Total
2765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-23564 | 1 Sem-cms | 1 Semcms | 2023-08-09 | N/A | 7.2 HIGH |
| File Upload vulnerability in SEMCMS 3.9 allows remote attackers to run arbitrary code via SEMCMS_Upfile.php. | |||||
| CVE-2023-4159 | 1 Omeka | 1 Omeka S | 2023-08-09 | N/A | 8.8 HIGH |
| Unrestricted Upload of File with Dangerous Type in GitHub repository omeka/omeka-s prior to 4.0.3. | |||||
| CVE-2023-38330 | 1 Oxid-esales | 1 Eshop | 2023-08-08 | N/A | 5.3 MEDIUM |
| OXID eShop Enterprise Edition 6.5.0 – 6.5.2 before 6.5.3 allows uploading files with modified headers in the administration area. An attacker can upload a file with a modified header to create a HTTP Response Splitting attack. | |||||
| CVE-2021-41421 | 1 Maianmedia | 1 Maianaffiliate | 2023-08-08 | 3.5 LOW | 4.8 MEDIUM |
| A PHP code injection vulnerability in MaianAffiliate v.1.0 allows an authenticated attacker to gain RCE through the MaianAffiliate admin panel. | |||||
| CVE-2023-36298 | 1 Dedecms | 1 Dedecms | 2023-08-07 | N/A | 8.8 HIGH |
| DedeCMS v5.7.109 has a File Upload vulnerability, leading to remote code execution (RCE). | |||||
| CVE-2023-36299 | 1 Typecho | 1 Typecho | 2023-08-07 | N/A | 8.8 HIGH |
| A File Upload vulnerability in typecho v.1.2.1 allows a remote attacker to execute arbitrary code via the upload and options-general parameters in index.php. | |||||
| CVE-2023-36212 | 1 Totalcms | 1 Total Cms | 2023-08-05 | N/A | 8.8 HIGH |
| File Upload vulnerability in Total CMS v.1.7.4 allows a remote attacker to execute arbitrary code via a crafted PHP file to the edit page function. | |||||
| CVE-2018-19422 | 1 Intelliants | 1 Subrion Cms | 2023-08-04 | 6.5 MEDIUM | 7.2 HIGH |
| /panel/uploads in Subrion CMS 4.2.1 allows remote attackers to execute arbitrary PHP code via a .pht or .phar file, because the .htaccess file omits these. | |||||
| CVE-2023-33493 | 1 Ajaxmanager Project | 1 Ajaxmanager | 2023-08-04 | N/A | 9.8 CRITICAL |
| An Unrestricted Upload of File with Dangerous Type vulnerability in the Ajaxmanager File and Database explorer (ajaxmanager) module for PrestaShop through 2.3.0, allows remote attackers to upload dangerous files without restrictions. | |||||
| CVE-2023-39147 | 1 Webkul | 1 Uvdesk | 2023-08-04 | N/A | 7.8 HIGH |
| An arbitrary file upload vulnerability in Uvdesk 1.1.3 allows attackers to execute arbitrary code via uploading a crafted image file. | |||||
| CVE-2023-32225 | 1 Sysaid | 1 Sysaid On-premises | 2023-08-03 | N/A | 7.2 HIGH |
| Sysaid - CWE-434: Unrestricted Upload of File with Dangerous Type - A malicious user with administrative privileges may be able to upload a dangerous filetype via an unspecified method. | |||||
| CVE-2023-2712 | 1 Rental Module Project | 1 Rental Module | 2023-08-02 | N/A | 9.8 CRITICAL |
| Unrestricted Upload of File with Dangerous Type vulnerability in "Rental Module" developed by third-party for Ideasoft's E-commerce Platform allows Command Injection, Using Malicious Files, Upload a Web Shell to a Web Server.This issue affects Rental Module: before 23.05.15. | |||||
| CVE-2023-3049 | 1 Tmtmakine | 2 Lockcell, Lockcell Firmware | 2023-08-02 | N/A | 9.8 CRITICAL |
| Unrestricted Upload of File with Dangerous Type vulnerability in TMT Lockcell allows Command Injection.This issue affects Lockcell: before 15. | |||||
| CVE-2023-37677 | 1 Pligg | 1 Pligg Cms | 2023-08-02 | N/A | 9.8 CRITICAL |
| Pligg CMS v2.0.2 (also known as Kliqqi) was discovered to contain a remote code execution (RCE) vulnerability in the component admin_editor.php. | |||||
| CVE-2022-28863 | 1 Nokia | 1 Netact | 2023-08-02 | N/A | 8.8 HIGH |
| An issue was discovered in Nokia NetAct 22. A remote user, authenticated to the website, can visit the Site Configuration Tool section and arbitrarily upload potentially dangerous files without restrictions via the /netact/sct dir parameter in conjunction with the operation=upload value. | |||||
| CVE-2023-34798 | 1 Weaver | 1 E-office | 2023-08-01 | N/A | 9.8 CRITICAL |
| An arbitrary file upload vulnerability in eoffice before v9.5 allows attackers to execute arbitrary code via uploading a crafted file. | |||||
| CVE-2022-46899 | 1 Vocera | 2 Report Server, Voice Server | 2023-08-01 | N/A | 7.5 HIGH |
| An issue was discovered in Vocera Report Server and Voice Server 5.x through 5.8. There is Arbitrary File Upload. The BaseController class, that each of the service controllers derives from, allows for the upload of arbitrary files. If the HTTP request is a multipart/form-data POST request, any parameters with a filename entry will have their content written to a file in the Vocera upload-staging directory with the specified filename in the parameter. | |||||
| CVE-2023-3486 | 1 Papercut | 2 Papercut Mf, Papercut Ng | 2023-07-31 | N/A | 7.5 HIGH |
| An authentication bypass exists in PaperCut NG versions 22.0.12 and prior that could allow a remote, unauthenticated attacker to upload arbitrary files to the PaperCut NG host’s file storage. This could exhaust system resources and prevent the service from operating as expected. | |||||
| CVE-2023-37629 | 1 Simple Online Piggery Management System Project | 1 Simple Online Piggery Management System | 2023-07-31 | N/A | 9.8 CRITICAL |
| Online Piggery Management System 1.0 is vulnerable to File Upload. An unauthenticated user can upload a php file by sending a POST request to "add-pig.php." | |||||
| CVE-2023-37289 | 1 Infodoc | 1 Document On-line Submission And Approval System | 2023-07-28 | N/A | 9.8 CRITICAL |
| It is identified a vulnerability of Unrestricted Upload of File with Dangerous Type in the file uploading function in InfoDoc Document On-line Submission and Approval System, which allows an unauthenticated remote attacker can exploit this vulnerability without logging system to upload and run arbitrary executable files to perform arbitrary system commands or disrupt service. This issue affects Document On-line Submission and Approval System: 22547, 22567. | |||||