157 matches found
PT-2024-6688 · Abb · Nexus Series +2
Name of the Vulnerable Software and Affected Versions: ABB ASPECT Enterprise versions through 3.08.01 ABB NEXUS Series versions through 3.08.01 ABB MATRIX Series versions through 3.08.01 Description: An improper input validation vulnerability exists in the uploadFile function within the...
CVE-2024-29273
There is Stored Cross-Site Scripting XSS in dzzoffice 2.02.1 SC UTF8 in uploadfile to index.php, with the XSS payload in an SVG document...
CVE-2024-29273
There is Stored Cross-Site Scripting XSS in dzzoffice 2.02.1 SC UTF8 in uploadfile to index.php, with the XSS payload in an SVG document...
CVE-2024-29273
There is Stored Cross-Site Scripting XSS in dzzoffice 2.02.1 SC UTF8 in uploadfile to index.php, with the XSS payload in an SVG document...
CVE-2024-29273
Affected software: dzzoffice 2.02.1 SC UTF8. Vulnerability: Stored XSS via an SVG payload uploaded to uploadfile/index.php, exploiting insufficient input filtering/escaping. Impact: could allow execution of arbitrary script in the victim’s browser (per CVE description; CVSS base 6.1, UI: Required...
CVE-2024-25166
Cross Site Scripting vulnerability in 71CMS v.1.0.0 allows a remote attacker to execute arbitrary code via the uploadfile action parameter in the controller.php file...
CVE-2024-25166
Cross Site Scripting vulnerability in 71CMS v.1.0.0 allows a remote attacker to execute arbitrary code via the uploadfile action parameter in the controller.php file...
Cross site scripting
Cross Site Scripting vulnerability in 71CMS v.1.0.0 allows a remote attacker to execute arbitrary code via the uploadfile action parameter in the controller.php file...
CVE-2024-25166
Cross Site Scripting vulnerability in 71CMS v.1.0.0 allows a remote attacker to execute arbitrary code via the uploadfile action parameter in the controller.php file...
71CMS Security Breach
71CMS is xiaocheng-keji open source a smart party building system. 71CMS v.1.0.0 version has a security vulnerability. Attackers use this vulnerability to execute arbitrary code via the uploadfile parameter in the controller.php file...
PT-2024-20794 · 71Cms · 71Cms
Name of the Vulnerable Software and Affected Versions: 71CMS version 1.0.0 Description: The issue allows a remote attacker to execute arbitrary code via the uploadfile action parameter in the controller.php file. This is a Cross Site Scripting vulnerability. Recommendations: For 71CMS version...
Allegra uploadFile Directory Traversal Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the uploadFile method. The issue...
PT-2024-14219 · Allegra · Allegra
Name of the Vulnerable Software and Affected Versions: Allegra affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations of Allegra. Although authentication is required to exploit this issue, the existing authentication...
CVE-2024-1034
A vulnerability, which was classified as critical, was found in openBI up to 1.0.8. This affects the function uploadFile of the file /application/index/controller/File.php. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclose...
CVE-2024-1034 openBI File.php uploadFile unrestricted upload
A vulnerability, which was classified as critical, was found in openBI up to 1.0.8. This affects the function uploadFile of the file /application/index/controller/File.php. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclose...
openBI Security Vulnerabilities
openBI is a big data visualization solution from openBI Inc. A security vulnerability exists in openBI version 1.0.8, which stems from an unrestricted file upload in the uploadFile method of the /application/index/controller/File.php file...
PT-2024-16199 · Openbi · Openbi
Name of the Vulnerable Software and Affected Versions: openBI versions up to 1.0.8 Description: A critical vulnerability was found in openBI, affecting the uploadFile function of the file /application/index/controller/File.php. This leads to unrestricted upload and can be initiated remotely. The...
CVE-2024-0939
A vulnerability has been found in Byzoro Smart S210 Management Platform up to 20240117 and classified as critical. This vulnerability affects unknown code of the file /Tool/uploadfile.php. The manipulation of the argument fileupload leads to unrestricted upload. The attack can be initiated...
PT-2024-15924 · Beijing Baichuo · Beijing Baichuo Smart S210 Management Platform
Name of the Vulnerable Software and Affected Versions: Beijing Baichuo Smart S210 Management Platform versions up to 20240117 Description: A critical vulnerability has been found in the Beijing Baichuo Smart S210 Management Platform. The issue affects the file /Tool/uploadfile.php, where the...
CVE-2023-7091 Dreamer CMS uploadFile unrestricted upload
A vulnerability was found in Dreamer CMS 4.1.3. It has been declared as problematic. This vulnerability affects unknown code of the file /upload/uploadFile. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to...