Total
2765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-8746 | 1 Filemanagerpro | 1 File Manager | 2024-10-17 | N/A | 8.8 HIGH |
| The File Manager Pro plugin for WordPress is vulnerable to arbitrary backup file downloads and uploads due to missing file type validation via the 'mk_file_folder_manager_shortcode' ajax action in all versions up to, and including, 8.3.9. This makes it possible for unauthenticated attackers, if granted access to the File Manager by an administrator, to download and upload arbitrary backup files on the affected site's server which may make remote code execution possible. | |||||
| CVE-2024-9981 | 1 Formosasoft | 1 Ee-class | 2024-10-17 | N/A | 8.8 HIGH |
| The ee-class from FormosaSoft does not properly validate a specific page parameter, allowing remote attackers with regular privileges to upload a malicious PHP file first and then exploit this vulnerability to include the file, resulting in arbitrary code execution on the server. | |||||
| CVE-2024-9816 | 1 Codezips | 1 Tourist Management System | 2024-10-17 | N/A | 7.2 HIGH |
| A vulnerability was found in Codezips Tourist Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/change-image.php. The manipulation of the argument packageimage leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-9815 | 1 Codezips | 1 Tourist Management System | 2024-10-17 | N/A | 7.2 HIGH |
| A vulnerability has been found in Codezips Tourist Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/create-package.php. The manipulation of the argument packageimage leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-5278 | 1 Gaizhenbiao | 1 Chuanhuchatgpt | 2024-10-17 | N/A | 6.1 MEDIUM |
| gaizhenbiao/chuanhuchatgpt is vulnerable to an unrestricted file upload vulnerability due to insufficient validation of uploaded file types in its `/upload` endpoint. Specifically, the `handle_file_upload` function does not sanitize or validate the file extension or content type of uploaded files, allowing attackers to upload files with arbitrary extensions, including HTML files containing XSS payloads and Python files. This vulnerability, present in the latest version as of 20240310, could lead to stored XSS attacks and potentially result in remote code execution (RCE) on the server hosting the application. | |||||
| CVE-2024-9985 | 1 Ragic | 1 Enterprise Cloud Database | 2024-10-16 | N/A | 9.8 CRITICAL |
| Enterprise Cloud Database from Ragic does not properly validate the file type for uploads. Attackers with regular privileges can upload a webshell and use it to execute arbitrary code on the remote server. | |||||
| CVE-2021-4443 | 2024-10-16 | N/A | 9.8 CRITICAL | ||
| The WordPress Mega Menu plugin for WordPress is vulnerable to Arbitrary File Creation in versions up to, and including, 2.0.6 via the compiler_save AJAX action. This makes it possible for unauthenticated attackers to create arbitrary PHP files that can be used to execute malicious code. | |||||
| CVE-2024-48034 | 2024-10-16 | N/A | N/A | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in Fliperrr Team Creates 3D Flipbook, PDF Flipbook allows Upload a Web Shell to a Web Server.This issue affects Creates 3D Flipbook, PDF Flipbook: from n/a through 1.2. | |||||
| CVE-2024-48027 | 2024-10-16 | N/A | N/A | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in xaraartech External featured image from bing allows Upload a Web Shell to a Web Server.This issue affects External featured image from bing: from n/a through 1.0.2. | |||||
| CVE-2024-49242 | 2024-10-16 | N/A | N/A | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in Shafiq Digital Lottery allows Upload a Web Shell to a Web Server.This issue affects Digital Lottery: from n/a through 3.0.5. | |||||
| CVE-2024-48035 | 2024-10-16 | N/A | N/A | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in Takayuki Imanishi ACF Images Search And Insert allows Upload a Web Shell to a Web Server.This issue affects ACF Images Search And Insert: from n/a through 1.1.4. | |||||
| CVE-2024-49260 | 2024-10-16 | N/A | N/A | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in Limb WordPress Gallery Plugin – Limb Image Gallery allows Code Injection.This issue affects WordPress Gallery Plugin – Limb Image Gallery: from n/a through 1.5.7. | |||||
| CVE-2024-47649 | 2024-10-16 | N/A | N/A | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in THATplugin Iconize.This issue affects Iconize: from n/a through 1.2.4. | |||||
| CVE-2024-47655 | 1 Shilpisoft | 1 Client Dashboard | 2024-10-16 | N/A | 8.8 HIGH |
| This vulnerability exists in the Shilpi Client Dashboard due to improper validation of files being uploaded other than the specified extension. An authenticated remote attacker could exploit this vulnerability by uploading malicious file, which could lead to remote code execution on targeted application. | |||||
| CVE-2024-9975 | 1 Rems | 1 Drag And Drop Image Upload | 2024-10-16 | N/A | 8.8 HIGH |
| A vulnerability was found in SourceCodester Drag and Drop Image Upload 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /upload.php. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2022-41217 | 1 Hybridsoftware | 1 Cloudflow | 2024-10-16 | N/A | 9.8 CRITICAL |
| Cloudflow contains a unauthenticated file upload vulnerability, which makes it possible for an attacker to upload malicious files to the CLOUDFLOW PROOFSCOPE built-in storage. | |||||
| CVE-2022-24387 | 1 Smartertools | 1 Smartertrack | 2024-10-16 | 6.5 MEDIUM | 7.2 HIGH |
| With administrator or admin privileges the application can be tricked into overwriting files in app_data/Config folder, e.g. the systemsettings.xml file. THis is possible in SmarterTrack v100.0.8019.14010 | |||||
| CVE-2024-9794 | 1 Codezips | 1 Online Shopping Portal | 2024-10-15 | N/A | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, has been found in Codezips Online Shopping Portal 1.0. This issue affects some unknown processing of the file /update-image1.php. The manipulation of the argument productimage1 leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2023-31231 | 1 Unlimited-elements | 1 Unlimited Elements For Elementor | 2024-10-14 | N/A | 6.5 MEDIUM |
| Unrestricted Upload of File with Dangerous Type vulnerability in Unlimited Elements Unlimited Elements For Elementor (Free Widgets, Addons, Templates).This issue affects Unlimited Elements For Elementor (Free Widgets, Addons, Templates): from n/a through 1.5.65. | |||||
| CVE-2023-3295 | 1 Unlimited-elements | 1 Unlimited Elements For Elementor | 2024-10-14 | N/A | 8.8 HIGH |
| The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) for WordPress is vulnerable to arbitrary file uploads due to missing file type validation of files in the file manager functionality in versions up to, and including, 1.5.66 . This makes it possible for authenticated attackers, with contributor-level permissions and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. The issue was partially patched in version 1.5.66 and fully patched in 1.5.67. CVE-2023-31231 appears to be a duplicate of this issue. | |||||