Total
2765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-8294 | 1 Feehi | 1 Feehicms | 2024-08-30 | N/A | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, was found in FeehiCMS up to 2.1.1. This affects the function update of the file /admin/index.php?r=friendly-link%2Fupdate. The manipulation of the argument FriendlyLink[image] leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-8295 | 1 Feehi | 1 Feehicms | 2024-08-30 | N/A | 9.8 CRITICAL |
| A vulnerability has been found in FeehiCMS up to 2.1.1 and classified as critical. This vulnerability affects the function createBanner of the file /admin/index.php?r=banner%2Fbanner-create. The manipulation of the argument BannerForm[img] leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-8296 | 1 Feehi | 1 Feehicms | 2024-08-30 | N/A | 9.8 CRITICAL |
| A vulnerability was found in FeehiCMS up to 2.1.1 and classified as critical. This issue affects the function insert of the file /admin/index.php?r=user%2Fcreate. The manipulation of the argument User[avatar] leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-6595 | 1 Gitlab | 1 Gitlab | 2024-08-30 | N/A | 5.3 MEDIUM |
| An issue was discovered in GitLab CE/EE affecting all versions starting from 11.8 prior to 16.11.6, starting from 17.0 prior to 17.0.4, and starting from 17.1 prior to 17.1.2 where it was possible to upload an NPM package with conflicting package data. | |||||
| CVE-2024-22550 | 1 Shopsite | 1 Shopsite | 2024-08-29 | N/A | 6.1 MEDIUM |
| An arbitrary file upload vulnerability in the component /alsdemo/ss/mediam.cgi of ShopSite v14.0 allows attackers to execute arbitrary code via uploading a crafted SVG file. | |||||
| CVE-2024-34913 | 1 Technocking | 1 R-pan-scaffolding | 2024-08-29 | N/A | 5.4 MEDIUM |
| An arbitrary file upload vulnerability in r-pan-scaffolding v5.0 and below allows attackers to execute arbitrary code via uploading a crafted PDF file. | |||||
| CVE-2023-48031 | 1 Opensupports | 1 Opensupports | 2024-08-29 | N/A | 9.8 CRITICAL |
| OpenSupports v4.11.0 is vulnerable to Unrestricted Upload of File with Dangerous Type. In the comment function, an attacker can bypass security restrictions and upload a .bat file by manipulating the file's magic bytes to masquerade as an allowed type. This can enable the attacker to execute arbitrary code or establish a reverse shell, leading to unauthorized file writes or control over the victim's station via a crafted file upload operation. | |||||
| CVE-2024-34906 | 1 Dootask | 1 Dootask | 2024-08-28 | N/A | 5.4 MEDIUM |
| An arbitrary file upload vulnerability in dootask v0.30.13 allows attackers to execute arbitrary code via uploading a crafted PDF file. | |||||
| CVE-2024-39717 | 1 Versa-networks | 1 Versa Director | 2024-08-28 | N/A | 7.2 HIGH |
| The Versa Director GUI provides an option to customize the look and feel of the user interface. This option is only available for a user logged with Provider-Data-Center-Admin or Provider-Data-Center-System-Admin. (Tenant level users do not have this privilege). The “Change Favicon” (Favorite Icon) option can be mis-used to upload a malicious file ending with .png extension to masquerade as image file. This is possible only after a user with Provider-Data-Center-Admin or Provider-Data-Center-System-Admin has successfully authenticated and logged in. | |||||
| CVE-2023-5524 | 1 M-files | 1 Web Companion | 2024-08-28 | N/A | 7.3 HIGH |
| Insufficient blacklisting in M-Files Web Companion before release version 23.10 and LTS Service Release Versions before 23.8 LTS SR1 allows Remote Code Execution via specific file types | |||||
| CVE-2024-8170 | 1 Rems | 1 Zipped Folder Manager App | 2024-08-27 | N/A | 9.8 CRITICAL |
| A vulnerability classified as problematic has been found in SourceCodester Zipped Folder Manager App 1.0. This affects an unknown part of the file /endpoint/add-folder.php. The manipulation of the argument folder leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-8089 | 1 Janobe | 1 E-commerce System | 2024-08-27 | N/A | 9.8 CRITICAL |
| A vulnerability was found in SourceCodester E-Commerce System 1.0. It has been classified as critical. Affected is an unknown function of the file /ecommerce/admin/products/controller.php. The manipulation of the argument photo leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-8166 | 1 Ruijie | 2 Eg2000k, Eg2000k Firmware | 2024-08-27 | N/A | 4.9 MEDIUM |
| A vulnerability has been found in Ruijie EG2000K 11.1(6)B2 and classified as critical. This vulnerability affects unknown code of the file /tool/index.php?c=download&a=save. The manipulation of the argument content leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-25674 | 1 Misp | 1 Misp | 2024-08-26 | N/A | 9.8 CRITICAL |
| An issue was discovered in MISP before 2.4.184. Organisation logo upload is insecure because of a lack of checks for the file extension and MIME type. | |||||
| CVE-2024-40318 | 1 Webkul | 1 Qloapps | 2024-08-26 | N/A | 7.2 HIGH |
| An arbitrary file upload vulnerability in Webkul Qloapps v1.6.0.0 allows attackers to execute arbitrary code via uploading a crafted file. | |||||
| CVE-2022-45171 | 1 Liveboxcloud | 1 Vdesk | 2024-08-26 | N/A | 8.8 HIGH |
| An issue was discovered in LIVEBOX Collaboration vDesk through v018. An Unrestricted Upload of a File with a Dangerous Type can occur under the vShare web site section. A remote user, authenticated to the product, can arbitrarily upload potentially dangerous files without restrictions. | |||||
| CVE-2024-6114 | 1 Janobe | 1 Monbela Tourist Inn Online Reservation System | 2024-08-23 | N/A | 9.8 CRITICAL |
| A vulnerability classified as critical has been found in itsourcecode Monbela Tourist Inn Online Reservation System up to 1.0. Affected is an unknown function of the file controller.php. The manipulation of the argument image leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-268866 is the identifier assigned to this vulnerability. | |||||
| CVE-2024-7329 | 1 Youdiancms | 1 Youdiancms | 2024-08-23 | N/A | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, was found in YouDianCMS 7. Affected is an unknown function of the file /Public/ckeditor/plugins/multiimage/dialogs/image_upload.php. The manipulation of the argument files leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-273252. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-42780 | 1 Lopalopa | 1 Music Management System | 2024-08-23 | N/A | 8.8 HIGH |
| An Unrestricted file upload vulnerability was found in "/music/ajax.php?action=save_genre" in Kashipara Music Management System v1.0. This allows attackers to execute arbitrary code via uploading a crafted PHP file. | |||||
| CVE-2024-42777 | 1 Lopalopa | 1 Music Management System | 2024-08-23 | N/A | 9.8 CRITICAL |
| An Unrestricted file upload vulnerability was found in "/music/ajax.php?action=signup" of Kashipara Music Management System v1.0, which allows attackers to execute arbitrary code via uploading a crafted PHP file. | |||||