Total
2765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-23390 | 1 Diyhi | 1 Bbs Forum | 2022-02-23 | 7.5 HIGH | 9.8 CRITICAL |
| An issue in the getType function of BBS Forum v5.3 and below allows attackers to upload arbitrary files. | |||||
| CVE-2019-19493 | 1 Kentico | 1 Kentico | 2022-02-20 | 3.5 LOW | 5.4 MEDIUM |
| Kentico before 12.0.50 allows file uploads in which the Content-Type header is inconsistent with the file extension, leading to XSS. | |||||
| CVE-2018-19423 | 1 Codiad | 1 Codiad | 2022-02-19 | 6.5 MEDIUM | 7.2 HIGH |
| Codiad 2.8.4 allows remote authenticated administrators to execute arbitrary code by uploading an executable file. | |||||
| CVE-2021-22803 | 1 Schneider-electric | 1 Interactive Graphical Scada System Data Collector | 2022-02-18 | 7.5 HIGH | 9.8 CRITICAL |
| A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists that could lead to remote code execution through a number of paths, when an attacker, writes arbitrary files to folders in context of the DC module, by sending constructed messages on the network. Affected Product: Interactive Graphical SCADA System Data Collector (dc.exe) (V15.0.0.21243 and prior) | |||||
| CVE-2020-13675 | 1 Drupal | 1 Drupal | 2022-02-18 | 7.5 HIGH | 9.8 CRITICAL |
| Drupal's JSON:API and REST/File modules allow file uploads through their HTTP APIs. The modules do not correctly run all file validation, which causes an access bypass vulnerability. An attacker might be able to upload files that bypass the file validation process implemented by modules on the site. | |||||
| CVE-2022-23048 | 1 Exponentcms | 1 Exponent Cms | 2022-02-17 | 6.5 MEDIUM | 7.2 HIGH |
| Exponent CMS 2.6.0patch2 allows an authenticated admin user to upload a malicious extension in the format of a ZIP file with a PHP file inside it. After upload it, the PHP file will be placed at "themes/simpletheme/{rce}.php" from where can be accessed in order to execute commands. | |||||
| CVE-2022-24676 | 1 Hyphp | 1 Hybbs2 | 2022-02-11 | 6.5 MEDIUM | 8.8 HIGH |
| update_code in Admin.php in HYBBS2 through 2.3.2 allows arbitrary file upload via a crafted ZIP archive. | |||||
| CVE-2018-15139 | 1 Open-emr | 1 Openemr | 2022-02-10 | 6.5 MEDIUM | 8.8 HIGH |
| Unrestricted file upload in interface/super/manage_site_files.php in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary PHP code by uploading a file with a PHP extension via the images upload form and accessing it in the images directory. | |||||
| CVE-2022-0472 | 1 Laracom Project | 1 Laracom | 2022-02-10 | 3.5 LOW | 5.4 MEDIUM |
| Unrestricted Upload of File with Dangerous Type in Packagist jsdecena/laracom prior to v2.0.9. | |||||
| CVE-2017-9380 | 1 Open-emr | 1 Openemr | 2022-02-09 | 6.5 MEDIUM | 8.8 HIGH |
| OpenEMR 5.0.0 and prior allows low-privilege users to upload files of dangerous types which can result in arbitrary code execution within the context of the vulnerable application. | |||||
| CVE-2022-23329 | 1 Ujcms | 1 Jspxcms | 2022-02-09 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability in ${"freemarker.template.utility.Execute"?new() of UJCMS Jspxcms v10.2.0 allows attackers to execute arbitrary commands via uploading malicious files. | |||||
| CVE-2021-46428 | 1 Simple Chatbot Application Project | 1 Simple Chatbot Application | 2022-02-02 | 7.5 HIGH | 9.8 CRITICAL |
| A Remote Code Execution (RCE) vulnerability exists in Sourcecodester Simple Chatbot Application 1.0 ( and previous versions via the bot_avatar parameter in SystemSettings.php. | |||||
| CVE-2021-46097 | 1 Dolphinphp | 1 Dolphinphp | 2022-02-02 | 6.5 MEDIUM | 8.8 HIGH |
| Dolphinphp v1.5.0 contains a remote code execution vulnerability in /application/common.php#action_log | |||||
| CVE-2021-44123 | 1 Spip | 1 Spip | 2022-02-02 | 6.5 MEDIUM | 8.8 HIGH |
| SPIP 4.0.0 is affected by a remote command execution vulnerability. To exploit the vulnerability, an attacker must craft a malicious picture with a double extension, upload it and then click on it to execute it. | |||||
| CVE-2021-46116 | 1 Jpress | 1 Jpress | 2022-02-02 | 6.5 MEDIUM | 7.2 HIGH |
| jpress 4.2.0 is vulnerable to remote code execution via io.jpress.web.admin._TemplateController#doInstall. The admin panel provides a function through which attackers can install templates and inject some malicious code. | |||||
| CVE-2021-46115 | 1 Jpress | 1 Jpress | 2022-02-01 | 6.5 MEDIUM | 7.2 HIGH |
| jpress 4.2.0 is vulnerable to RCE via io.jpress.web.admin._TemplateController#doUploadFile. The admin panel provides a function through which attackers can upload templates and inject some malicious code. | |||||
| CVE-2022-23026 | 1 F5 | 2 Big-ip Advanced Web Application Firewall, Big-ip Application Acceleration Manager | 2022-02-01 | 4.0 MEDIUM | 4.3 MEDIUM |
| On BIG-IP ASM & Advanced WAF version 16.1.x before 16.1.2, 15.1.x before 15.1.4.1, 14.1.x before 14.1.4.5, and all versions of 13.1.x and 12.1.x, an authenticated user with low privileges, such as a guest, can upload data using an undisclosed REST endpoint causing an increase in disk resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||
| CVE-2020-7569 | 1 Schneider-electric | 1 Webreports | 2022-01-31 | 6.5 MEDIUM | 8.8 HIGH |
| A CWE-434 Unrestricted Upload of File with Dangerous Type vulnerability exists in EcoStruxure Building Operation WebReports V1.9 - V3.1 that could cause an authenticated remote user being able to upload arbitrary files due to incorrect verification of user supplied files and achieve remote code execution. | |||||
| CVE-2021-22697 | 1 Schneider-electric | 1 Ecostruxure Power Build - Rapsody | 2022-01-31 | 6.8 MEDIUM | 7.8 HIGH |
| A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists in the EcoStruxure Power Build - Rapsody software (V2.1.13 and prior) that could allow a use-after-free condition which could result in remote code execution when a malicious SSD file is uploaded and improperly parsed. | |||||
| CVE-2021-22698 | 1 Schneider-electric | 1 Ecostruxure Power Build - Rapsody | 2022-01-31 | 6.8 MEDIUM | 7.8 HIGH |
| A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists in the EcoStruxure Power Build - Rapsody software (V2.1.13 and prior) that could allow a stack-based buffer overflow to occur which could result in remote code execution when a malicious SSD file is uploaded and improperly parsed. | |||||