Total
2765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-22482 | 1 Ibm | 1 Sterling B2b Integrator | 2022-05-26 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5 and 6.1.0.0 through 6.1.1.0 could allow an authenticated user to upload files that could fill up the filesystem and cause a denial of service. IBM X-Force ID: 225977. | |||||
| CVE-2021-25119 | 1 Wpsocket | 1 Automatic Grid Image Listing | 2022-05-25 | 6.5 MEDIUM | 7.2 HIGH |
| The AGIL WordPress plugin through 1.0 accepts all zip files and automatically extracts the zip file without validating the extracted file type. Allowing high privilege users such as admin to upload an arbitrary file like PHP, leading to RCE | |||||
| CVE-2021-33009 | 1 Myscada | 1 Mypro | 2022-05-24 | 5.0 MEDIUM | 7.5 HIGH |
| mySCADA myPRO versions prior to 8.20.0 allows an unauthenticated remote attacker to upload arbitrary files to the file system. | |||||
| CVE-2021-27771 | 1 Hcltech | 1 Sametime | 2022-05-24 | 6.5 MEDIUM | 7.6 HIGH |
| User SID can be modified resulting in an Arbitrary File Upload or deletion of directories causing a Denial of Service. When interacting in a normal matter with the Sametime chat application, users hold a cookie containing their session ID (SID). This value is also used when sending chat messages, receiving notifications and/or transferring files. | |||||
| CVE-2021-42171 | 1 Tribalsystems | 1 Zenario | 2022-05-24 | 6.5 MEDIUM | 7.2 HIGH |
| Zenario CMS 9.0.54156 is vulnerable to File Upload. The web server can be compromised by uploading and executing a web-shell which can run commands, browse system files, browse local resources, attack other servers, and exploit the local vulnerabilities, and so forth. | |||||
| CVE-2022-29354 | 1 Keystonejs | 1 Keystone | 2022-05-24 | 7.5 HIGH | 9.8 CRITICAL |
| An arbitrary file upload vulnerability in the file upload module of Keystone v4.2.1 allows attackers to execute arbitrary code via a crafted file. | |||||
| CVE-2022-29353 | 1 Graphql-upload Project | 1 Graphql-upload | 2022-05-24 | 7.5 HIGH | 9.8 CRITICAL |
| An arbitrary file upload vulnerability in the file upload module of Graphql-upload v13.0.0 allows attackers to execute arbitrary code via a crafted filename. | |||||
| CVE-2021-42967 | 1 Novel-plus Project | 1 Novel-plus | 2022-05-24 | 7.5 HIGH | 9.8 CRITICAL |
| Unrestricted file upload in /novel-admin/src/main/java/com/java2nb/common/controller/FileController.java in novel-plus all versions allows allows an attacker to upload malicious JSP files. | |||||
| CVE-2020-8162 | 2 Debian, Rubyonrails | 2 Debian Linux, Rails | 2022-05-24 | 5.0 MEDIUM | 7.5 HIGH |
| A client side enforcement of server side security vulnerability exists in rails < 5.2.4.2 and rails < 6.0.3.1 ActiveStorage's S3 adapter that allows the Content-Length of a direct file upload to be modified by an end user bypassing upload limits. | |||||
| CVE-2022-1409 | 1 Vikwp | 1 Hotel Booking Engine \& Pms | 2022-05-24 | 6.5 MEDIUM | 7.2 HIGH |
| The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.5.8 does not properly validate images, allowing high privilege users such as administrators to upload PHP files disguised as images and containing malicious PHP code | |||||
| CVE-2022-21809 | 1 Inhandnetworks | 2 Inrouter302, Inrouter302 Firmware | 2022-05-23 | 5.5 MEDIUM | 8.1 HIGH |
| A file write vulnerability exists in the httpd upload.cgi functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted HTTP request can lead to arbitrary file upload. An attacker can upload a malicious file to trigger this vulnerability. | |||||
| CVE-2022-30448 | 1 Hospital Management System Project | 1 Hospital Management System | 2022-05-20 | 7.5 HIGH | 9.8 CRITICAL |
| Hospital Management System in PHP with Source Code (HMS) 1.0 was discovered to contain a File upload vulnerability in treatmentrecord.php. | |||||
| CVE-2020-19228 | 1 Bludit | 1 Bludit | 2022-05-18 | 9.0 HIGH | 7.2 HIGH |
| An issue was found in bludit v3.13.0, unsafe implementation of the backup plugin allows attackers to upload arbitrary files. | |||||
| CVE-2022-29318 | 1 Car Rental Management System Project | 1 Car Rental Management System | 2022-05-17 | 6.5 MEDIUM | 7.2 HIGH |
| An arbitrary file upload vulnerability in the New Entry module of Car Rental Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. | |||||
| CVE-2022-29655 | 1 Wedding Management System Project | 1 Wedding Management System | 2022-05-17 | 6.5 MEDIUM | 7.2 HIGH |
| An arbitrary file upload vulnerability in the Upload Photos module of Wedding Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. | |||||
| CVE-2021-42645 | 1 Cmsimple-xh | 1 Cmsimple Xh | 2022-05-16 | 10.0 HIGH | 10.0 CRITICAL |
| CMSimple_XH 1.7.4 is affected by a remote code execution (RCE) vulnerability. To exploit this vulnerability, an attacker must use the "File" parameter to upload a PHP payload to get a reverse shell from the vulnerable host. | |||||
| CVE-2021-37194 | 1 Siemens | 1 Comos | 2022-05-13 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability has been identified in COMOS V10.2 (All versions only if web components are used), COMOS V10.3 (All versions < V10.3.3.3 only if web components are used), COMOS V10.4 (All versions < V10.4.1 only if web components are used). The COMOS Web component of COMOS allows to upload and store arbitrary files at the webserver. This could allow an attacker to store malicious files. | |||||
| CVE-2022-28606 | 1 Bosscms | 1 Bosscms | 2022-05-13 | 7.5 HIGH | 9.8 CRITICAL |
| An arbitrary file upload vulnerability exists in Wenzhou Huoyin Information Technology Co., Ltd. BossCMS 1.0, which can be exploited by an attacker to gain control of the server. | |||||
| CVE-2022-28120 | 1 Rainier | 1 Open Virtual Simulation Experiment Teaching Management Platform | 2022-05-13 | 7.5 HIGH | 9.8 CRITICAL |
| Beijing Runnier Network Technology Co., Ltd Open virtual simulation experiment teaching management platform software 2.0 has a file upload vulnerability, which can be exploited by an attacker to gain control of the server. | |||||
| CVE-2022-1411 | 1 Yetiforce | 1 Yetiforce Customer Relationship Management | 2022-05-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| Unrestructed file upload in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0. Attacker can send malicious files to the victims is able to retrieve the stored data from the web application without that data being made safe to render in the browser and steals victim's cookie leads to account takeover. | |||||