CVE-2023-4988

A vulnerability, which was classified as problematic, was found in Bettershop LaikeTui. This affects an unknown part of the file index.php?module=system=uploadImg. The manipulation of the argument imgFile leads to unrestricted upload. It is possible to initiate the attack remotely. This product...

EUVD-2021-20792

Malware in sbrugna...

CVE-2023-27757

An arbitrary file upload vulnerability in the /admin/user/uploadImg component of PerfreeBlog v3.1.1 allows attackers to execute arbitrary code via a crafted JPG file...

Arbitrary File Upload

Overview showdoc/showdoc is a tool for an IT team to share documents online. Affected versions of this package are vulnerable to Arbitrary File Upload due to the uploadImg method in the PageController class, which improperly validates file extensions. An attacker can execute arbitrary code by...

CVE-2025-2363 lenve VBlog ArticleController.java uploadImg path traversal

A vulnerability classified as critical has been found in lenve VBlog up to 1.0.0. Affected is the function uploadImg of the file blogserver/src/main/java/org/sang/controller/ArticleController.java. The manipulation of the argument filename leads to path traversal. It is possible to launch the...

Novel-Plus Code Issue Vulnerability

Novel-Plus is an online social reading and writing platform from Novel-Plus, Inc. A code issue vulnerability exists in Novel-Plus v4.3.0-RC1 and earlier versions, which stems from an arbitrary file upload vulnerability in the component com.java2nb.system.controller.SysUserController: uploadImg...

CVE-2023-4988

A vulnerability, which was classified as problematic, was found in Bettershop LaikeTui. This affects an unknown part of the file index.php?module=system&action=uploadImg. The manipulation of the argument imgFile leads to unrestricted upload. It is possible to initiate the attack remotely. This...

Directory traversal

LaikeTui 3.5.0 allows remote authenticated users to delete arbitrary files, as demonstrated by deleting install.lock in order to reinstall the product in an attacker-controlled manner. This deletion is possible via directory traversal in the uploadImg, oldpic, or imgurl parameter...

Multiple XSS Vulnerabilities in ZZCMS 7.2

ZZCMS is an enterprise website builder. ZZCMS 7.2 suffers from an XSS vulnerability in the /inc/top.php page and the Uploadimgform.php page. An attacker can exploit the vulnerability to inject arbitrary Web script or HTML...

F2blog Shell Upload

Name: f2blog Remote File Uploader RFU Sh3ll Google Dork: inurl:/plugins/expose4/uploadimg.php Type: PhP Author: MR.XpR Tested On: Linux Backtrack 1.Upload shell ----- Sh3ll.php.jpg 2.load shell ------- http://patch/components/comexpose/expose/img/shell.php.jpg Expamle :...