Total
2765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-27477 | 1 Newbee-mall Project | 1 Newbee-mall | 2022-04-15 | 7.5 HIGH | 9.8 CRITICAL |
| Newbee-Mall v1.0.0 was discovered to contain an arbitrary file upload via the Upload function at /admin/goods/edit. | |||||
| CVE-2022-27131 | 1 Zbzcms | 1 Zbzcms | 2022-04-14 | 7.5 HIGH | 9.8 CRITICAL |
| An arbitrary file upload vulnerability at /zbzedit/php/zbz.php in zbzcms v1.0 allows attackers to execute arbitrary code via a crafted PHP file. | |||||
| CVE-2022-27129 | 1 Zbzcms | 1 Zbzcms | 2022-04-14 | 7.5 HIGH | 9.8 CRITICAL |
| An arbitrary file upload vulnerability at /admin/ajax.php in zbzcms v1.0 allows attackers to execute arbitrary code via a crafted PHP file. | |||||
| CVE-2021-46367 | 1 Ritecms | 1 Ritecms | 2022-04-14 | 9.0 HIGH | 7.2 HIGH |
| RiteCMS version 3.1.0 and below suffers from a remote code execution vulnerability in the admin panel. An authenticated attacker can upload a PHP file and bypass the .htacess configuration to deny execution of .php files in media and files directory by default. | |||||
| CVE-2022-27352 | 1 Simple House Rental System Project | 1 Simple House Rental System | 2022-04-14 | 6.5 MEDIUM | 8.8 HIGH |
| Simple House Rental System v1 was discovered to contain an arbitrary file upload vulnerability via /app/register.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. | |||||
| CVE-2022-27357 | 1 Ecommerce-website Project | 1 Ecommerce-website | 2022-04-14 | 7.5 HIGH | 9.8 CRITICAL |
| Ecommerce-Website v1 was discovered to contain an arbitrary file upload vulnerability via /customer_register.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. | |||||
| CVE-2022-27064 | 1 Musical World Project | 1 Musical World | 2022-04-14 | 6.5 MEDIUM | 8.8 HIGH |
| Musical World v1 was discovered to contain an arbitrary file upload vulnerability via uploaded_songs.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. | |||||
| CVE-2022-27346 | 1 Ecommerce-website Project | 1 Ecommerce-website | 2022-04-14 | 6.5 MEDIUM | 8.8 HIGH |
| Ecommece-Website v1.1.0 was discovered to contain an arbitrary file upload vulnerability via /admin/index.php?slides. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. | |||||
| CVE-2022-27349 | 1 Socialcodia | 1 Social Codia Sms | 2022-04-14 | 6.5 MEDIUM | 7.2 HIGH |
| Social Codia SMS v1 was discovered to contain an arbitrary file upload vulnerability via addteacher.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. | |||||
| CVE-2022-27061 | 1 Aerocms Project | 1 Aerocms | 2022-04-13 | 6.5 MEDIUM | 7.2 HIGH |
| AeroCMS v0.0.1 was discovered to contain an arbitrary file upload vulnerability via the Post Image function under the Admin panel. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. | |||||
| CVE-2022-26627 | 1 Online Project Time Management System Project | 1 Online Project Time Management System | 2022-04-13 | 6.8 MEDIUM | 8.8 HIGH |
| Online Project Time Management System v1.0 was discovered to contain an arbitrary file write vulnerability which allows attackers to execute arbitrary code via a crafted HTML file. | |||||
| CVE-2021-43421 | 1 Std42 | 1 Elfinder | 2022-04-13 | 7.5 HIGH | 9.8 CRITICAL |
| A File Upload vulnerability exists in Studio-42 elFinder 2.0.4 to 2.1.59 via connector.minimal.php, which allows a remote malicious user to upload arbitrary files and execute PHP code. | |||||
| CVE-2022-26607 | 1 Baigo | 1 Baigo Cms | 2022-04-13 | 6.5 MEDIUM | 7.2 HIGH |
| A remote code execution (RCE) vulnerability in baigo CMS v3.0-alpha-2 was discovered to allow attackers to execute arbitrary code via uploading a crafted PHP file. | |||||
| CVE-2022-26605 | 1 Dascomsoft | 1 Eziosuite | 2022-04-13 | 6.5 MEDIUM | 8.8 HIGH |
| eZiosuite v2.0.7 contains an authenticated arbitrary file upload via the Avatar upload functionality. | |||||
| CVE-2021-43936 | 1 Webhmi | 2 Webhmi, Webhmi Firmware | 2022-04-12 | 10.0 HIGH | 9.8 CRITICAL |
| The software allows the attacker to upload or transfer files of dangerous types to the WebHMI portal, that may be automatically processed within the product's environment or lead to arbitrary code execution. | |||||
| CVE-2022-0440 | 1 Catchplugins | 1 Catch Themes Demo Import | 2022-04-12 | 6.5 MEDIUM | 7.2 HIGH |
| The Catch Themes Demo Import WordPress plugin before 2.1.1 does not validate one of the file to be imported, which could allow high privivilege admin to upload an arbitrary PHP file and gain RCE even in the case of an hardened blog (ie DISALLOW_UNFILTERED_HTML, DISALLOW_FILE_EDIT and DISALLOW_FILE_MODS constants set to true) | |||||
| CVE-2022-26619 | 1 Halo | 1 Halo | 2022-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| Halo Blog CMS v1.4.17 was discovered to allow attackers to upload arbitrary files via the Attachment Upload function. | |||||
| CVE-2020-28062 | 1 Hisiphp | 1 Hisiphp | 2022-04-12 | 6.5 MEDIUM | 7.2 HIGH |
| An Access Control vulnerability exists in HisiPHP 2.0.11 via special packets that are constructed in $files = Dir::getList($decompath. '/ Upload/Plugins /, which could let a remote malicious user execute arbitrary code. | |||||
| CVE-2022-0403 | 1 Wpjos | 1 Library File Manager | 2022-04-11 | 5.5 MEDIUM | 8.1 HIGH |
| The Library File Manager WordPress plugin before 5.2.3 is using an outdated version of the elFinder library, which is know to be affected by security issues (CVE-2021-32682), and does not have any authorisation as well as CSRF checks in its connector AJAX action, allowing any authenticated users, such as subscriber to call it. Furthermore, as the options passed to the elFinder library does not restrict any file type, users with a role as low as subscriber can Create/Upload/Delete Arbitrary files and folders. | |||||
| CVE-2022-27249 | 1 Idearespa | 1 Reftree | 2022-04-09 | 9.0 HIGH | 8.8 HIGH |
| An unrestricted file upload vulnerability in IdeaRE RefTree before 2021.09.17 allows remote authenticated users to execute arbitrary code by using UploadDwg to upload a crafted aspx file to the web root, and then visiting the URL for this aspx resource. | |||||