Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
Express-fileupload ProjectExpress-fileupload

3 matches found

CVE
CVEadded 2022/04/12 5:15 p.m.111 views

CVE-2022-27140

An arbitrary file upload vulnerability in the file upload module of express-fileupload 1.3.1 allows attackers to execute arbitrary code via a crafted PHP file. NOTE: the vendor's position is that the observed behavior can only occur with "intentional misusing of the API": the express-fileupload mid...

9.8CVSS9.6AI score0.00456EPSS
CVE
CVEadded 2022/04/12 5:15 p.m.107 views

CVE-2022-27261

An arbitrary file write vulnerability in Express-FileUpload v1.3.1 allows attackers to upload multiple files with the same name, causing an overwrite of files in the web application server.

7.5CVSS7.5AI score0.00586EPSS
CVE
CVEadded 2020/07/30 9:15 a.m.53 views

CVE-2020-7699

This affects the package express-fileupload before 1.1.8. If the parseNested option is enabled, sending a corrupt HTTP request can lead to denial of service or arbitrary code execution.

9.8CVSS8.8AI score0.04089EPSS