13 matches found
CVE-2026-1879
A vulnerability was detected in Harvard University IQSS Dataverse up to 6.8. This affects an unknown function of the file /ThemeAndWidgets.xhtml of the component Theme Customization. Performing a manipulation of the argument uploadLogo results in unrestricted upload. Remote exploitation of the...
EUVD-2026-17851
A vulnerability was detected in Harvard University IQSS Dataverse up to 6.8. This affects an unknown function of the file /ThemeAndWidgets.xhtml of the component Theme Customization. Performing a manipulation of the argument uploadLogo results in unrestricted upload. Remote exploitation of the...
CVE-2026-1879
A vulnerability was detected in Harvard University IQSS Dataverse up to 6.8. This affects an unknown function of the file /ThemeAndWidgets.xhtml of the component Theme Customization. Performing a manipulation of the argument uploadLogo results in unrestricted upload. Remote exploitation of the...
CVE-2026-1879
A vulnerability was detected in Harvard University IQSS Dataverse up to 6.8. This affects an unknown function of the file /ThemeAndWidgets.xhtml of the component Theme Customization. Performing a manipulation of the argument uploadLogo results in unrestricted upload. Remote exploitation of the...
CVE-2026-1879 Harvard University IQSS Dataverse Theme Customization ThemeAndWidgets.xhtml unrestricted upload
A vulnerability was detected in Harvard University IQSS Dataverse up to 6.8. This affects an unknown function of the file /ThemeAndWidgets.xhtml of the component Theme Customization. Performing a manipulation of the argument uploadLogo results in unrestricted upload. Remote exploitation of the...
PT-2026-29508
A vulnerability was detected in Harvard University IQSS Dataverse up to 6.8. This affects an unknown function of the file /ThemeAndWidgets.xhtml of the component Theme Customization. Performing a manipulation of the argument uploadLogo results in unrestricted upload. Remote exploitation of the...
Dataverse 代码问题漏洞
Dataverse is an open-source research data management and sharing platform developed by the Institute for Quantitative Social Science. Versions of Dataverse 6.8 and earlier contained code vulnerabilities. These vulnerabilities stemmed from operations involving the parameter uploadLogo in the...
PT-2026-8092
@VulmonFeeds 🚨 CVE-2025-27928 is a vulnerability associated with Link Power OA, specifically an arbitrary file upload flaw in the UpLoadFile/uploadLogo endpoint, as identified in NSFOCUS NIPS/IPS rule updates. CVE Vulnerability...
CVE-2024-29858
In MISP before 2.4.187, uploadLogo in app/Controller/OrganisationsController.php does not properly check for a valid logo upload...
CVE-2024-29858
In MISP before 2.4.187, uploadLogo in app/Controller/OrganisationsController.php does not properly check for a valid logo upload...
CVE-2024-25842
An issue was discovered in Presta World "Account Manager - Sales Representative & Dealers - CRM" prestasalesmanager module for PrestaShop before version 9.0, allows remote attackers to escalate privilege and obtain sensitive information via the uploadLogo and postProcess methods...
CVE-2024-25842
An issue was discovered in Presta World "Account Manager - Sales Representative & Dealers - CRM" prestasalesmanager module for PrestaShop before version 9.0, allows remote attackers to escalate privilege and obtain sensitive information via the uploadLogo and postProcess methods...
CVE-2024-25842
An issue was discovered in Presta World "Account Manager - Sales Representative & Dealers - CRM" prestasalesmanager module for PrestaShop before version 9.0, allows remote attackers to escalate privilege and obtain sensitive information via the uploadLogo and postProcess methods...