157 matches found
CVE-2025-2031
A vulnerability classified as critical has been found in ChestnutCMS up to 1.5.2. This affects the function uploadFile of the file /dev-api/cms/file/upload. The manipulation of the argument file leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been...
CVE-2023-51643
Allegra uploadFile Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be...
CVE-2023-51643
Allegra uploadFile Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be...
CVE-2023-51643
Allegra uploadFile Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be...
CVE-2023-51643 Allegra uploadFile Directory Traversal Remote Code Execution Vulnerability
Allegra uploadFile Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be...
CVE-2023-51643 Allegra uploadFile Directory Traversal Remote Code Execution Vulnerability
Allegra uploadFile Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be...
Allegra 路径遍历漏洞
Allegra is a project management software for mid-sized organizations from Allegra. A path traversal vulnerability exists in Allegra, which stems from the uploadFile feature containing a directory traversal remote code execution vulnerability...
CVE-2024-9855 07FLYCMS/07FLY-CMS/07FlyCRM Module Plug-In sysmodule_1 uploadFile unrestricted upload
A vulnerability was found in 07FLYCMS, 07FLY-CMS and 07FlyCRM 1.3.8. It has been declared as critical. Affected by this vulnerability is the function uploadFile of the file /admin/SysModule/upload/ajaxmodel/upload/uploadfilepath/sysmodule1 of the component Module Plug-In Handler. The manipulation...
CVE-2024-9855 07FLYCMS/07FLY-CMS/07FlyCRM Module Plug-In sysmodule_1 uploadFile unrestricted upload
A vulnerability was found in 07FLYCMS, 07FLY-CMS and 07FlyCRM 1.3.8. It has been declared as critical. Affected by this vulnerability is the function uploadFile of the file /admin/SysModule/upload/ajaxmodel/upload/uploadfilepath/sysmodule1 of the component Module Plug-In Handler. The manipulation...
CVE-2024-9291
A vulnerability classified as problematic has been found in kalvinGit kvf-admin up to f12a94dc1ebb7d1c51ee978a85e4c7ed75c620ff. Affected is an unknown function of the file /ueditor/upload?configPath=ueditor/config.json&action=uploadfile of the component XML File Handler. The manipulation of the...
VulnCheck KEV: CVE-2024-13981
LiveBOS, an object-oriented business architecture middleware suite developed by Apex Software Co., Ltd., contains an arbitrary file upload vulnerability in its UploadFile.do;.js.jsp endpoint. This flaw affects the LiveBOS Server component and allows unauthenticated remote attackers to upload...
GO-2022-1153 Casdoor arbitrary file deletion vulnerability via uploadFile function in github.com/casdoor/casdoor
Casdoor arbitrary file deletion vulnerability via uploadFile function in github.com/casdoor/casdoor...
CVE-2024-7706
A vulnerability was found in Fujian mwcms 1.0.0. It has been rated as critical. Affected by this issue is the function uploadimage of the file /uploadfile.html. The manipulation of the argument upfile leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclose...
MWCMS 代码问题漏洞
MWCMS is a content management system of China's CodeWing Network Technology Company. A code issue exists in MWCMS version 1.0.0, which is caused by an unrestricted file upload vulnerability in the upfile parameter of the /uploadfile.html page...
PT-2024-38276 · Baidu · Baidu Ueditor
Name of the Vulnerable Software and Affected Versions: Baidu UEditor version 1.4.3.3 Description: A vulnerability was found in Baidu UEditor, affecting an unknown part of the file "/ueditor/php/controller.php?action=uploadfile&encode=utf-8". The manipulation of the upfile argument leads to...
The vulnerability in the upload.php script of the UploadFile class in the Ruijie EG-2000SE software library allows attackers to upload arbitrary files.
The vulnerability of the upload.php script in the UploadFile class of the Ruijie EG-2000SE gateway software relates to the ability to upload files of a dangerous type without restrictions. Exploiting this vulnerability allows an attacker to remotely upload any type of files...
CVE-2024-6730 Nanjing Xingyuantu Technology SparkShop uploadFile unrestricted upload
A vulnerability was found in Nanjing Xingyuantu Technology SparkShop up to 1.1.6. It has been rated as critical. This issue affects some unknown processing of the file /api/Common/uploadFile. The manipulation of the argument file leads to unrestricted upload. The attack may be initiated remotely...
Nanjing Xingyuantu Technology SparkShop Code Issue Vulnerability
Nanjing Xingyuantu Technology SparkShop is an open source shopping mall from Nanjing Xingyuantu Technology, a Chinese company. A code issue vulnerability exists in Nanjing Xingyuantu Technology SparkShop 1.1.6 and earlier versions, which stems from the parameter file in the file...
CVE-2023-32166
D-Link D-View uploadFile Directory Traversal Arbitrary File Creation Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of D-Link D-View. Authentication is required to exploit this vulnerability. The specific flaw exists within the...
CVE-2023-32166
D-Link D-View uploadFile Directory Traversal Arbitrary File Creation Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of D-Link D-View. Authentication is required to exploit this vulnerability. The specific flaw exists within the...