Total
2765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-36388 | 1 Civicrm | 1 Civicrm | 2023-02-03 | 6.5 MEDIUM | 8.8 HIGH |
| In CiviCRM before 5.21.3 and 5.22.x through 5.24.x before 5.24.3, users may be able to upload and execute a crafted PHAR archive. | |||||
| CVE-2018-3832 | 1 Insteon | 2 Hub 2245-222, Hub 2245-222 Firmware | 2023-02-03 | 8.5 HIGH | 9.0 CRITICAL |
| An exploitable firmware update vulnerability exists in Insteon Hub running firmware version 1013. The HTTP server allows for uploading arbitrary MPFS binaries that could be modified to enable access to hidden resources which allow for uploading unsigned firmware images to the device. To trigger this vulnerability, an attacker can upload an MPFS binary via the '/mpfsupload' HTTP form and later on upload the firmware via a POST request to 'firmware.htm'. | |||||
| CVE-2021-26642 | 2 Microsoft, Xpressengine | 2 Windows, Xpressengine | 2023-02-02 | N/A | 9.8 CRITICAL |
| When uploading an image file to a bulletin board developed with XpressEngine, a vulnerability in which an arbitrary file can be uploaded due to insufficient verification of the file. A remote attacker can use this vulnerability to execute arbitrary code on the server where the bulletin board is running. | |||||
| CVE-2021-3120 | 1 Yithemes | 1 Yith Woocommerce Gift Cards | 2023-02-01 | 10.0 HIGH | 9.8 CRITICAL |
| An arbitrary file upload vulnerability in the YITH WooCommerce Gift Cards Premium plugin before 3.3.1 for WordPress allows remote attackers to achieve remote code execution on the operating system in the security context of the web server. In order to exploit this vulnerability, an attacker must be able to place a valid Gift Card product into the shopping cart. An uploaded file is placed at a predetermined path on the web server with a user-specified filename and extension. This occurs because the ywgc-upload-picture parameter can have a .php value even though the intention was to only allow uploads of Gift Card images. | |||||
| CVE-2018-3758 | 1 Express-cart Project | 1 Express-cart | 2023-01-30 | 9.0 HIGH | 8.8 HIGH |
| Unrestricted file upload (RCE) in express-cart module before 1.1.7 allows a privileged user to gain access in the hosting machine. | |||||
| CVE-2015-3884 | 1 Qdpm | 1 Qdpm | 2023-01-27 | 6.5 MEDIUM | 8.8 HIGH |
| Unrestricted file upload vulnerability in the (1) myAccount, (2) projects, (3) tasks, (4) tickets, (5) discussions, (6) reports, and (7) scheduler pages in qdPM 8.3 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in uploads/attachments/ or uploads/users/. | |||||
| CVE-2019-13359 | 1 Control-webpanel | 1 Webpanel | 2023-01-24 | 8.5 HIGH | 7.5 HIGH |
| In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.836, a cwpsrv-xxx cookie allows a normal user to craft and upload a session file to the /tmp directory, and use it to become the root user. | |||||
| CVE-2022-42287 | 1 Nvidia | 2 Bmc, Dgx A100 | 2023-01-24 | N/A | 7.8 HIGH |
| NVIDIA BMC contains a vulnerability in IPMI handler, where an authorized attacker can upload and download arbitrary files under certain circumstances, which may lead to denial of service, escalation of privileges, information disclosure and data tampering. | |||||
| CVE-2020-15645 | 1 Marvell | 1 Qconvergeconsole | 2023-01-24 | 9.0 HIGH | 8.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole 5.5.0.64. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the getFileFromURL method of the GWTTestServiceImpl class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-10553. | |||||
| CVE-2022-0863 | 1 Wp Svg Icons Project | 1 Wp Svg Icons | 2023-01-19 | 6.5 MEDIUM | 7.2 HIGH |
| The WP SVG Icons WordPress plugin through 3.2.3 does not properly validate uploaded custom icon packs, allowing an high privileged user like an admin to upload a zip file containing malicious php code, leading to remote code execution. | |||||
| CVE-2022-43436 | 1 Easy Test Project | 1 Easy Test | 2023-01-09 | N/A | 8.8 HIGH |
| The File Upload function of EasyTest has insufficient filtering for special characters and file type. A remote attacker authenticated as a general user can upload and execute arbitrary files, to manipulate system or disrupt service. | |||||
