Total
2765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-3804 | 1 Cdwanjiang | 1 Flash Flood Disaster Monitoring And Warning System | 2024-05-17 | N/A | 9.8 CRITICAL |
| A vulnerability classified as problematic was found in Chengdu Flash Flood Disaster Monitoring and Warning System 2.0. This vulnerability affects unknown code of the file /Service/FileHandler.ashx. The manipulation of the argument userFile leads to unrestricted upload. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-235072. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-3623 | 1 Istrong | 1 Mountain Flood Disaster Prevention Monitoring And Early Warning System | 2024-05-17 | N/A | 9.8 CRITICAL |
| A vulnerability was found in Suncreate Mountain Flood Disaster Prevention Monitoring and Early Warning System up to 20230704. It has been rated as critical. Affected by this issue is some unknown functionality of the file /Duty/AjaxHandle/UploadHandler.ashx of the component Duty Module. The manipulation of the argument Filedata leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-233576. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-3836 | 1 Dahuasecurity | 1 Smart Parking Management | 2024-05-17 | N/A | 9.8 CRITICAL |
| A vulnerability classified as critical was found in Dahua Smart Park Management up to 20230713. This vulnerability affects unknown code of the file /emap/devicePoint_addImgIco?hasSubsystem=true. The manipulation of the argument upload leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-235162 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-3796 | 1 Bugfinder | 1 Foody Friend | 2024-05-17 | N/A | 8.8 HIGH |
| A vulnerability, which was classified as problematic, has been found in Bug Finder Foody Friend 1.0. Affected by this issue is some unknown functionality of the file /user/profile of the component Profile Picture Handler. The manipulation of the argument profile_picture leads to unrestricted upload. The attack may be launched remotely. The identifier of this vulnerability is VDB-235064. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-3504 | 1 Smartweb Infotech Job Board Project | 1 Smartweb Infotech Job Board | 2024-05-17 | N/A | 9.8 CRITICAL |
| A vulnerability was found in SmartWeb Infotech Job Board 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /settings/account of the component My Profile Page. The manipulation of the argument filename leads to unrestricted upload. The attack may be launched remotely. The identifier of this vulnerability is VDB-232952. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-2738 | 1 Tongda2000 | 1 Tongda Office Anywhere | 2024-05-17 | N/A | 9.8 CRITICAL |
| A vulnerability classified as critical has been found in Tongda OA 11.10. This affects the function actionGetdata of the file GatewayController.php. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-229149 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-2523 | 1 E-office | 1 E-office | 2024-05-17 | N/A | 9.8 CRITICAL |
| A vulnerability was found in Weaver E-Office 9.5. It has been rated as critical. Affected by this issue is some unknown functionality of the file App/Ajax/ajax.php?action=mobile_upload_save. The manipulation of the argument upload_quwan leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-228014 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-2888 | 1 Phpok | 1 Phpok | 2024-05-17 | N/A | 8.8 HIGH |
| A vulnerability, which was classified as problematic, was found in PHPOK 6.4.100. This affects an unknown part of the file /admin.php?c=upload&f=zip&_noCache=0.1683794968. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The identifier VDB-229953 was assigned to this vulnerability. | |||||
| CVE-2023-2924 | 1 Supcontech | 2 Simfield, Simfield Firmware | 2024-05-17 | N/A | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, has been found in Supcon SimField up to 1.80.00.00. Affected by this issue is some unknown functionality of the file /admin/reportupload.aspx. The manipulation of the argument files[] leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-230078 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-2776 | 1 Simple Photo Gallery Project | 1 Simple Photo Gallery | 2024-05-17 | N/A | 9.8 CRITICAL |
