Total
4073 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-15990 | 1 Savsofteproducts | 1 Phpinventory | 2026-06-17 | 7.5 HIGH | 9.8 CRITICAL |
| Php Inventory & Invoice Management System allows Arbitrary File Upload via dashboard/edit_myaccountdetail/. | |||||
| CVE-2017-15962 | 1 Istock Management System Project | 1 Istock Management System | 2026-06-17 | 7.5 HIGH | 9.8 CRITICAL |
| iStock Management System 1.0 allows Arbitrary File Upload via user/profile. | |||||
| CVE-2017-15957 | 1 Ingenious School Management System Project | 1 Ingenious School Management System | 2026-06-17 | 6.5 MEDIUM | 8.8 HIGH |
| my_profile.php in Ingenious School Management System 2.3.0 allows a student or teacher to upload an arbitrary file. | |||||
| CVE-2017-15876 | 1 Sistemagpweb | 1 Gpweb | 2026-06-17 | 9.0 HIGH | 7.2 HIGH |
| Unrestricted File Upload vulnerability in GPWeb 8.4.61 allows remote authenticated users to upload any type of file, including a PHP shell. | |||||
| CVE-2017-15673 | 1 Cs-cart | 1 Cs-cart | 2026-06-17 | 9.0 HIGH | 7.2 HIGH |
| The files function in the administration section in CS-Cart 4.6.2 and earlier allows attackers to execute arbitrary PHP code via vectors involving a custom page. | |||||
| CVE-2017-15580 | 1 Osticket | 1 Osticket | 2026-06-17 | 7.5 HIGH | 9.8 CRITICAL |
| osTicket 1.10.1 provides a functionality to upload 'html' files with associated formats. However, it does not properly validate the uploaded file's contents and thus accepts any type of file, such as with a tickets.php request that is modified with a .html extension changed to a .exe extension. An attacker can leverage this vulnerability to upload arbitrary files on the web application having malicious content. | |||||
| CVE-2017-15549 | 1 Emc | 3 Avamar Server, Integrated Data Protection Appliance, Networker | 2026-06-17 | 9.0 HIGH | 8.8 HIGH |
| An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x; and EMC Integrated Data Protection Appliance 2.0. A remote authenticated malicious user with low privileges could potentially upload arbitrary maliciously crafted files in any location on the server file system. | |||||
| CVE-2017-15054 | 1 Teampass | 1 Teampass | 2026-06-17 | 6.5 MEDIUM | 7.5 HIGH |
| An arbitrary file upload vulnerability, present in TeamPass before 2.1.27.9, allows remote authenticated users to upload arbitrary files leading to Remote Command Execution. To exploit this vulnerability, an authenticated attacker has to tamper with parameters of a request to upload.files.php, in order to select the correct branch and be able to upload any arbitrary file. From there, it can simply access the file to execute code on the server. | |||||
| CVE-2017-14958 | 1 Pivotx | 1 Pivotx | 2026-06-17 | 6.5 MEDIUM | 7.2 HIGH |
| lib.php in PivotX 2.3.11 does not properly block uploads of dangerous file types by admin users, which allows remote PHP code execution via an upload of a .php file. | |||||
| CVE-2017-14841 | 1 Dasinfomedia | 1 Annual Maintenance Contract Management System | 2026-06-17 | 4.0 MEDIUM | 6.5 MEDIUM |
| Mojoomla Annual Maintenance Contract (AMC) Management System allows Arbitrary File Upload in profilesetting image handling. | |||||
| CVE-2017-14840 | 1 Teamworktec | 1 Ticketplus | 2026-06-17 | 6.5 MEDIUM | 8.8 HIGH |
| TeamWork TicketPlus allows Arbitrary File Upload in updateProfile. | |||||
| CVE-2017-14839 | 1 Teamworktec | 1 Photo Fusion | 2026-06-17 | 6.5 MEDIUM | 8.8 HIGH |
| TeamWork Photo Fusion allows Arbitrary File Upload in changeAvatar and changeCover. | |||||
| CVE-2017-14838 | 1 Teamworktec | 1 Job Links | 2026-06-17 | 6.5 MEDIUM | 8.8 HIGH |
| TeamWork Job Links allows Arbitrary File Upload in profileChange and coverChange. | |||||
| CVE-2017-14704 | 1 Claydip | 1 Airbnb Clone | 2026-06-17 | 6.5 MEDIUM | 8.8 HIGH |
| Multiple unrestricted file upload vulnerabilities in the (1) imageSubmit and (2) proof_submit functions in Claydip Laravel Airbnb Clone 1.0 allow remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in images/profile. | |||||
| CVE-2017-14521 | 1 Wondercms | 1 Wondercms | 2026-06-17 | 6.5 MEDIUM | 8.8 HIGH |
| In WonderCMS 2.3.1, the upload functionality accepts random application extensions and leads to malicious File Upload. | |||||
| CVE-2017-14399 | 1 Blackcat-cms | 1 Blackcat Cms | 2026-06-17 | 6.5 MEDIUM | 8.8 HIGH |
| In BlackCat CMS 1.2.2, unrestricted file upload is possible in backend\media\ajax_rename.php via the extension parameter, as demonstrated by changing the extension from .jpg to .php. | |||||
| CVE-2017-14346 | 1 Blog Project | 1 Blog | 2026-06-17 | 7.5 HIGH | 9.8 CRITICAL |
| upload.php in tianchoy/blog through 2017-09-12 allows unrestricted file upload and PHP code execution by using the image/jpeg, image/pjpeg, image/png, or image/gif content type for a .php file. | |||||
| CVE-2017-14251 | 1 Typo3 | 1 Typo3 | 2026-06-17 | 6.5 MEDIUM | 8.8 HIGH |
| Unrestricted File Upload vulnerability in the fileDenyPattern in sysext/core/Classes/Core/SystemEnvironmentBuilder.php in TYPO3 7.6.0 to 7.6.21 and 8.0.0 to 8.7.4 allows remote authenticated users to upload files with a .pht extension and consequently execute arbitrary PHP code. | |||||
| CVE-2017-14123 | 1 Zohocorp | 1 Manageengine Firewall Analyzer | 2026-06-17 | 9.0 HIGH | 8.8 HIGH |
| Zoho ManageEngine Firewall Analyzer 12200 has an unrestricted File Upload vulnerability in the "Group Chat" section. Any user can upload files with any extensions. By uploading a PHP file to the server, an attacker can cause it to execute in the server context, as demonstrated by /itplus/FileStorage/302/shell.jsp. | |||||
| CVE-2017-14079 | 1 Trendmicro | 1 Mobile Security | 2026-06-17 | 6.5 MEDIUM | 8.8 HIGH |
| Unrestricted file uploads in Trend Micro Mobile Security (Enterprise) versions before 9.7 Patch 3 allow remote attackers to execute arbitrary code on vulnerable installations. | |||||