Total
2975 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-26740 | 1 Doyocms Project | 1 Doyocms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Arbitrary file upload vulnerability sysupload.php in millken doyocms 2.3 allows attackers to execute arbitrary code. | |||||
| CVE-2021-26642 | 2 Microsoft, Xpressengine | 2 Windows, Xpressengine | 2024-11-21 | N/A | 8.8 HIGH |
| When uploading an image file to a bulletin board developed with XpressEngine, a vulnerability in which an arbitrary file can be uploaded due to insufficient verification of the file. A remote attacker can use this vulnerability to execute arbitrary code on the server where the bulletin board is running. | |||||
| CVE-2021-26634 | 2 Linux, Maxb | 2 Linux Kernel, Maxboard | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection and file upload attacks are possible due to insufficient validation of input values in some parameters and variables of files compromising Maxboard, which may lead to arbitrary code execution or privilege escalation. Attackers can use these vulnerabilities to perform attacks such as stealing server management rights using a web shell. | |||||
| CVE-2021-26597 | 1 Nokia | 1 Netact | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Nokia NetAct 18A. A remote user, authenticated to the NOKIA NetAct Web Page, can visit the Site Configuration Tool web site section and arbitrarily upload potentially dangerous files without restrictions via the /netact/sct dir parameter in conjunction with the operation=upload value. | |||||
| CVE-2021-26473 | 1 Vembu | 2 Bdr Suite, Offsite Dr | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| In VembuBDR before 4.2.0.1 and VembuOffsiteDR before 4.2.0.1 the http API located at /sgwebservice_o.php action logFilePath allows an attacker to write arbitrary files in the context of the web server process. These files can then be executed remotely by calling the file via the web server. | |||||
| CVE-2021-25780 | 1 Baby Care System Project | 1 Baby Care System | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| An arbitrary file upload vulnerability has been identified in posts.php in Baby Care System 1.0. The vulnerability could be exploited by an remote attacker to upload content to the server, including PHP files, which could result in command execution and obtaining a shell. | |||||
| CVE-2021-25211 | 1 Online Ordering System Project | 1 Online Ordering System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Arbitrary file upload vulnerability in SourceCodester Ordering System v 1.0 allows attackers to execute arbitrary code, via the file upload to ordering\admin\products\edit.php. | |||||
| CVE-2021-25210 | 1 Alumni Management System Project | 1 Alumni Management System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Arbitrary file upload vulnerability in SourceCodester Alumni Management System v 1.0 allows attackers to execute arbitrary code, via the file upload to manage_event.php. | |||||
| CVE-2021-25208 | 1 Travel Management System Project | 1 Travel Management System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Arbitrary file upload vulnerability in SourceCodester Travel Management System v 1.0 allows attackers to execute arbitrary code via the file upload to updatepackage.php. | |||||
| CVE-2021-25207 | 1 E-commerce Website Project | 1 E-commerce Website | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Arbitrary file upload vulnerability in SourceCodester E-Commerce Website v 1.0 allows attackers to execute arbitrary code via the file upload to prodViewUpdate.php. | |||||
| CVE-2021-25206 | 1 Responsive Ordering System Project | 1 Responsive Ordering System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Arbitrary file upload vulnerability in SourceCodester Responsive Ordering System v 1.0 allows attackers to execute arbitrary code via the file upload to Product_model.php. | |||||
| CVE-2021-25203 | 1 Victor Cms Project | 1 Victor Cms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Arbitrary file upload vulnerability in Victor CMS v 1.0 allows attackers to execute arbitrary code via the file upload to \CMSsite-master\admin\includes\admin_add_post.php. | |||||
| CVE-2021-25200 | 1 Learning Management System Project | 1 Learning Management System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Arbitrary file upload vulnerability in SourceCodester Learning Management System v 1.0 allows attackers to execute arbitrary code, via the file upload to \lms\student_avatar.php. | |||||
| CVE-2021-25119 | 1 Wpsocket | 1 Automatic Grid Image Listing | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| The AGIL WordPress plugin through 1.0 accepts all zip files and automatically extracts the zip file without validating the extracted file type. Allowing high privilege users such as admin to upload an arbitrary file like PHP, leading to RCE | |||||
| CVE-2021-25003 | 1 Wptaskforce | 1 Wpcargo Track \& Trace | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The WPCargo Track & Trace WordPress plugin before 6.9.0 contains a file which could allow unauthenticated attackers to write a PHP file anywhere on the web server, leading to RCE | |||||
| CVE-2021-24981 | 1 Wpwax | 1 Directorist | 2024-11-21 | 5.1 MEDIUM | 7.5 HIGH |
| The Directorist WordPress plugin before 7.0.6.2 was vulnerable to Cross-Site Request Forgery to Remote File Upload leading to arbitrary PHP shell uploads in the wp-content/plugins directory. | |||||
| CVE-2021-24960 | 1 Iptanus | 2 Wordpress File Upload, Wordpress File Upload Pro | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The WordPress File Upload WordPress plugin before 4.16.3, wordpress-file-upload-pro WordPress plugin before 4.16.3 allows users with a role as low as Contributor to configure the upload form in a way that allows uploading of SVG files, which could be then be used for Cross-Site Scripting attacks | |||||
| CVE-2021-24947 | 1 Thinkupthemes | 1 Responsive Vector Maps | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| The RVM WordPress plugin before 6.4.2 does not have proper authorisation, CSRF checks and validation of the rvm_upload_regions_file_path parameter in the rvm_import_regions AJAX action, allowing any authenticated user, such as subscriber, to read arbitrary files on the web server | |||||
| CVE-2021-24663 | 1 Simple Schools Staff Directory Project | 1 Simple Schools Staff Directory | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| The Simple Schools Staff Directory WordPress plugin through 1.1 does not validate uploaded logo pictures to ensure that are indeed images, allowing high privilege users such as admin to upload arbitrary file like PHP, leading to RCE | |||||
| CVE-2021-24620 | 1 Simple-e-commerce-shopping-cart Project | 1 Simple-e-commerce-shopping-cart | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| The WordPress Simple Ecommerce Shopping Cart Plugin- Sell products through Paypal plugin through 2.2.5 does not check for the uploaded Downloadable Digital product file, allowing any file, such as PHP to be uploaded by an administrator. Furthermore, as there is no CSRF in place, attackers could also make a logged admin upload a malicious PHP file, which would lead to RCE | |||||