Total
2952 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-7705 | 1 Mainwww | 1 Mwcms | 2024-09-16 | 5.8 MEDIUM | 5.3 MEDIUM |
| A vulnerability was found in Fujian mwcms 1.0.0. It has been declared as critical. Affected by this vulnerability is the function uploadeditor of the file /uploadeditor.html?action=uploadimage of the component Image Upload. The manipulation of the argument upfile leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-44871 | 1 Mozilo | 1 Mozilocms | 2024-09-13 | N/A | 7.2 HIGH |
| An arbitrary file upload vulnerability in the component /admin/index.php of moziloCMS v3.0 allows attackers to execute arbitrary code via uploading a crafted file. | |||||
| CVE-2024-8463 | 1 Phpgurukul | 1 Job Portal | 2024-09-12 | N/A | 8.8 HIGH |
| File upload restriction bypass vulnerability in PHPGurukul Job Portal 1.0, the exploitation of which could allow an authenticated user to execute an RCE via webshell. | |||||
| CVE-2024-6311 | 1 Funnelforms | 1 Funnelforms Free | 2024-09-12 | N/A | 7.2 HIGH |
| The Funnelforms Free plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'af2_add_font' function in all versions up to, and including, 3.7.3.2. This makes it possible for authenticated attackers, with administrator-level and above permissions, to upload arbitrary files on the affected site's server which may make remote code execution possible. | |||||
| CVE-2024-7500 | 1 Angeljudesuarez | 1 Airline Reservation System | 2024-09-11 | 6.5 MEDIUM | 9.8 CRITICAL |
| A vulnerability was found in itsourcecode Airline Reservation System 1.0. It has been rated as critical. Affected by this issue is the function save_settings of the file admin/admin_class.php. The manipulation of the argument img leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-273626 is the identifier assigned to this vulnerability. | |||||
| CVE-2024-7506 | 1 Angeljudesuarez | 1 Tailoring Management System | 2024-09-11 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability has been found in itsourcecode Tailoring Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /setlogo.php. The manipulation of the argument bgimg leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-273649 was assigned to this vulnerability. | |||||
| CVE-2024-8232 | 2024-09-11 | N/A | 7.5 HIGH | ||
| SpiderControl SCADA Web Server has a vulnerability that could allow an attacker to upload specially crafted malicious files without authentication. | |||||
| CVE-2024-44849 | 2024-09-09 | N/A | 9.8 CRITICAL | ||
| Qualitor up to 8.24 is vulnerable to Remote Code Execution (RCE) via Arbitrary File Upload in checkAcesso.php. | |||||
| CVE-2024-7620 | 2024-09-09 | N/A | 6.6 MEDIUM | ||
| The Customizer Export/Import plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the '_import' function in all versions up to, and including, 0.9.7. This makes it possible for authenticated attackers, with Administrator-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. NOTE: This vulnerability is only exploitable when used in conjunction with a race condition as the uploaded file is deleted shortly after it is created. | |||||
| CVE-2024-8164 | 1 Beikeshop | 1 Beikeshop | 2024-09-06 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability, which was classified as critical, has been found in Chengdu Everbrite Network Technology BeikeShop up to 1.5.5. Affected by this issue is the function rename of the file /Admin/Http/Controllers/FileManagerController.php. The manipulation of the argument new_name leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-7694 | 1 Teamt5 | 1 Threatsonar Anti-ransomware | 2024-09-06 | N/A | 7.2 HIGH |
| ThreatSonar Anti-Ransomware from TeamT5 does not properly validate the content of uploaded files. Remote attackers with administrator privileges on the product platform can upload malicious files, which can be used to execute arbitrary system command on the server. | |||||
| CVE-2024-45076 | 1 Ibm | 1 Webmethods Integration | 2024-09-06 | N/A | 9.9 CRITICAL |
| IBM webMethods Integration 10.15 could allow an authenticated user to upload and execute arbitrary files which could be executed on the underlying operating system. | |||||
| CVE-2024-43249 | 1 Bitapps | 1 Bit Form | 2024-09-06 | N/A | 8.8 HIGH |
| Unrestricted Upload of File with Dangerous Type vulnerability in Bit Apps Bit Form Pro allows Command Injection.This issue affects Bit Form Pro: from n/a through 2.6.4. | |||||
| CVE-2024-40645 | 1 Fogproject | 1 Fogproject | 2024-09-05 | N/A | 8.8 HIGH |
| FOG is a cloning/imaging/rescue suite/inventory management system. An improperly restricted file upload feature allows authenticated users to execute arbitrary code on the fogproject server. The Rebranding feature has a check on the client banner image requiring it to be 650 pixels wide and 120 pixels high. Apart from that, there are no checks on things like file extensions. This can be abused by appending a PHP webshell to the end of the image and changing the extension to anything the PHP web server will parse. This vulnerability is fixed in 1.5.10.41. | |||||
| CVE-2024-8330 | 1 6shr System Project | 1 6shr System | 2024-09-05 | N/A | 8.8 HIGH |
| 6SHR system from Gether Technology does not properly validate uploaded file types, allowing remote attackers with regular privileges to upload web shell scripts and use them to execute arbitrary system commands on the server. | |||||
| CVE-2024-8342 | 1 Nelzkie15 | 1 Petshop Management System | 2024-09-04 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability, which was classified as critical, has been found in SourceCodester Petshop Management System 1.0. This issue affects some unknown processing of the file /controllers/add_client.php. The manipulation of the argument image_profile leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-8341 | 1 Nelzkie15 | 1 Pet Shop Management System | 2024-09-04 | 6.5 MEDIUM | 9.8 CRITICAL |
| A vulnerability classified as critical was found in SourceCodester Petshop Management System 1.0. This vulnerability affects unknown code of the file /controllers/add_user.php. The manipulation of the argument avatar leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-7943 | 1 Adonesevangelista | 1 Laravel Property Management System | 2024-09-03 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability was found in itsourcecode Laravel Property Management System 1.0 and classified as critical. This issue affects the function upload of the file PropertiesController.php. The manipulation of the argument file leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-42991 | 2024-09-03 | N/A | 8.1 HIGH | ||
| MCMS v5.4.1 has front-end file upload vulnerability which can lead to remote command execution. | |||||
| CVE-2024-6117 | 1 Hamastar | 1 Meetinghub Paperless Meetings | 2024-08-30 | N/A | 8.8 HIGH |
| A Unrestricted upload of file with dangerous type vulnerability in meeting management function in Hamastar MeetingHub Paperless Meetings 2021 allows remote authenticated users to perform arbitrary system commands via a crafted ASP file. | |||||