Total
2765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-3944 | 1 Erp Project | 1 Erp | 2023-11-07 | N/A | 8.8 HIGH |
| A vulnerability was found in jerryhanjj ERP. It has been declared as critical. Affected by this vulnerability is the function uploadImages of the file application/controllers/basedata/inventory.php of the component Commodity Management. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-213451. | |||||
| CVE-2022-40721 | 1 Creativedream File Uploader Project | 1 Creativedream File Uploader | 2023-11-07 | N/A | 9.8 CRITICAL |
| Arbitrary file upload vulnerability in php uploader | |||||
| CVE-2022-3771 | 1 Easyiicms | 1 Easyiicms | 2023-11-07 | N/A | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, has been found in easyii CMS. This issue affects the function file of the file helpers/Upload.php of the component File Upload Management. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The identifier VDB-212501 was assigned to this vulnerability. | |||||
| CVE-2022-3682 | 1 Hitachienergy | 1 Sdm600 | 2023-11-07 | N/A | 8.8 HIGH |
| A vulnerability exists in the SDM600 file permission validation. An attacker could exploit the vulnerability by gaining access to the system and uploading a specially crafted message to the system node, which could result in Arbitrary code Executing. This issue affects: All SDM600 versions prior to version 1.2 FP3 HF4 (Build Nr. 1.2.23000.291) List of CPEs: * cpe:2.3:a:hitachienergy:sdm600:1.0:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.1:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.9002.257:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.10002.257:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.11002.149:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.12002.222:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.13002.72:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.44:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.92:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.108:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.182:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.257:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.342:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.447:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.481:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.506:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.566:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.20000.3174:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.21000.291:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.21000.931:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.21000.105:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.23000.291:*:*:*:*:*:*:* | |||||
| CVE-2022-38140 | 1 Squirrly | 1 Seo Plugin By Squirrly Seo | 2023-11-07 | N/A | 8.8 HIGH |
| Auth. (contributor+) Arbitrary File Upload in SEO Plugin by Squirrly SEO plugin <= 12.1.10 on WordPress. | |||||
| CVE-2022-29651 | 1 Online Food Ordering System Project | 1 Online Food Ordering System | 2023-11-07 | 6.5 MEDIUM | 7.2 HIGH |
| An arbitrary file upload vulnerability in the Select Image function of Online Food Ordering System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. | |||||
| CVE-2022-28223 | 1 Tekon | 16 Kio, Kio-1m, Kio-1m Firmware and 13 more | 2023-11-07 | 9.0 HIGH | 7.2 HIGH |
| Tekon KIO devices through 2022-03-30 allow an authenticated admin user to escalate privileges to root by uploading a malicious Lua plugin. | |||||
| CVE-2022-1565 | 1 Wpallimport | 1 Wp All Import | 2023-11-07 | N/A | 7.2 HIGH |
| The plugin WP All Import is vulnerable to arbitrary file uploads due to missing file type validation via the wp_all_import_get_gz.php file in versions up to, and including, 3.6.7. This makes it possible for authenticated attackers, with administrator level permissions and above, to upload arbitrary files on the affected sites server which may make remote code execution possible. | |||||
| CVE-2021-4354 | 1 Magazine3 | 1 Pwa For Wp \& Amp | 2023-11-07 | N/A | 8.8 HIGH |
| The PWA for WP & AMP for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the pwaforwp_splashscreen_uploader function in versions up to, and including, 1.7.32. This makes it possible for authenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible. | |||||
| CVE-2021-4382 | 1 Recently Project | 1 Recently | 2023-11-07 | N/A | 8.8 HIGH |
| The Recently plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the fetch_external_image() function in versions up to, and including, 3.0.4. This makes it possible for authenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. | |||||
| CVE-2021-42123 | 1 Businessdnasolutions | 1 Topease | 2023-11-07 | 6.5 MEDIUM | 8.8 HIGH |
| Unrestricted File Upload in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 in the File Upload Functions allows an authenticated remote attacker with Upload privileges to upload files with any file type, enabling client-side attacks. | |||||
| CVE-2021-41231 | 1 Openmage | 1 Magento | 2023-11-07 | N/A | 7.2 HIGH |
| OpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and 20.0.19, an administrator with the permissions to upload files via DataFlow and to create products was able to execute arbitrary code via the convert profile. Versions 19.4.22 and 20.0.19 contain a patch for this issue. | |||||
| CVE-2021-37608 | 1 Apache | 1 Ofbiz | 2023-11-07 | 7.5 HIGH | 9.8 CRITICAL |
| Unrestricted Upload of File with Dangerous Type vulnerability in Apache OFBiz allows an attacker to execute remote commands. This issue affects Apache OFBiz version 17.12.07 and prior versions. Upgrade to at least 17.12.08 or apply patches at https://issues.apache.org/jira/browse/OFBIZ-12297. | |||||
| CVE-2021-34551 | 3 Fedoraproject, Microsoft, Phpmailer Project | 3 Fedora, Windows, Phpmailer | 2023-11-07 | 5.1 MEDIUM | 8.1 HIGH |
| PHPMailer before 6.5.0 on Windows allows remote code execution if lang_path is untrusted data and has a UNC pathname. | |||||
| CVE-2021-24248 | 1 Strategy11 | 1 Business Directory Plugin - Easy Listing Directories | 2023-11-07 | 6.5 MEDIUM | 7.2 HIGH |
| The Business Directory Plugin – Easy Listing Directories for WordPress WordPress plugin before 5.11.1 did not properly check for imported files, forbidding certain extension via a blacklist approach, allowing administrator to import an archive with a .php4 inside for example, leading to RCE | |||||
| CVE-2021-21014 | 1 Magento | 1 Magento | 2023-11-07 | 6.5 MEDIUM | N/A |
| Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to a file upload restriction bypass. Successful exploitation could lead to arbitrary code execution by an authenticated attacker. Access to the admin console is required for successful exploitation. | |||||
| CVE-2021-20104 | 1 Machform | 1 Machform | 2023-11-07 | 6.8 MEDIUM | 8.1 HIGH |
| Machform prior to version 16 is vulnerable to unauthenticated remote code execution due to insufficient sanitization of file attachments uploaded with forms through upload.php. | |||||
| CVE-2020-8181 | 1 Nextcloud | 1 Contacts | 2023-11-07 | 4.0 MEDIUM | 4.3 MEDIUM |
| A missing file type check in Nextcloud Contacts 3.2.0 allowed a malicious user to upload any file as avatars. | |||||
| CVE-2020-7302 | 1 Mcafee | 1 Data Loss Prevention | 2023-11-07 | 5.5 MEDIUM | 6.4 MEDIUM |
| Unrestricted Upload of File with Dangerous Type in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.5.3 allows authenticated attackers to upload malicious files to the DLP case management section via lack of sanity checking. | |||||
| CVE-2020-5188 | 1 Dnnsoftware | 1 Dotnetnuke | 2023-11-07 | 4.0 MEDIUM | 6.5 MEDIUM |
| DNN (formerly DotNetNuke) through 9.4.4 has Insecure Permissions. | |||||