Lucene search
K

157 matches found

osv
osv
added 2025/03/06 4:15 p.m.3 views

CVE-2025-2031

A vulnerability classified as critical has been found in ChestnutCMS up to 1.5.2. This affects the function uploadFile of the file /dev-api/cms/file/upload. The manipulation of the argument file leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been...

7.6CVSS5.5AI score
Exploits0References4
nvd
nvd
added 2024/11/22 8:15 p.m.21 views

CVE-2023-51643

Allegra uploadFile Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be...

7.2CVSS0.02089EPSS
Exploits0References2
osv
osv
added 2024/11/22 8:15 p.m.5 views

CVE-2023-51643

Allegra uploadFile Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be...

4.7CVSS6.3AI score0.02089EPSS
Exploits0References2
attackerkb
attackerkb
added 2024/11/22 8:15 p.m.2 views

CVE-2023-51643

Allegra uploadFile Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be...

7.2CVSS6.3AI score0.02089EPSS
Exploits0References3
vulnrichment
vulnrichment
added 2024/11/22 8:5 p.m.18 views

CVE-2023-51643 Allegra uploadFile Directory Traversal Remote Code Execution Vulnerability

Allegra uploadFile Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be...

7.2CVSS7.5AI score0.02089EPSS
Exploits0References2
cvelist
cvelist
added 2024/11/22 8:5 p.m.30 views

CVE-2023-51643 Allegra uploadFile Directory Traversal Remote Code Execution Vulnerability

Allegra uploadFile Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be...

7.2CVSS0.02089EPSS
Exploits0References2
cnnvd
cnnvd
added 2024/11/22 12:0 a.m.5 views

Allegra 路径遍历漏洞

Allegra is a project management software for mid-sized organizations from Allegra. A path traversal vulnerability exists in Allegra, which stems from the uploadFile feature containing a directory traversal remote code execution vulnerability...

7.2CVSS7.5AI score0.02089EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2024/10/11 12:31 p.m.12 views

CVE-2024-9855 07FLYCMS/07FLY-CMS/07FlyCRM Module Plug-In sysmodule_1 uploadFile unrestricted upload

A vulnerability was found in 07FLYCMS, 07FLY-CMS and 07FlyCRM 1.3.8. It has been declared as critical. Affected by this vulnerability is the function uploadFile of the file /admin/SysModule/upload/ajaxmodel/upload/uploadfilepath/sysmodule1 of the component Module Plug-In Handler. The manipulation...

5.8CVSS4.8AI score0.00597EPSS
Exploits1References4
cvelist
cvelist
added 2024/10/11 12:31 p.m.23 views

CVE-2024-9855 07FLYCMS/07FLY-CMS/07FlyCRM Module Plug-In sysmodule_1 uploadFile unrestricted upload

A vulnerability was found in 07FLYCMS, 07FLY-CMS and 07FlyCRM 1.3.8. It has been declared as critical. Affected by this vulnerability is the function uploadFile of the file /admin/SysModule/upload/ajaxmodel/upload/uploadfilepath/sysmodule1 of the component Module Plug-In Handler. The manipulation...

5.8CVSS0.00597EPSS
Exploits1References4
osv
osv
added 2024/09/27 9:15 p.m.5 views

CVE-2024-9291

A vulnerability classified as problematic has been found in kalvinGit kvf-admin up to f12a94dc1ebb7d1c51ee978a85e4c7ed75c620ff. Affected is an unknown function of the file /ueditor/upload?configPath=ueditor/config.json&action=uploadfile of the component XML File Handler. The manipulation of the...

5.4CVSS3.8AI score0.00366EPSS
Exploits1References5
vulncheck_kev
vulncheck_kev
added 2024/08/23 12:0 a.m.7 views

VulnCheck KEV: CVE-2024-13981

LiveBOS, an object-oriented business architecture middleware suite developed by Apex Software Co., Ltd., contains an arbitrary file upload vulnerability in its UploadFile.do;.js.jsp endpoint. This flaw affects the LiveBOS Server component and allows unauthenticated remote attackers to upload...

