Total
2765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-1034 | 1 Showdoc | 1 Showdoc | 2022-03-28 | 6.5 MEDIUM | 7.2 HIGH |
| There is a Unrestricted Upload of File vulnerability in ShowDoc v2.10.3 in GitHub repository star7th/showdoc prior to 2.10.4. | |||||
| CVE-2022-1033 | 1 Craterapp | 1 Crater | 2022-03-28 | 6.5 MEDIUM | 7.8 HIGH |
| Unrestricted Upload of File with Dangerous Type in GitHub repository crater-invoice/crater prior to 6.0.6. | |||||
| CVE-2020-26008 | 1 Shopxo | 1 Shopxo | 2022-03-28 | 6.8 MEDIUM | 7.8 HIGH |
| The PluginsUpload function in application/service/PluginsAdminService.php of ShopXO v1.9.0 contains an arbitrary file upload vulnerability which allows attackers to execute arbitrary code via uploading a crafted PHP file. | |||||
| CVE-2020-26007 | 1 Shopxo | 1 Shopxo | 2022-03-28 | 6.8 MEDIUM | 7.8 HIGH |
| An arbitrary file upload vulnerability in the upload payment plugin of ShopXO v1.9.0 allows attackers to execute arbitrary code via uploading a crafted PHP file. | |||||
| CVE-2022-25581 | 1 Classcms | 1 Classcms | 2022-03-28 | 6.8 MEDIUM | 7.8 HIGH |
| Classcms v2.5 and below contains an arbitrary file upload via the component \class\classupload. This vulnerability allows attackers to execute code injection via a crafted .txt file. | |||||
| CVE-2019-18288 | 1 Siemens | 1 Sppa-t3000 Application Server | 2022-03-25 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). An attacker with valid authentication at the RMI interface could be able to gain remote code execution through an unsecured file upload. Please note that an attacker needs to have access to the Application Highway in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. | |||||
| CVE-2022-25602 | 1 Expresstech | 1 Responsive Menu | 2022-03-25 | 6.5 MEDIUM | 8.8 HIGH |
| Nonce token leak vulnerability leading to arbitrary file upload, theme deletion, plugin settings change discovered in Responsive Menu WordPress plugin (versions <= 4.1.7). | |||||
| CVE-2022-0415 | 1 Gogs | 1 Gogs | 2022-03-25 | 6.5 MEDIUM | 8.8 HIGH |
| Remote Command Execution in uploading repository file in GitHub repository gogs/gogs prior to 0.12.6. | |||||
| CVE-2022-26965 | 1 Pluck-cms | 1 Pluck | 2022-03-25 | 6.5 MEDIUM | 7.2 HIGH |
| In Pluck 4.7.16, an admin user can use the theme upload functionality at /admin.php?action=themeinstall to perform remote code execution. | |||||
| CVE-2021-45834 | 1 Opendocman | 1 Opendocman | 2022-03-25 | 7.5 HIGH | 9.8 CRITICAL |
| An attacker can upload or transfer files of dangerous types to the OpenDocMan 1.4.4 portal via add.php using MIME-bypass, which may be automatically processed within the product's environment or lead to arbitrary code execution. | |||||
| CVE-2021-45835 | 1 Online Admission System Project | 1 Online Admissions System | 2022-03-25 | 7.5 HIGH | 9.8 CRITICAL |
| The Online Admission System 1.0 allows an unauthenticated attacker to upload or transfer files of dangerous types to the application through documents.php, which may be used to execute malicious code or lead to code execution. | |||||
| CVE-2021-45040 | 1 Spatie | 1 Laravel Media Library | 2022-03-24 | 10.0 HIGH | 9.8 CRITICAL |
| The Spatie media-library-pro library through 1.17.10 and 2.x through 2.1.6 for Laravel allows remote attackers to upload executable files via the uploads route. | |||||
| CVE-2022-25495 | 1 Cuppacms | 1 Cuppacms | 2022-03-23 | 7.5 HIGH | 9.8 CRITICAL |
| The component /jquery_file_upload/server/php/index.php of CuppaCMS v1.0 allows attackers to upload arbitrary files and execute arbitrary code via a crafted PHP file. | |||||
| CVE-2022-0912 | 1 Microweber | 1 Microweber | 2022-03-18 | 3.5 LOW | 4.8 MEDIUM |
| Unrestricted Upload of File with Dangerous Type in GitHub repository microweber/microweber prior to 1.2.11. | |||||
| CVE-2021-44673 | 1 Croogo | 1 Croogo | 2022-03-18 | 6.5 MEDIUM | 8.8 HIGH |
| A Remote Code Execution (RCE) vulnerability exists in Croogo 3.0.2via admin/file-manager/attachments, which lets a malicoius user upload a web shell script. | |||||
| CVE-2022-0921 | 1 Microweber | 1 Microweber | 2022-03-18 | 6.5 MEDIUM | 6.7 MEDIUM |
| Abusing Backup/Restore feature to achieve Remote Code Execution in GitHub repository microweber/microweber prior to 1.2.12. | |||||
| CVE-2021-35244 | 2 Microsoft, Solarwinds | 2 Windows, Orion Platform | 2022-03-17 | 8.5 HIGH | 7.2 HIGH |
| The "Log alert to a file" action within action management enables any Orion Platform user with Orion alert management rights to write to any file. An attacker with Orion alert management rights could use this vulnerability to perform an unrestricted file upload causing a remote code execution. | |||||
| CVE-2022-24652 | 1 Sentcms | 1 Sentcms | 2022-03-16 | 7.5 HIGH | 9.8 CRITICAL |
| sentcms 4.0.x allows remote attackers to cause arbitrary file uploads through an unauthorized file upload interface, resulting in php code execution in /admin/upload/upload. | |||||
| CVE-2022-24651 | 1 Sentcms | 1 Sentcms | 2022-03-16 | 7.5 HIGH | 9.8 CRITICAL |
| sentcms 4.0.x allows remote attackers to cause arbitrary file uploads through an unauthorized file upload interface, resulting in PHP code execution through /user/upload/upload. | |||||
| CVE-2021-43970 | 1 Quicklert | 1 Quicklert | 2022-03-15 | 9.0 HIGH | 8.8 HIGH |
| An arbitrary file upload vulnerability exists in albumimages.jsp in Quicklert for Digium 10.0.0 (1043) via a .mp3;.jsp filename for a file that begins with audio data bytes. It allows an authenticated (low privileged) attacker to execute remote code on the target server within the context of application's permissions (SYSTEM). | |||||