22 matches found
CVE-2026-40909
WWBN AVideo (pre-29.0) contains a path traversal in locale/save.php that concatenates $_POST['flag'] into the target path and writes $_POST['code'] to that path via fwrite(), allowing an attacker with admin access or CSRF to write arbitrary PHP files outside locale/ and achieve Remote Code Execut...
CVE-2026-32931
Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, an unrestricted file upload vulnerability in the exercise sound upload function allows an authenticated teacher to upload a PHP webshell by spoofing the Content-Type header to audio/mpeg. The uploaded file retains its...
PT-2026-32010
Name of the Vulnerable Software and Affected Versions Chamilo LMS versions prior to 1.11.38 and prior to 2.0.0-RC.3 Description Chamilo LMS, a learning management system, contains a file upload issue in the exercise sound upload function. An authenticated teacher can upload a PHP webshell by...
Arbitrary File Upload
Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Arbitrary File Upload through the downloadVideoFromDownloadURL function. A user with upload permissions can execute arbitrary code on the server by uploading a...
CVE-2025-69906
Monstra CMS v3.0.4 contains an arbitrary file upload vulnerability in the Files Manager plugin. The application relies on blacklist-based file extension validation and stores uploaded files directly in a web-accessible directory. Under typical server configurations, this can allow an attacker to...
CVE-2025-69906
Monstra CMS v3.0.4 contains an arbitrary file upload vulnerability in the Files Manager plugin. The application relies on blacklist-based file extension validation and stores uploaded files directly in a web-accessible directory. Under typical server configurations, this can allow an attacker to...
CVE-2025-60500
QDocs Smart School Management System 7.1 allows authenticated users with roles such as "accountant" or "admin" to bypass file type restrictions in the media upload feature by abusing the alternate YouTube URL option. This logic flaw permits uploading of arbitrary PHP files, which are stored in a...
CVE-2025-60500
QDocs Smart School Management System 7.1 allows authenticated users with roles such as "accountant" or "admin" to bypass file type restrictions in the media upload feature by abusing the alternate YouTube URL option. This logic flaw permits uploading of arbitrary PHP files, which are stored in a...
CVE-2012-10036
Project Pier 0.8.8 and earlier contains an unauthenticated arbitrary file upload vulnerability in tools/uploadfile.php. The upload handler fails to validate the file type or enforce authentication, allowing remote attackers to upload malicious PHP files directly into a web-accessible directory. T...
CVE-2012-10052
EGallery version 1.2 contains an unauthenticated arbitrary file upload vulnerability in the uploadify.php script. The application fails to validate file types or enforce authentication, allowing remote attackers to upload malicious PHP files directly into the web-accessible egallery/ directory...
CVE-2012-10045 XODA 0.4.5 Arbitrary PHP File Upload
XODA version 0.4.5 contains an unauthenticated file upload vulnerability that allows remote attackers to execute arbitrary PHP code on the server. The flaw resides in the upload functionality, which fails to properly validate or restrict uploaded file types. By crafting a multipart/form-data POST...
VMware vCenter Server File Upload / Remote Code Execution Exploit
This Metasploit module exploits an unauthenticated OVA file upload and path traversal in VMware vCenter Server to write a JSP payload to a web-accessible directory. Fixed versions are 6.5 Update 3n, 6.7 Update 3l, and 7.0 Update 1c. Note that later vulnerable versions of the Linux appliance aren'...
VMware vCenter Server File Upload / Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'VMware vCenter Server Unauthenticated OVA File Upload RCE', 'Description' = %q This module exploits an unauthenticated OVA file upload and path...
GLSA-201711-15 : PHPUnit: Remote code execution
The remote host is affected by the vulnerability described in GLSA-201711-15 PHPUnit: Remote code execution When PHPUnit is installed in a production environment via composer and these modules are in a web accessible directory, the eval-stdin.php file in PHPUnit contains vulnerable statements tha...
Allaire ColdFusion Server 4.0/4.0.1 CFCACHE Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/917/info ColdFusion 4.x includes a function called CFCACHE. This function improves server performance by caching the HTML output of processed CFM pages. When the CFCACHE tag is used in a CFM page, it creates temporary...
OpenX Open Flash Chart ofc_upload_image.php File Upload Arbitrary Code Execution
The third-party Open Flash Chart component included with the version of OpenX hosted on the remote web server allows an unauthenticated attacker to upload arbitrary files to the affected system, by default in a web-accessible directory. While Nessus has not verified this, it is likely that an...
eFront 3.5.1 build 2710 - Arbitrary File Upload
eFront 3.5.1 build 2710 - Arbitrary File Upload -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- eFront eNYe-Sec - www.enye-sec.org -- Description by the author's page -- eFront is an easy to use, visually attractive, SCORM compatible, eLearning and Human Capital Development...
Macromedia Coldfusion MX application server information leak
Compilde JAVA pages are stored in the Web accessible directory...
CVE-2000-1161
The installation of AdCycle banner management system leaves the build.cgi program in a web-accessible directory, which allows remote attackers to execute the program and view passwords or delete databases...
PCCS MySQL DB Admin Tool v1.2.3- Advisory
This advisory highlights a weakness in the file structure of the a href="http://PCCS-Linux.COM/PCCS"PCCS MySQL Database Admin Tool/a. This web application can expose a mySQL administrator’s password. Problem: The default install requires you to use a directory that is web accessible. Under that...