127 matches found
CVE-2025-41061
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'dataAddonlayouts' and 'dataAddonlayoutsexcept' parameters in /apprain/developer/addons/update/uploadify...
CVE-2025-41061
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'dataAddonlayouts' and 'dataAddonlayoutsexcept' parameters in /apprain/developer/addons/update/uploadify...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via improper validation of user input in the dataAddonlayouts and dataAddonlayoutsexcept parameters within the /apprain/developer/addons/update/uploadify process. An attacker can execute arbitrary JavaScript cod...
CVE-2025-41061 Stored Cross-Site Scripting vulnerability in appRain CMF
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'dataAddonlayouts' and 'dataAddonlayoutsexcept' parameters in /apprain/developer/addons/update/uploadify...
CVE-2025-41061 Stored Cross-Site Scripting vulnerability in appRain CMF
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'dataAddonlayouts' and 'dataAddonlayoutsexcept' parameters in /apprain/developer/addons/update/uploadify...
CVE-2025-41061
appRain CMF 4.0.5 contains a stored authenticated XSS vulnerability in the /apprain/developer/addons/update/uploadify endpoint, caused by insufficient validation of user input in data[Addon][layouts] and data[Addon][layouts_except]. Public descriptions from CNVD/CNNVD and SNYK corroborate that th...
appRain CMF 跨站脚本漏洞
appRain CMF is a content management framework. A cross-site scripting vulnerability exists in appRain CMF due to improper validation of user input on the /apprain/developer/addons/update/uploadify endpoint. An attacker could use this vulnerability to steal the victim's cookie-based authentication...
PT-2025-35932
Name of the Vulnerable Software and Affected Versions: appRain CMF version 4.0.5 Description: A stored authenticated Cross-Site Scripting XSS issue exists due to insufficient validation of user-supplied data. The vulnerability is triggered through the dataAddonlayouts and dataAddonlayouts except...
CVE-2012-10052
EGallery version 1.2 contains an unauthenticated arbitrary file upload vulnerability in the uploadify.php script. The application fails to validate file types or enforce authentication, allowing remote attackers to upload malicious PHP files directly into the web-accessible egallery/ directory...
CVE-2012-10052 EGallery 1.2 Arbitrary PHP File Upload
EGallery version 1.2 contains an unauthenticated arbitrary file upload vulnerability in the uploadify.php script. The application fails to validate file types or enforce authentication, allowing remote attackers to upload malicious PHP files directly into the web-accessible egallery/ directory...
CVE-2012-10052 EGallery 1.2 Arbitrary PHP File Upload
EGallery version 1.2 contains an unauthenticated arbitrary file upload vulnerability in the uploadify.php script. The application fails to validate file types or enforce authentication, allowing remote attackers to upload malicious PHP files directly into the web-accessible egallery/ directory...
CVE-2012-10052
CVE-2012-10052 affects EGallery (version 1.2). The vulnerability is an unauthenticated arbitrary file upload in the uploadify.php script, where the app does not validate file types or require authentication, allowing remote attackers to upload PHP files into the web-accessible egallery/ directory...
PT-2025-32405 · Gallery · Gallery
Name of the Vulnerable Software and Affected Versions: EGallery version 1.2 Description: EGallery version 1.2 contains an unauthenticated arbitrary file upload vulnerability in the uploadify.php script. The application does not validate file types or enforce authentication, allowing remote...
CVE-2012-10027
WP-Property plugin for WordPress up to and including version 1.35.0 contains an unauthenticated file upload vulnerability in the third-party uploadify.php script. A remote attacker can upload arbitrary PHP files to a temporary directory without authentication, leading to remote code execution...
VulnCheck KEV: CVE-2023-2648
A vulnerability was found in Weaver E-Office 9.5. It has been classified as critical. This affects an unknown part of the file /inc/jquery/uploadify/uploadify.php. The manipulation of the argument Filedata leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit...
CVE-2023-2648
A vulnerability was found in Weaver E-Office 9.5. It has been classified as critical. This affects an unknown part of the file /inc/jquery/uploadify/uploadify.php. The manipulation of the argument Filedata leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit h...
PT-2023-20671 · Unknown +1 · Weaver E-Office +1
Name of the Vulnerable Software and Affected Versions: Weaver E-Office version 9.5 Description: A critical issue has been found, affecting an unknown part of the file /inc/jquery/uploadify/uploadify.php. The manipulation of the Filedata argument leads to unrestricted upload. It is possible to...
Weaver E-Office 代码问题漏洞
Weaver E-Office is a collaborative office system from China's Panavision Technologies Weaver. A code issue vulnerability exists in Weaver E-Office version 9.5, which stems from a problem with the file /inc/jquery/uploadify/uploadify.php, where manipulation of the parameter Filedata can result in...
TPshop open source mall management background Uploadify page file upload vulnerability
TPshop open source mall is developed with the latest version of ThinkPHP shop mall. TPshop open source mall management background Uploadify page file upload vulnerability. Attackers can use this vulnerability to upload webshell, get server privileges...
TPshop open source mall merchant management background Uploadify page file upload vulnerabilities exist
TPshop open source mall is developed with the latest version of ThinkPHP shop mall. TPshop open source mall merchant management background Uploadify page file upload vulnerability. Attackers can use this vulnerability to upload webshell, get server privileges...