Total
2765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-40550 | 1 Publiccms | 1 Publiccms | 2024-08-01 | N/A | 8.8 HIGH |
| An arbitrary file upload vulnerability in the component /admin/cmsTemplate/savePlaceMetaData of Public CMS v.4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file. | |||||
| CVE-2024-40548 | 1 Publiccms | 1 Publiccms | 2024-08-01 | N/A | 8.8 HIGH |
| An arbitrary file upload vulnerability in the component /admin/cmsTemplate/save of PublicCMS v4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file. | |||||
| CVE-2024-40546 | 1 Publiccms | 1 Publiccms | 2024-08-01 | N/A | 8.8 HIGH |
| An arbitrary file upload vulnerability in the component /admin/cmsWebFile/save of PublicCMS v4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file. | |||||
| CVE-2024-40551 | 1 Publiccms | 1 Publiccms | 2024-08-01 | N/A | 8.8 HIGH |
| An arbitrary file upload vulnerability in the component /admin/cmsTemplate/doUpload of PublicCMS v4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file. | |||||
| CVE-2024-3112 | 1 Bestwebsoft | 1 Quotes And Tips | 2024-08-01 | N/A | 4.8 MEDIUM |
| The Quotes and Tips by BestWebSoft WordPress plugin before 1.45 does not properly validate image files uploaded, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to (for example in multisite setup) | |||||
| CVE-2023-46808 | 1 Ivanti | 1 Neurons For Itsm | 2024-08-01 | N/A | 9.9 CRITICAL |
| An file upload vulnerability in Ivanti ITSM before 2023.4, allows an authenticated remote user to perform file writes to the server. Successful exploitation may lead to execution of commands in the context of non-root user. | |||||
| CVE-2023-38947 | 1 Wbce | 1 Wbce Cms | 2024-08-01 | N/A | 7.2 HIGH |
| An arbitrary file upload vulnerability in the /languages/install.php component of WBCE CMS v1.6.1 allows attackers to execute arbitrary code via a crafted PHP file. | |||||
| CVE-2021-4436 | 1 Wp3dprinting | 1 3dprint Lite | 2024-08-01 | N/A | 9.8 CRITICAL |
| The 3DPrint Lite WordPress plugin before 1.9.1.5 does not have any authorisation and does not check the uploaded file in its p3dlite_handle_upload AJAX action , allowing unauthenticated users to upload arbitrary file to the web server. However, there is a .htaccess, preventing the file to be accessed on Web servers such as Apache. | |||||
| CVE-2024-6801 | 1 Online Student Management System Project | 1 Online Student Management System | 2024-07-19 | N/A | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, has been found in SourceCodester Online Student Management System 1.0. This issue affects some unknown processing of the file /add-students.php. The manipulation of the argument image leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-271703. | |||||
| CVE-2024-27311 | 1 Zohocorp | 1 Manageengine Ddi Central | 2024-07-18 | N/A | 8.8 HIGH |
| Zohocorp ManageEngine DDI Central versions 4001 and prior were vulnerable to directory traversal vulnerability which allows the user to upload new files to the server folder. | |||||
| CVE-2024-37555 | 1 Zealousweb | 1 Generate Pdf Using Contact Form 7 | 2024-07-17 | N/A | 9.8 CRITICAL |
| Unrestricted Upload of File with Dangerous Type vulnerability in ZealousWeb Generate PDF using Contact Form 7.This issue affects Generate PDF using Contact Form 7: from n/a through 4.0.6. | |||||
| CVE-2024-5441 | 1 Webnus | 2 Modern Events Calendar, Modern Events Calendar Lite | 2024-07-15 | N/A | 8.8 HIGH |
| The Modern Events Calendar plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the set_featured_image function in all versions up to, and including, 7.11.0. This makes it possible for authenticated attackers, with subscriber access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. The plugin allows administrators (via its settings) to extend the ability to submit events to unauthenticated users, which would allow unauthenticated attackers to exploit this vulnerability. | |||||
| CVE-2024-6730 | 2024-07-15 | N/A | N/A | ||
| A vulnerability was found in Nanjing Xingyuantu Technology SparkShop up to 1.1.6. It has been rated as critical. This issue affects some unknown processing of the file /api/Common/uploadFile. The manipulation of the argument file leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-271403. | |||||
| CVE-2024-38734 | 2024-07-12 | N/A | N/A | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in SpreadsheetConverter Import Spreadsheets from Microsoft Excel allows Code Injection.This issue affects Import Spreadsheets from Microsoft Excel: from n/a through 10.1.4. | |||||
| CVE-2024-38736 | 2024-07-12 | N/A | N/A | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in Realtyna Realtyna Organic IDX plugin allows Code Injection.This issue affects Realtyna Organic IDX plugin: from n/a through 4.14.13. | |||||
| CVE-2023-5604 | 1 Asgaros | 1 Asgaros Forum | 2024-07-12 | N/A | 9.8 CRITICAL |
| The Asgaros Forum WordPress plugin before 2.7.1 allows forum administrators, who may not be WordPress (super-)administrators, to set insecure configuration that allows unauthenticated users to upload dangerous files (e.g. .php, .phtml), potentially leading to remote code execution. | |||||
| CVE-2024-27903 | 1 Openvpn | 1 Openvpn | 2024-07-11 | N/A | 9.8 CRITICAL |
| OpenVPN plug-ins on Windows with OpenVPN 2.6.9 and earlier could be loaded from any directory, which allows an attacker to load an arbitrary plug-in which can be used to interact with the privileged OpenVPN interactive service. | |||||
| CVE-2024-37418 | 2024-07-09 | N/A | N/A | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in Andy Moyle Church Admin allows Upload a Web Shell to a Web Server.This issue affects Church Admin: from n/a through 4.4.6. | |||||
| CVE-2024-37420 | 2024-07-09 | N/A | N/A | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in WPZita Zita Elementor Site Library allows Upload a Web Shell to a Web Server.This issue affects Zita Elementor Site Library: from n/a through 1.6.1. | |||||
| CVE-2024-34110 | 1 Adobe | 3 Commerce, Commerce Webhooks, Magento | 2024-07-09 | N/A | 7.2 HIGH |
| Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in arbitrary code execution. A high-privilege attacker could exploit this vulnerability by uploading a malicious file to the system, which could then be executed. Exploitation of this issue does not require user interaction. | |||||