Total
2765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-0257 | 1 Online Food Ordering System Project | 1 Online Food Ordering System | 2024-05-17 | N/A | 9.8 CRITICAL |
| A vulnerability was found in SourceCodester Online Food Ordering System 2.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /fos/admin/index.php?page=menu of the component Menu Form. The manipulation of the argument Image with the input <?php system($_GET['c']); ?> leads to unrestricted upload. The attack can be launched remotely. The identifier VDB-218185 was assigned to this vulnerability. | |||||
| CVE-2023-0943 | 1 Best Pos Management System Project | 1 Best Pos Management System | 2024-05-17 | N/A | 8.8 HIGH |
| A vulnerability, which was classified as problematic, has been found in SourceCodester Best POS Management System 1.0. This issue affects the function save_settings of the file index.php?page=site_settings of the component Image Handler. The manipulation of the argument img with the input ../../shell.php leads to unrestricted upload. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-221591. | |||||
| CVE-2014-125104 | 1 Automattic | 1 Vaultpress | 2024-05-17 | N/A | 9.8 CRITICAL |
| A vulnerability was found in VaultPress Plugin up to 1.6.0 on WordPress. It has been declared as critical. Affected by this vulnerability is the function protect_aioseo_ajax of the file class.vaultpress-hotfixes.php of the component MailPoet Plugin. The manipulation leads to unrestricted upload. The attack can be launched remotely. Upgrading to version 1.6.1 is able to address this issue. The patch is named e3b92b14edca6291c5f998d54c90cbe98a1fb0e3. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-230263. | |||||
| CVE-2011-10004 | 1 Reciply Project | 1 Reciply | 2024-05-17 | N/A | 9.8 CRITICAL |
| A vulnerability was found in reciply Plugin up to 1.1.7 on WordPress. It has been rated as critical. This issue affects some unknown processing of the file uploadImage.php. The manipulation leads to unrestricted upload. The attack may be initiated remotely. Upgrading to version 1.1.8 is able to address this issue. The identifier of the patch is e3ff616dc08d3aadff9253f1085e13f677d0c676. It is recommended to upgrade the affected component. The identifier VDB-242189 was assigned to this vulnerability. | |||||
| CVE-2024-33006 | 2024-05-14 | N/A | N/A | ||
| An unauthenticated attacker can upload a malicious file to the server which when accessed by a victim can allow an attacker to completely compromise system. | |||||
| CVE-2024-34555 | 2024-05-14 | N/A | N/A | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in URBAN BASE Z-Downloads.This issue affects Z-Downloads: from n/a through 1.11.3. | |||||
| CVE-2024-31377 | 2024-05-14 | N/A | N/A | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in J.N. Breetvelt a.K.A. OpaJaap WP Photo Album Plus.This issue affects WP Photo Album Plus: from n/a through 8.7.01.001. | |||||
| CVE-2024-34411 | 2024-05-14 | N/A | N/A | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in Thomas Scholl canvasio3D Light.This issue affects canvasio3D Light: from n/a through 2.5.0. | |||||
| CVE-2024-34416 | 2024-05-14 | N/A | N/A | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in Pk Favicon Manager.This issue affects Pk Favicon Manager: from n/a through 2.1. | |||||
| CVE-2024-31115 | 2024-05-08 | N/A | N/A | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in QuanticaLabs Chauffeur Taxi Booking System for WordPress.This issue affects Chauffeur Taxi Booking System for WordPress: from n/a through 7.2. | |||||
| CVE-2024-32836 | 2024-04-24 | N/A | N/A | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in WP Lab WP-Lister Lite for eBay.This issue affects WP-Lister Lite for eBay: from n/a through 3.5.11. | |||||
| CVE-2024-32954 | 2024-04-24 | N/A | N/A | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in Tribulant Newsletters.This issue affects Newsletters: from n/a through 4.9.5. | |||||
| CVE-2022-30007 | 1 Gxcms Project | 1 Gxcms | 2024-04-23 | 6.5 MEDIUM | 7.2 HIGH |
| GXCMS V1.5 has a file upload vulnerability in the background. The vulnerability is the template management page. You can edit any template content and then rename to PHP suffix file, after calling PHP file can control the server. | |||||
| CVE-2023-44824 | 1 Oretnom23 | 1 Expense Management System | 2024-04-17 | N/A | 7.8 HIGH |
| An issue in Expense Management System v.1.0 allows a local attacker to execute arbitrary code via a crafted file uploaded to the sign-up.php component. | |||||
| CVE-2023-22937 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2024-04-10 | N/A | 4.3 MEDIUM |
| In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the lookup table upload feature let a user upload lookup tables with unnecessary filename extensions. Lookup table file extensions may now be one of the following only: .csv, .csv.gz, .kmz, .kml, .mmdb, or .mmdb.gzl. | |||||
| CVE-2024-31280 | 2024-04-08 | N/A | N/A | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in Andy Moyle Church Admin.This issue affects Church Admin: from n/a through 4.1.5. | |||||
| CVE-2024-31345 | 2024-04-08 | N/A | N/A | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in Sukhchain Singh Auto Poster.This issue affects Auto Poster: from n/a through 1.2. | |||||
| CVE-2024-31292 | 2024-04-08 | N/A | N/A | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in Moove Agency Import XML and RSS Feeds.This issue affects Import XML and RSS Feeds: from n/a through 2.1.5. | |||||
| CVE-2024-31114 | 2024-04-01 | N/A | N/A | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in biplob018 Shortcode Addons.This issue affects Shortcode Addons: from n/a through 3.2.5. | |||||
| CVE-2024-30533 | 2024-04-01 | N/A | N/A | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in Techeshta Layouts for Elementor.This issue affects Layouts for Elementor: from n/a before 1.8. | |||||