10CVSS5.9AI score0.00844EPSS
Exploits0References1
osv
osv
added 2024/08/21 4:3 p.m.33 views

GO-2022-1153 Casdoor arbitrary file deletion vulnerability via uploadFile function in github.com/casdoor/casdoor

Casdoor arbitrary file deletion vulnerability via uploadFile function in github.com/casdoor/casdoor...

8.1CVSS8.1AI score0.00859EPSS
Exploits1References5
osv
osv
added 2024/08/12 11:15 p.m.4 views

CVE-2024-7706

A vulnerability was found in Fujian mwcms 1.0.0. It has been rated as critical. Affected by this issue is the function uploadimage of the file /uploadfile.html. The manipulation of the argument upfile leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclose...

2.7CVSS5.5AI score0.00413EPSS
Exploits1References4
cnnvd
cnnvd
added 2024/08/12 12:0 a.m.5 views

MWCMS 代码问题漏洞

MWCMS is a content management system of China's CodeWing Network Technology Company. A code issue exists in MWCMS version 1.0.0, which is caused by an unrestricted file upload vulnerability in the upfile parameter of the /uploadfile.html page...

5.8CVSS5.3AI score0.00413EPSS
Exploits1References5
ptsecurity
ptsecurity
added 2024/08/01 12:0 a.m.5 views

PT-2024-38276 · Baidu · Baidu Ueditor

Name of the Vulnerable Software and Affected Versions: Baidu UEditor version 1.4.3.3 Description: A vulnerability was found in Baidu UEditor, affecting an unknown part of the file "/ueditor/php/controller.php?action=uploadfile&encode=utf-8". The manipulation of the upfile argument leads to...

6.1CVSS4.5AI score0.00453EPSS
Exploits1References8
bdu_fstec
bdu_fstec
added 2024/07/31 12:0 a.m.6 views

The vulnerability in the upload.php script of the UploadFile class in the Ruijie EG-2000SE software library allows attackers to upload arbitrary files.

The vulnerability of the upload.php script in the UploadFile class of the Ruijie EG-2000SE gateway software relates to the ability to upload files of a dangerous type without restrictions. Exploiting this vulnerability allows an attacker to remotely upload any type of files...

6.5CVSS5.5AI score0.00442EPSS
Exploits0References3
cvelist
cvelist
added 2024/07/14 1:31 a.m.36 views

CVE-2024-6730 Nanjing Xingyuantu Technology SparkShop uploadFile unrestricted upload

A vulnerability was found in Nanjing Xingyuantu Technology SparkShop up to 1.1.6. It has been rated as critical. This issue affects some unknown processing of the file /api/Common/uploadFile. The manipulation of the argument file leads to unrestricted upload. The attack may be initiated remotely...

6.5CVSS0.00427EPSS
Exploits0References4
cnnvd
cnnvd
added 2024/07/14 12:0 a.m.8 views

Nanjing Xingyuantu Technology SparkShop Code Issue Vulnerability

Nanjing Xingyuantu Technology SparkShop is an open source shopping mall from Nanjing Xingyuantu Technology, a Chinese company. A code issue vulnerability exists in Nanjing Xingyuantu Technology SparkShop 1.1.6 and earlier versions, which stems from the parameter file in the file...

6.5CVSS7AI score0.00427EPSS
Exploits0References5
osv
osv
added 2024/05/03 2:15 a.m.3 views

CVE-2023-32166

D-Link D-View uploadFile Directory Traversal Arbitrary File Creation Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of D-Link D-View. Authentication is required to exploit this vulnerability. The specific flaw exists within the...

8.1CVSS6AI score0.74302EPSS
Exploits0References2
attackerkb
attackerkb
added 2024/05/03 2:15 a.m.3 views

CVE-2023-32166

D-Link D-View uploadFile Directory Traversal Arbitrary File Creation Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of D-Link D-View. Authentication is required to exploit this vulnerability. The specific flaw exists within the...

8.1CVSS6AI score0.74302EPSS
Exploits0References3
Rows per page
Query Builder