6 matches found
CVE-2025-12563
The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to limited file upload due to an incorrect capability check on theuploadVideo function in all versions up to, and including, 8.6.0. This makes it possible for authenticated attackers, with Subscriber-level acce...
CVE-2025-12563 Blog2Social: Social Media Auto Post & Scheduler <= 8.6.0 - Incorrect Authorization to Video File Upload
The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to limited file upload due to an incorrect capability check on theuploadVideo function in all versions up to, and including, 8.6.0. This makes it possible for authenticated attackers, with Subscriber-level acce...
File upload vulnerability in OFCMS backend ueditor uploadVideo
OFCMS is a content management system developed based on java technology. A file upload vulnerability exists in the OFCMS backend ueditor uploadVideo, which can be exploited by an attacker to upload a webshell and gain access to the server, posing an information leakage and operational security ri...
OFCMS backend ueditor uploadVideo file upload vulnerability
OFCMS is a content management system based on Java technology. A backend ueditor uploadVideo file upload vulnerability exists in versions of OFCMS prior to 1.1.3. The vulnerability stems from the blocking of .jsp and .jspx files that fails to take into account file.jsp::$DATA in the...
CVE-2019-9613
An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider for example file.jsp::$DATA to the admin/ueditor/uploadVideo URI...
Mini File Host 1.x - Arbitrary .PHP File Upload
Mini File Host 1.x - Arbitrary .PHP File Upload --------------------------------------------------------- Portal Name: Mini File Host Version: All version Vendor : http://www.galaxyscripts.com Dork: inurl:index.php?page=img Powered By Mini File Host Author : PouyaServer , [email protected]...