Vulnerabilities (CVE)

Filtered by CWE-434
Total 4128 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-41512 1 Online Diagnostic Lab Management System Project 1 Online Diagnostic Lab Management System 2026-06-17 N/A 7.2 HIGH
An arbitrary file upload vulnerability in the component /php_action/editFile.php of Online Diagnostic Lab Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file.
CVE-2022-41504 1 Billing System Project 1 Billing System 2026-06-17 N/A 7.2 HIGH
An arbitrary file upload vulnerability in the component /php_action/editProductImage.php of Billing System Project v1.0 allows attackers to execute arbitrary code via a crafted PHP file.
CVE-2022-41437 1 Billing System Project Project 1 Billing System Project 2026-06-17 N/A 7.2 HIGH
Billing System Project v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the component /php_action/createProduct.php.
CVE-2022-41406 1 Church Management System Project 1 Church Management System 2026-06-17 N/A 7.2 HIGH
An arbitrary file upload vulnerability in the /admin/admin_pic.php component of Church Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file.
CVE-2022-41387 1 Democritus 1 D8s-pdfs 2026-06-17 N/A 9.8 CRITICAL
The d8s-pdfs package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-urls package. The affected version is 0.1.0.
CVE-2022-41386 1 Democritus 1 D8s-utility 2026-06-17 N/A 9.8 CRITICAL
The d8s-utility package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-urls package. The affected version is 0.1.0.
CVE-2022-41385 1 Democritus 1 D8s-html 2026-06-17 N/A 9.8 CRITICAL
The d8s-html package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-urls package. The affected version is 0.1.0.
CVE-2022-41384 1 Democritus 1 D8s-domains 2026-06-17 N/A 9.8 CRITICAL
The d8s-domains package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-urls package. The affected version is 0.1.0.
CVE-2022-41383 1 Democritus 1 D8s-archives 2026-06-17 N/A 9.8 CRITICAL
The d8s-archives package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-file-system package. The affected version is 0.1.0.
CVE-2022-41382 1 Democritus 1 D8s-json 2026-06-17 N/A 9.8 CRITICAL
The d8s-json package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-file-system package. The affected version is 0.1.0.
CVE-2022-41381 1 Democritus 1 D8s-utility 2026-06-17 N/A 9.8 CRITICAL
The d8s-utility package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-file-system package. The affected version is 0.1.0.
CVE-2022-41380 1 Democritus 1 D8s-yaml 2026-06-17 N/A 9.8 CRITICAL
The d8s-yaml package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-file-system package. The affected version is 0.1.0.
CVE-2022-41379 1 Online Leave Management System Project 1 Online Leave Management System 2026-06-17 N/A 7.2 HIGH
An arbitrary file upload vulnerability in the component /leave_system/classes/Users.php?f=save of Online Leave Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file.
CVE-2022-41267 1 Sap 1 Business Objects Business Intelligence Platform 2026-06-17 N/A 9.9 CRITICAL
SAP Business Objects Platform - versions 420, and 430, allows an attacker with normal BI user privileges to upload/replace any file on Business Objects server at the operating system level, enabling the attacker to take full control of the system causing a high impact on confidentiality, integrity, and availability of the application.
CVE-2022-41217 1 Hybridsoftware 1 Cloudflow 2026-06-17 N/A 9.8 CRITICAL
Cloudflow contains a unauthenticated file upload vulnerability, which makes it possible for an attacker to upload malicious files to the CLOUDFLOW PROOFSCOPE built-in storage.
CVE-2022-40981 1 Etictelecom 14 Ras-c-100-lw, Ras-e-100, Ras-e-220 and 11 more 2026-06-17 N/A 5.9 MEDIUM
All versions of ETIC Telecom Remote Access Server (RAS) 4.5.0 and prior is vulnerable to malicious file upload. An attacker could take advantage of this to store malicious files on the server, which could override sensitive and useful existing files on the filesystem, fill the hard disk to full capacity, or compromise the affected device or computers with administrator level privileges connected to the affected device.
CVE-2022-40932 1 Phpgurukul 1 Zoo Management System 2026-06-17 N/A 7.2 HIGH
In Zoo Management System v1.0, there is an arbitrary file upload vulnerability in the picture upload point of the "gallery" file of the "Gallery" module in the background management system.
CVE-2022-40925 1 Phpgurukul 1 Zoo Management System 2026-06-17 N/A 7.2 HIGH
Zoo Management System v1.0 has an arbitrary file upload vulnerability in the picture upload point of the "save_event" file of the "Events" module in the background management system.
CVE-2022-40924 1 Phpgurukul 1 Zoo Management System 2026-06-17 N/A 7.2 HIGH
Zoo Management System v1.0 has an arbitrary file upload vulnerability in the picture upload point of the "save_animal" file of the "Animals" module in the background management system.
CVE-2022-40921 1 Dedecms 1 Dedecms 2026-06-17 N/A 7.2 HIGH
DedeCMS V5.7.99 was discovered to contain an arbitrary file upload vulnerability via the component /dede/file_manage_control.php.