15 matches found
CVE-2026-6555
The ProSolution WP Client plugin for WordPress is vulnerable to Arbitrary File Upload in versions up to, and including, 2.0.0. This is due to an array validation mismatch where only the first file in the upload array undergoes extension and MIME type validation, while all files are processed and...
Arbitrary Code Injection
Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via insufficient validation of query parameters used in JSP file creation. An attacker can execute arbitrary code on the server by supplying crafted query parameters that cause a JSP file containing...
CVE-2026-40909
WWBN AVideo (pre-29.0) contains a path traversal in locale/save.php that concatenates $_POST['flag'] into the target path and writes $_POST['code'] to that path via fwrite(), allowing an attacker with admin access or CSRF to write arbitrary PHP files outside locale/ and achieve Remote Code Execut...
CVE-2026-32931
Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, an unrestricted file upload vulnerability in the exercise sound upload function allows an authenticated teacher to upload a PHP webshell by spoofing the Content-Type header to audio/mpeg. The uploaded file retains its...
CVE-2025-69906
Monstra CMS v3.0.4 contains an arbitrary file upload vulnerability in the Files Manager plugin. The application relies on blacklist-based file extension validation and stores uploaded files directly in a web-accessible directory. Under typical server configurations, this can allow an attacker to...
CVE-2025-69906
Monstra CMS v3.0.4 contains an arbitrary file upload vulnerability in the Files Manager plugin. The application relies on blacklist-based file extension validation and stores uploaded files directly in a web-accessible directory. Under typical server configurations, this can allow an attacker to...
CVE-2025-60500
QDocs Smart School Management System 7.1 allows authenticated users with roles such as "accountant" or "admin" to bypass file type restrictions in the media upload feature by abusing the alternate YouTube URL option. This logic flaw permits uploading of arbitrary PHP files, which are stored in a...
CVE-2025-60500
QDocs Smart School Management System 7.1 allows authenticated users with roles such as "accountant" or "admin" to bypass file type restrictions in the media upload feature by abusing the alternate YouTube URL option. This logic flaw permits uploading of arbitrary PHP files, which are stored in a...
CVE-2012-10036
Project Pier 0.8.8 and earlier contains an unauthenticated arbitrary file upload vulnerability in tools/uploadfile.php. The upload handler fails to validate the file type or enforce authentication, allowing remote attackers to upload malicious PHP files directly into a web-accessible directory. T...
CVE-2012-10052
EGallery version 1.2 contains an unauthenticated arbitrary file upload vulnerability in the uploadify.php script. The application fails to validate file types or enforce authentication, allowing remote attackers to upload malicious PHP files directly into the web-accessible egallery/ directory...
CVE-2012-10045 XODA 0.4.5 Arbitrary PHP File Upload
XODA version 0.4.5 contains an unauthenticated file upload vulnerability that allows remote attackers to execute arbitrary PHP code on the server. The flaw resides in the upload functionality, which fails to properly validate or restrict uploaded file types. By crafting a multipart/form-data POST...
GLSA-201711-15 : PHPUnit: Remote code execution
The remote host is affected by the vulnerability described in GLSA-201711-15 PHPUnit: Remote code execution When PHPUnit is installed in a production environment via composer and these modules are in a web accessible directory, the eval-stdin.php file in PHPUnit contains vulnerable statements tha...
eFront 3.5.1 build 2710 - Arbitrary File Upload
eFront 3.5.1 build 2710 - Arbitrary File Upload -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- eFront eNYe-Sec - www.enye-sec.org -- Description by the author's page -- eFront is an easy to use, visually attractive, SCORM compatible, eLearning and Human Capital Development...
Macromedia Coldfusion MX application server information leak
Compilde JAVA pages are stored in the Web accessible directory...
PCCS MySQL DB Admin Tool v1.2.3- Advisory
This advisory highlights a weakness in the file structure of the a href="http://PCCS-Linux.COM/PCCS"PCCS MySQL Database Admin Tool/a. This web application can expose a mySQL administrator’s password. Problem: The default install requires you to use a directory that is web accessible. Under that...