2151 matches found
CVE-2026-61873
Grav before 9.1.8 contains an arbitrary file write vulnerability in the Form plugin's process.save.filename parameter, which is validated against path traversal before Twig processing but never re-validated after rendering. Attackers can submit form data containing path traversal sequences that a...
CVE-2026-61873 Grav before 9.1.8 Arbitrary File Write via Twig-Processed Filename
Grav before 9.1.8 contains an arbitrary file write vulnerability in the Form plugin's process.save.filename parameter, which is validated against path traversal before Twig processing but never re-validated after rendering. Attackers can submit form data containing path traversal sequences that a...
CVE-2026-58409 ChurchCRM: Authenticated Remote Code Execution (RCE) via Malicious Plugin Upload
ChurchCRM is an open-source church management system. Prior to version 7.4.0, an authenticated administrator can achieve Remote Code Execution RCE on the server by installing a malicious plugin ZIP archive containing a PHP webshell. The application explicitly includes 'php' in its ALLOWEDEXTENSIO...
CVE-2026-58409
ChurchCRM is an open-source church management system. Prior to version 7.4.0, an authenticated administrator can achieve Remote Code Execution RCE on the server by installing a malicious plugin ZIP archive containing a PHP webshell. The application explicitly includes 'php' in its ALLOWEDEXTENSIO...
CVE-2026-58409 ChurchCRM: Authenticated Remote Code Execution (RCE) via Malicious Plugin Upload
ChurchCRM is an open-source church management system. Prior to version 7.4.0, an authenticated administrator can achieve Remote Code Execution RCE on the server by installing a malicious plugin ZIP archive containing a PHP webshell. The application explicitly includes 'php' in its ALLOWEDEXTENSIO...
Apache ActiveMQ < 5.16.5/5.17.3 - Remote Code Execution
Once an user is authenticated on Jolokia, he can potentially trigger arbitrary code execution. In details, in ActiveMQ configurations, jetty allows org.jolokia.http.AgentServlet to handler request to /api/jolokia org.jolokia.http.HttpRequestHandlerhandlePostRequest is able to create JmxRequest...
CVE-2024-14037
Redsea Cloud eHR contains an arbitrary file upload vulnerability that allows unauthenticated attackers to achieve remote code execution by uploading malicious files through the PtFjk.mob servlet endpoint. Attackers can submit a multipart POST request with a JSP webshell disguised using a spoofed...
CVE-2022-50973
Yonyou KSOA 9.0 contains an unauthenticated arbitrary file upload vulnerability in the com.sksoft.bill.ImageUpload servlet that allows unauthenticated attackers to upload arbitrary files by submitting a POST request with attacker-controlled filepath and filename parameters without any...
CVE-2022-50973 Yonyou KSOA 9.0 Unauthenticated File Upload RCE via ImageUpload Servlet
Yonyou KSOA 9.0 contains an unauthenticated arbitrary file upload vulnerability in the com.sksoft.bill.ImageUpload servlet that allows unauthenticated attackers to upload arbitrary files by submitting a POST request with attacker-controlled filepath and filename parameters without any...
EUVD-2022-56009
Yonyou KSOA 9.0 contains an unauthenticated arbitrary file upload vulnerability in the com.sksoft.bill.ImageUpload servlet that allows unauthenticated attackers to upload arbitrary files by submitting a POST request with attacker-controlled filepath and filename parameters without any...
CVE-2022-50973
Summary: CVE-2022-50973 affects Yonyou KSOA 9.0. The issue is an unauthenticated arbitrary file upload vulnerability in the com.sksoft.bill.ImageUpload servlet. Exploitation requires no authentication and relies on attacker-controlled filepath and filename parameters, with no validation of file t...
CVE-2022-50973
Yonyou KSOA 9.0 contains an unauthenticated arbitrary file upload vulnerability in the com.sksoft.bill.ImageUpload servlet that allows unauthenticated attackers to upload arbitrary files by submitting a POST request with attacker-controlled filepath and filename parameters without any...
EUVD-2024-55646
Redsea Cloud eHR contains an arbitrary file upload vulnerability that allows unauthenticated attackers to achieve remote code execution by uploading malicious files through the PtFjk.mob servlet endpoint. Attackers can submit a multipart POST request with a JSP webshell disguised using a spoofed...
CVE-2024-14037
CVE-2024-14037 describes an unauthenticated arbitrary file upload vulnerability in Redsea Cloud eHR via the PtFjk.mob servlet endpoint. An attacker can submit a multipart POST containing a JSP webshell disguised with a spoofed image/jpeg Content-Type, bypassing extension/MIME checks, resulting in...
CVE-2024-14037
Redsea Cloud eHR contains an arbitrary file upload vulnerability that allows unauthenticated attackers to achieve remote code execution by uploading malicious files through the PtFjk.mob servlet endpoint. Attackers can submit a multipart POST request with a JSP webshell disguised using a spoofed...
PT-2026-55262
Name of the Vulnerable Software and Affected Versions Yonyou KSOA version 9.0 Description An unauthenticated arbitrary file upload issue exists in the com.sksoft.bill.ImageUpload servlet. Unauthenticated attackers can upload arbitrary files by submitting a POST request to the endpoint without...
CVE-2026-57517
Control Web Panel before 0.9.8.1225 contains a blind SQL injection vulnerability that allows unauthenticated remote attackers to execute arbitrary SQL queries by submitting unsanitized input through the userRes POST parameter at the user endpoint. Attackers can exploit MySQL root privileges...
PT-2026-54885
Name of the Vulnerable Software and Affected Versions Control Web Panel versions prior to 0.9.8.1225 Description An unauthenticated remote attacker can execute arbitrary SQL queries due to improper input validation and unsafe SQL query construction. This issue occurs at the 'user' endpoint throug...
CVE-2026-54390
JTL Shop versions 5.2.0 through 5.7.1 contains a server-side template injection vulnerability that allows unauthenticated attackers to inject malicious template syntax due to unsanitized user-supplied input passed to the Smarty template engine. Attackers can exploit this flaw to read sensitive...
CVE-2026-54390 JTL Shop < 5.7.2 Server-Side Template Injection via Smarty Renderer
JTL Shop versions 5.2.0 through 5.7.1 contains a server-side template injection vulnerability that allows unauthenticated attackers to inject malicious template syntax due to unsanitized user-supplied input passed to the Smarty template engine. Attackers can exploit this flaw to read sensitive...