27 matches found
CVE-2025-59818
This vulnerability allows authenticated attackers to execute arbitrary commands on the underlying system using the file name of an uploaded file...
CVE-2025-59818
This vulnerability allows authenticated attackers to execute arbitrary commands on the underlying system using the file name of an uploaded file...
CVE-2025-59818
This vulnerability allows authenticated attackers to execute arbitrary commands on the underlying system using the file name of an uploaded file...
CVE-2025-59818 Authenticated Remote Code Execution via the file name of an uploaded file
This vulnerability allows authenticated attackers to execute arbitrary commands on the underlying system using the file name of an uploaded file...
CVE-2025-59818 Authenticated Remote Code Execution via the file name of an uploaded file
This vulnerability allows authenticated attackers to execute arbitrary commands on the underlying system using the file name of an uploaded file...
CVE-2025-59818
This vulnerability allows authenticated attackers to execute arbitrary commands on the underlying system using the file name of an uploaded file...
CVE-2025-59818
CVE-2025-59818 enables authenticated remote code execution by manipulating the file name of an uploaded file. The entry notes a high-severity flaw (CVSS v3.1 base score 10.0) with impact to confidentiality, integrity, and availability (all High). Concrete affected products, versions, root cause s...
EUVD-2025-206811
This vulnerability allows authenticated attackers to execute arbitrary commands on the underlying system using the file name of an uploaded file...
PT-2026-5926
Name of the Vulnerable Software and Affected Versions affected versions not specified Description This issue enables authenticated attackers to execute arbitrary commands on the underlying system by manipulating the file name during file uploads. The vulnerability resides in the file upload...
CVE-2025-65473
An arbitrary file rename vulnerability in the /admin/filer.php component of EasyImages 2.0 v2.8.6 and below allows attackers with Administrator privileges to execute arbitrary code via injecting a crafted payload into an uploaded file name...
CVE-2025-65473
CVE-2025-65473 affects EasyImages 2.0 through 2.8.6, specifically the /admin/filer.php component. A flaw allows attackers with Administrator privileges to execute arbitrary code by injecting a crafted payload into an uploaded file name, resulting in arbitrary file rename. The Red Hat, CIRCL, NVD,...
EUVD-2023-2855
Malicious code in bioql PyPI...
EUVD-2022-39449
Malicious code in bioql PyPI...
CVE-2024-35203
Mahara before 22.10.6, 23.04.6, and 24.04.1 allows cross-site scripting XSS via a file, with JavaScript code as part of its name, that is uploaded via the Mahara filebrowser system...
Linux Distros Unpatched Vulnerability : CVE-2024-23659
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SPIP before 4.1.14 and 4.2.x before 4.2.8 allows XSS via the name of an uploaded file. This is related to javascript/bigup.js and javascript/bigup.utils.js...
CVE-2024-25801
SKINsoft S-Museum 7.02.3 allows XSS via the filename of an uploaded file. Unlike in CVE-2024-25802, the attack payload is in the name not the content of a file...
CVE-2024-25801
SKINsoft S-Museum 7.02.3 allows XSS via the filename of an uploaded file. Unlike in CVE-2024-25802, the attack payload is in the name not the content of a file...
CVE-2023-48649
Concrete CMS before 8.5.13 and 9.x before 9.2.2 allows stored XSS on the Admin page via an uploaded file name...
Design/Logic Flaw
Concrete CMS before 8.5.13 and 9.x before 9.2.2 allows stored XSS on the Admin page via an uploaded file name...
CVE-2023-48649
Concrete CMS before 8.5.13 and 9.x before 9.2.2 allows stored XSS on the Admin page via an uploaded file name...