php file...

CVE-2024-25166

Cross Site Scripting vulnerability in 71CMS v.1.0.0 allows a remote attacker to execute arbitrary code via the uploadfile action parameter in the controller.php file...

71CMS Security Breach

71CMS is xiaocheng-keji open source a smart party building system. 71CMS v.1.0.0 version has a security vulnerability. Attackers use this vulnerability to execute arbitrary code via the uploadfile parameter in the controller.php file...

PT-2024-20794 · 71Cms · 71Cms

Name of the Vulnerable Software and Affected Versions: 71CMS version 1.0.0 Description: The issue allows a remote attacker to execute arbitrary code via the uploadfile action parameter in the controller.php file. This is a Cross Site Scripting vulnerability. Recommendations: For 71CMS version...

PT-2024-14219 · Allegra · Allegra

Name of the Vulnerable Software and Affected Versions: Allegra affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations of Allegra. Although authentication is required to exploit this issue, the existing authentication...

Allegra uploadFile Directory Traversal Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the uploadFile method. The issue...

CVE-2024-1034

A vulnerability, which was classified as critical, was found in openBI up to 1.0.8. This affects the function uploadFile of the file /application/index/controller/File.php. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclose...

CVE-2024-1034 openBI File.php uploadFile unrestricted upload

A vulnerability, which was classified as critical, was found in openBI up to 1.0.8. This affects the function uploadFile of the file /application/index/controller/File.php. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclose...

openBI Security Vulnerabilities

openBI is a big data visualization solution from openBI Inc. A security vulnerability exists in openBI version 1.0.8, which stems from an unrestricted file upload in the uploadFile method of the /application/index/controller/File.php file...

PT-2024-16199 · Openbi · Openbi

Name of the Vulnerable Software and Affected Versions: openBI versions up to 1.0.8 Description: A critical vulnerability was found in openBI, affecting the uploadFile function of the file /application/index/controller/File.php. This leads to unrestricted upload and can be initiated remotely. The...

CVE-2024-0939

A vulnerability has been found in Byzoro Smart S210 Management Platform up to 20240117 and classified as critical. This vulnerability affects unknown code of the file /Tool/uploadfile.php. The manipulation of the argument fileupload leads to unrestricted upload. The attack can be initiated...

PT-2024-15924 · Beijing Baichuo · Beijing Baichuo Smart S210 Management Platform

Name of the Vulnerable Software and Affected Versions: Beijing Baichuo Smart S210 Management Platform versions up to 20240117 Description: A critical vulnerability has been found in the Beijing Baichuo Smart S210 Management Platform. The issue affects the file /Tool/uploadfile.php, where the...

CVE-2023-7091 Dreamer CMS uploadFile unrestricted upload

A vulnerability was found in Dreamer CMS 4.1.3. It has been declared as problematic. This vulnerability affects unknown code of the file /upload/uploadFile. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to...

PT-2023-32866 · Unknown · Dreamer Cms

Name of the Vulnerable Software and Affected Versions: Dreamer CMS version 4.1.3 Description: A vulnerability was found in the software, affecting unknown code of the file /upload/uploadFile. The manipulation of the file argument leads to unrestricted upload. The attack can be initiated remotely...

CVE-2023-6576

A vulnerability was found in Byzoro S210 up to 20231123. It has been declared as critical. This vulnerability affects unknown code of the file /Tool/uploadfile.php of the component HTTP POST Request Handler. The manipulation of the argument fileupload leads to unrestricted upload. The attack can ...

Remote Code Execution (RCE)

guest-entries is vulnerable to Remote Code Execution RCE. The vulnerability is due to the uploadFile function in GuestEntryController.php, as there are no checks for the file type being uploaded. This allows attackers to upload and potentially execute malicious PHP files...

Beijing Baichuo Smart S45F Multi-Service Secure Gateway Intelligent Management Platform Code Issue Vulnerability

Beijing Baichuo Smart S45F Multi-Service Secure Gateway Intelligent Management Platform is a Multi-Service Secure Gateway Intelligent Management Platform from Beijing Baichuo, China. Byzro Networks Smart S45F Multi-Service Secure Gateway Intelligent Management Platform 20230928 and earlier versio...