| CVE-2022-4732 | 1 Microweber | 1 Microweber | 2023-01-05 | N/A | 7.2 HIGH |
| Unrestricted Upload of File with Dangerous Type in GitHub repository microweber/microweber prior to 1.3.2. | |||||
| CVE-2022-4665 | 1 Ampache | 1 Ampache | 2022-12-30 | N/A | 8.8 HIGH |
| Unrestricted Upload of File with Dangerous Type in GitHub repository ampache/ampache prior to 5.5.6. | |||||
| CVE-2022-41267 | 1 Sap | 1 Business Objects Business Intelligence Platform | 2022-12-15 | N/A | 8.8 HIGH |
| SAP Business Objects Platform - versions 420, and 430, allows an attacker with normal BI user privileges to upload/replace any file on Business Objects server at the operating system level, enabling the attacker to take full control of the system causing a high impact on confidentiality, integrity, and availability of the application. | |||||
| CVE-2022-46828 | 2 Apple, Jetbrains | 2 Macos, Intellij Idea | 2022-12-12 | N/A | 7.8 HIGH |
| In JetBrains IntelliJ IDEA before 2022.3 a DYLIB injection on macOS was possible. | |||||
| CVE-2019-4056 | 1 Ibm | 10 Control Desk, Maximo Asset Management, Maximo For Aviation and 7 more | 2022-12-09 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Maximo Asset Management 7.6 Work Centers' application does not validate file type upon upload, allowing attackers to upload malicious files. IBM X-Force ID: 156565. | |||||
| CVE-2019-4069 | 1 Ibm | 3 Intelligent Operations Center, Intelligent Operations Center For Emergency Management, Water Operations For Waternamics | 2022-12-09 | 6.5 MEDIUM | 8.8 HIGH |
| IBM Intelligent Operations Center (IOC) 5.1.0 through 5.2.0 does not properly validate file types, allowing an attacker to upload malicious content. IBM X-Force ID: 157014. | |||||
| CVE-2021-39317 | 1 Accesspressthemes | 43 Access Demo Importer, Accesspress-lite, Accesspress-mag and 40 more | 2022-12-09 | 6.5 MEDIUM | 8.8 HIGH |
| A WordPress plugin and several WordPress themes developed by AccessPress Themes are vulnerable to malicious file uploads via the plugin_offline_installer AJAX action due to a missing capability check in the plugin_offline_installer_callback function found in the /demo-functions.php file or /welcome.php file of the affected products. The complete list of affected products and their versions are below: WordPress Plugin: AccessPress Demo Importer <=1.0.6 WordPress Themes: accesspress-basic <= 3.2.1 accesspress-lite <= 2.92 accesspress-mag <= 2.6.5 accesspress-parallax <= 4.5 accesspress-root <= 2.5 accesspress-store <= 2.4.9 agency-lite <= 1.1.6 arrival <= 1.4.2 bingle <= 1.0.4 bloger <= 1.2.6 brovy <= 1.3 construction-lite <= 1.2.5 doko <= 1.0.27 edict-lite <= 1.1.4 eightlaw-lite <= 2.1.5 eightmedi-lite <= 2.1.8 eight-sec <= 1.1.4 eightstore-lite <= 1.2.5 enlighten <= 1.3.5 fotography <= 2.4.0 opstore <= 1.4.3 parallaxsome <= 1.3.6 punte <= 1.1.2 revolve <= 1.3.1 ripple <= 1.2.0 sakala <= 1.0.4 scrollme <= 2.1.0 storevilla <= 1.4.1 swing-lite <= 1.1.9 the100 <= 1.1.2 the-launcher <= 1.3.2 the-monday <= 1.4.1 ultra-seven <= 1.2.8 uncode-lite <= 1.3.3 vmag <= 1.2.7 vmagazine-lite <= 1.3.5 vmagazine-news <= 1.0.5 wpparallax <= 2.0.6 wp-store <= 1.1.9 zigcy-baby <= 1.0.6 zigcy-cosmetics <= 1.0.5 zigcy-lite <= 2.0.9 | |||||
| CVE-2020-27386 | 1 Flexdotnetcms Project | 1 Flexdotnetcms | 2022-12-06 | 6.5 MEDIUM | 8.8 HIGH |
| An unrestricted file upload issue in FlexDotnetCMS before v1.5.9 allows an authenticated remote attacker to upload and execute arbitrary files by using the FileManager to upload malicious code (e.g., ASP code) in the form of a safe file type (e.g., a TXT file), and then using the FileEditor (in v1.5.8 and prior) or the FileManager's rename function (in v1.5.7 and prior) to rename the file to an executable extension (e.g., ASP), and finally executing the file via an HTTP GET request to /<path_to_file>. | |||||
| CVE-2020-25042 | 1 Maracms | 1 Maracms | 2022-12-03 | 6.5 MEDIUM | 7.2 HIGH |
| An arbitrary file upload issue exists in Mara CMS 7.5. In order to exploit this, an attacker must have a valid authenticated (admin/manager) session and make a codebase/dir.php?type=filenew request to upload PHP code to codebase/handler.php. | |||||