| A vulnerability was found in code-projects Simple Photo Gallery 1.0. It has been declared as critical. This vulnerability affects unknown code. The manipulation leads to unrestricted upload. The attack can be initiated remotely. VDB-229282 is the identifier assigned to this vulnerability. | |||||
| CVE-2023-2648 | 1 Weaver | 1 E-office | 2024-05-17 | N/A | 9.8 CRITICAL |
| A vulnerability was found in Weaver E-Office 9.5. It has been classified as critical. This affects an unknown part of the file /inc/jquery/uploadify/uploadify.php. The manipulation of the argument Filedata leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-228777 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-2419 | 1 Crmeb | 1 Crmeb | 2024-05-17 | N/A | 7.2 HIGH |
| A vulnerability was found in Zhong Bang CRMEB 4.6.0. It has been declared as critical. This vulnerability affects the function videoUpload of the file \crmeb\app\services\system\attachment\SystemAttachmentServices.php. The manipulation of the argument filename leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-227716. | |||||
| CVE-2023-2424 | 1 Dedecms | 1 Dedecms | 2024-05-17 | N/A | 8.8 HIGH |
| A vulnerability was found in DedeCMS 5.7.106 and classified as critical. Affected by this issue is the function UpDateMemberModCache of the file uploads/dede/config.php. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-227750 is the identifier assigned to this vulnerability. | |||||
| CVE-2023-2246 | 1 Online Pizza Ordering System Project | 1 Online Pizza Ordering System | 2024-05-17 | N/A | 9.8 CRITICAL |
| A vulnerability has been found in SourceCodester Online Pizza Ordering System 1.0 and classified as critical. This vulnerability affects unknown code of the file admin/ajax.php?action=save_settings. The manipulation of the argument img leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-227236. | |||||
| CVE-2023-1497 | 1 Simple And Nice Shopping Cart Script Project | 1 Simple And Nice Shopping Cart Script | 2024-05-17 | N/A | 9.8 CRITICAL |
| A vulnerability was found in SourceCodester Simple and Nice Shopping Cart Script 1.0. It has been rated as critical. This issue affects some unknown processing of the file uploaderm.php. The manipulation of the argument submit leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-223397 was assigned to this vulnerability. | |||||
| CVE-2023-1684 | 1 Hadsky | 1 Hadsky | 2024-05-17 | N/A | 9.8 CRITICAL |
| A vulnerability was found in HadSky 7.7.16. It has been classified as problematic. This affects an unknown part of the file upload/index.php?c=app&a=superadmin:index. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-224241 was assigned to this vulnerability. | |||||
| CVE-2023-1484 | 1 Xzjie Cms Project | 1 Xzjie Cms | 2024-05-17 | N/A | 9.8 CRITICAL |
| A vulnerability was found in xzjie cms up to 1.0.3 and classified as critical. This issue affects some unknown processing of the file /api/upload. The manipulation of the argument uploadFile leads to unrestricted upload. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-223367. | |||||
| CVE-2023-1391 | 1 Online Tours \& Travels Management System Project | 1 Online Tours \& Travels Management System | 2024-05-17 | N/A | 9.8 CRITICAL |
| A vulnerability, which was classified as problematic, was found in SourceCodester Online Tours & Travels Management System 1.0. Affected is an unknown function of the file admin/ab.php. The manipulation of the argument img leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-222978 is the identifier assigned to this vulnerability. | |||||
| CVE-2023-1415 | 1 Code-projects | 1 Simple Art Gallery | 2024-05-17 | N/A | 8.8 HIGH |
| A vulnerability was found in Simple Art Gallery 1.0. It has been declared as critical. This vulnerability affects the function sliderPicSubmit of the file adminHome.php. The manipulation leads to unrestricted upload. The attack can be initiated remotely. VDB-223126 is the identifier assigned to this vulnerability. | |||||
| CVE-2023-1744 | 1 Ibos | 1 Ibos | 2024-05-17 | N/A | 8.8 HIGH |
| A vulnerability classified as critical was found in IBOS 4.5.5. This vulnerability affects unknown code of the component htaccess Handler. The manipulation leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-224632. | |||||