Total
3317 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-24651 | 1 Sentcms | 1 Sentcms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| sentcms 4.0.x allows remote attackers to cause arbitrary file uploads through an unauthorized file upload interface, resulting in PHP code execution through /user/upload/upload. | |||||
| CVE-2022-24581 | 1 Aceware | 1 Aceweb Online Portal | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| ACEweb Online Portal 3.5.065 allows unauthenticated SMB hash capture via UNC. By specifying the UNC file path of an external SMB share when uploading a file, an attacker can induce the victim server to disclose the username and password hash of the user executing the ACEweb Online software. | |||||
| CVE-2022-24553 | 1 Zfaka Project | 1 Zfaka | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was found in Zfaka <= 1.4.5. The verification of the background file upload function check is not strict, resulting in remote command execution. | |||||
| CVE-2022-24387 | 1 Smartertools | 1 Smartertrack | 2024-11-21 | 6.5 MEDIUM | 9.1 CRITICAL |
| With administrator or admin privileges the application can be tricked into overwriting files in app_data/Config folder, e.g. the systemsettings.xml file. THis is possible in SmarterTrack v100.0.8019.14010 | |||||
| CVE-2022-24262 | 1 Voipmonitor | 1 Voipmonitor | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| The config restore function of Voipmonitor GUI before v24.96 does not properly check files sent as restore archives, allowing remote attackers to execute arbitrary commands via a crafted file in the web root. | |||||
| CVE-2022-24254 | 1 Extensis | 1 Portfolio | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| An unrestricted file upload vulnerability in the Backup/Restore Archive component of Extensis Portfolio v4.0 allows remote attackers to execute arbitrary code via a crafted ZIP file. | |||||
| CVE-2022-24253 | 1 Extensis | 1 Portfolio | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Extensis Portfolio v4.0 was discovered to contain an authenticated unrestricted file upload vulnerability via the component AdminFileTransferServlet. | |||||
| CVE-2022-24252 | 1 Extensis | 1 Portfolio | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| An unrestricted file upload vulnerability in the FileTransferServlet component of Extensis Portfolio v4.0 allows remote attackers to execute arbitrary code via a crafted file. | |||||
| CVE-2022-24251 | 1 Extensis | 1 Portfolio | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Extensis Portfolio v4.0 was discovered to contain an authenticated unrestricted file upload vulnerability via the Catalog Asset Upload function. | |||||
| CVE-2022-24239 | 1 Aceware | 1 Aceweb Online Portal | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| ACEweb Online Portal 3.5.065 was discovered to contain an unrestricted file upload vulnerability via attachments.awp. | |||||
| CVE-2022-24136 | 1 Hospital Management System Project | 1 Hospital Management System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Hospital Management System v1.0 is affected by an unrestricted upload of dangerous file type vulerability in treatmentrecord.php. To exploit, an attacker can upload any PHP file, and then execute it. | |||||
| CVE-2022-23906 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| CMS Made Simple v2.2.15 was discovered to contain a Remote Command Execution (RCE) vulnerability via the upload avatar function. This vulnerability is exploited via a crafted image file. | |||||
| CVE-2022-23880 | 1 Taogogo | 1 Taocms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An arbitrary file upload vulnerability in the File Management function module of taoCMS v3.0.2 allows attackers to execute arbitrary code via a crafted PHP file. | |||||
| CVE-2022-23390 | 1 Diyhi | 1 Bbs Forum | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue in the getType function of BBS Forum v5.3 and below allows attackers to upload arbitrary files. | |||||
| CVE-2022-23375 | 1 Wikidocs | 1 Wikidocs | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| WikiDocs version 0.1.18 has an authenticated remote code execution vulnerability. An attacker can upload a malicious file using the image upload form through index.php. | |||||
| CVE-2022-23346 | 1 Bigantsoft | 1 Bigant Server | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| BigAnt Software BigAnt Server v5.6.06 was discovered to contain incorrect access control issues. | |||||
| CVE-2022-23329 | 1 Ujcms | 1 Jspxcms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability in ${"freemarker.template.utility.Execute"?new() of UJCMS Jspxcms v10.2.0 allows attackers to execute arbitrary commands via uploading malicious files. | |||||
| CVE-2022-23315 | 1 Mingsoft | 1 Mcms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| MCMS v5.2.4 was discovered to contain an arbitrary file upload vulnerability via the component /ms/template/writeFileContent.do. | |||||
| CVE-2022-23155 | 1 Dell | 1 Wyse Management Suite | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
| Dell Wyse Management Suite versions 2.0 through 3.5.2 contain an unrestricted file upload vulnerability. A malicious user with admin privileges can exploit this vulnerability in order to execute arbitrary code on the system. | |||||
| CVE-2022-23048 | 1 Exponentcms | 1 Exponent Cms | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| Exponent CMS 2.6.0patch2 allows an authenticated admin user to upload a malicious extension in the format of a ZIP file with a PHP file inside it. After upload it, the PHP file will be placed at "themes/simpletheme/{rce}.php" from where can be accessed in order to execute commands. | |||||