Total
2765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-2046 | 1 Wpwax | 1 Directorist | 2022-08-12 | N/A | 4.9 MEDIUM |
| The Directorist WordPress plugin before 7.2.3 allows administrators to download other plugins from the same vendor directly to the site, but does not check the URL domain it gets the zip files from. This could allow administrators to run code on the server, which is a problem in multisite configurations. | |||||
| CVE-2022-36264 | 1 Airspan | 2 Airspot 5410, Airspot 5410 Firmware | 2022-08-12 | N/A | 9.1 CRITICAL |
| In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists an Unauthenticated remote Arbitrary File Upload vulnerability which allows overwriting arbitrary files. A malicious actor can remotely upload a file of their choice and overwrite any file in the system by manipulating the filename and append a relative path that will be interpreted during the upload process. Using this method, it is possible to rewrite any file in the system or upload a new file. | |||||
| CVE-2022-2356 | 1 Mediajedi | 1 User Private Files | 2022-08-11 | N/A | 8.8 HIGH |
| The Frontend File Manager & Sharing WordPress plugin before 1.1.3 does not filter file extensions when letting users upload files on the server, which may lead to malicious code being uploaded. | |||||
| CVE-2022-2694 | 1 Company Website Cms Project | 1 Company Website Cms | 2022-08-11 | N/A | 8.8 HIGH |
| A vulnerability was found in SourceCodester Company Website CMS and classified as critical. This issue affects some unknown processing. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-205817 was assigned to this vulnerability. | |||||
| CVE-2022-2678 | 1 Alphaware E-commerce System Project | 1 Alphaware E-commerce System | 2022-08-10 | N/A | 8.8 HIGH |
| A vulnerability was found in SourceCodester Alphaware Simple E-Commerce System. It has been declared as critical. This vulnerability affects unknown code of the file admin_feature.php of the component Background Management Page. The manipulation leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-205666 is the identifier assigned to this vulnerability. | |||||
| CVE-2022-2647 | 1 Jeecg | 1 Jeecg Boot | 2022-08-10 | N/A | 9.8 CRITICAL |
| A vulnerability was found in jeecg-boot. It has been declared as critical. This vulnerability affects unknown code of the file /api/. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-205594 is the identifier assigned to this vulnerability. | |||||
| CVE-2022-34613 | 1 Mealie Project | 1 Mealie | 2022-08-08 | N/A | 9.8 CRITICAL |
| Mealie 1.0.0beta3 contains an arbitrary file upload vulnerability which allows attackers to execute arbitrary code via a crafted file. | |||||
| CVE-2022-34496 | 1 Hiby | 4 Hiby R3 Pro, Hiby R3 Pro Firmware, Hiby R3 Pro Saber and 1 more | 2022-08-05 | N/A | 9.8 CRITICAL |
| Hiby R3 PRO firmware v1.5 to v1.7 was discovered to contain a file upload vulnerability via the file upload feature. | |||||
| CVE-2022-34120 | 1 Barangay Management System Project | 1 Barangay Management System | 2022-08-04 | N/A | 7.2 HIGH |
| Barangay Management System v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the module editing function at /pages/activity/activity.php. | |||||
| CVE-2022-34578 | 1 Opensourcepos | 1 Open Source Point Of Sale | 2022-08-04 | N/A | 7.2 HIGH |
| Open Source Point of Sale v3.3.7 was discovered to contain an arbitrary file upload vulnerability via the Update Branding Settings page. | |||||
| CVE-2022-34549 | 1 Sims Project | 1 Sims | 2022-08-03 | N/A | 8.8 HIGH |
| Sims v1.0 was discovered to contain an arbitrary file upload vulnerability via the component /uploadServlet. This vulnerability allows attackers to escalate privileges and execute arbitrary commands via a crafted file. | |||||
| CVE-2022-34971 | 1 Feehi | 1 Feehi Cms | 2022-08-02 | N/A | 8.8 HIGH |
| An arbitrary file upload vulnerability in the Advertising Management module of Feehi CMS v2.1.1 allows attackers to execute arbitrary code via a crafted PHP file. | |||||
| CVE-2021-29907 | 3 Ibm, Linux, Microsoft | 3 Openpages With Watson, Linux Kernel, Windows | 2022-08-01 | 6.5 MEDIUM | 8.8 HIGH |
| IBM OpenPages with Watson 8.1 and 8.2 could allow an authenticated user to upload a file that could execute arbitrary code on the system. IBM X-Force ID: 207633. | |||||
| CVE-2022-27260 | 1 Buttercms | 1 Buttercms | 2022-07-28 | 7.5 HIGH | 9.8 CRITICAL |
| An arbitrary file upload vulnerability in the file upload component of ButterCMS v1.2.8 allows attackers to execute arbitrary code via a crafted SVG file. | |||||
| CVE-2022-24688 | 1 Dsk | 1 Dsknet | 2022-07-25 | N/A | 8.8 HIGH |
| An issue was discovered in DSK DSKNet 2.16.136.0 and 2.17.136.5. The Touch settings allow unrestricted file upload (and consequently Remote Code Execution) via PDF upload with PHP content and a .php extension. The attacker must hijack or obtain privileged user access to the Parameters page in order to exploit this issue. (That can be easily achieved by exploiting the Broken Access Control with further Brute-force attack or SQL Injection.) The uploaded file is stored within the database and copied to the sync web folder if the attacker visits a certain .php?action= page. | |||||
| CVE-2022-1345 | 1 Organizr | 1 Organizr | 2022-07-25 | 3.5 LOW | 9.0 CRITICAL |
| Stored XSS viva .svg file upload in GitHub repository causefx/organizr prior to 2.1.1810. This allows attackers to execute malicious scripts in the user's browser and it can lead to session hijacking, sensitive data exposure, and worse. | |||||
| CVE-2022-34024 | 1 Barangay Management System Project | 1 Barangay Management System | 2022-07-25 | N/A | 7.2 HIGH |
| Barangay Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via the resident module editing function at /bmis/pages/resident/resident.php. | |||||
| CVE-2022-2419 | 1 Eveo | 1 Urve Web Manager | 2022-07-22 | N/A | 8.0 HIGH |
| A vulnerability was found in URVE Web Manager. It has been declared as critical. This vulnerability affects unknown code of the file _internal/collector/upload.php. The manipulation leads to unrestricted upload. Access to the local network is required for this attack to succeed. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2022-2420 | 1 Eveo | 1 Urve Web Manager | 2022-07-22 | N/A | 8.0 HIGH |
| A vulnerability was found in URVE Web Manager. It has been rated as critical. This issue affects some unknown processing of the file _internal/uploader.php. The manipulation leads to unrestricted upload. The attack needs to be approached within the local network. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2022-2418 | 1 Eveo | 1 Urve Web Manager | 2022-07-22 | N/A | 8.0 HIGH |
| A vulnerability was found in URVE Web Manager. It has been classified as critical. This affects an unknown part of the file kreator.html5/img_upload.php. The manipulation leads to unrestricted upload. Access to the local network is required for this attack. The exploit has been disclosed to the public and may be used. | |||||