Total
3448 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-1713 | 1 Vtiger | 1 Vtiger Crm | 2025-04-20 | 8.5 HIGH | 7.3 HIGH |
| Unrestricted file upload vulnerability in the Settings_Vtiger_CompanyDetailsSave_Action class in modules/Settings/Vtiger/actions/CompanyDetailsSave.php in Vtiger CRM 6.4.0 allows remote authenticated users to execute arbitrary code by uploading a crafted image file with an executable extension, then accessing it via a direct request to the file in test/logo/. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-6000. | |||||
| CVE-2017-1000238 | 1 Invoiceplane | 1 Invoiceplane | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| InvoicePlane version 1.4.10 is vulnerable to a Arbitrary File Upload resulting in an authenticated user can upload a malicious file to the webserver. It is possible for an attacker to upload a script which is able to compromise the webserver. | |||||
| CVE-2017-11405 | 1 Cmsmadesimple | 1 Cms Made Simple | 2025-04-20 | 4.0 MEDIUM | 4.9 MEDIUM |
| In CMS Made Simple (CMSMS) 2.2.2, remote authenticated administrators can upload a .php file via a CMSContentManager action to admin/moduleinterface.php, followed by a FilePicker action to admin/moduleinterface.php in which type=image is changed to type=file. | |||||
| CVE-2017-13982 | 1 Hp | 1 Bsm Platform Application Performance Management System Health | 2025-04-20 | 9.0 HIGH | 8.8 HIGH |
| A directory traversal vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows users to upload unrestricted files. | |||||
| CVE-2017-1002003 | 1 Wp2android-turn-wp-site-into-android-app Project | 1 Wp2android-turn-wp-site-into-android-app | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Vulnerability in wordpress plugin wp2android-turn-wp-site-into-android-app v1.1.4, The plugin includes unlicensed vulnerable CMS software from http://www.invedion.com. | |||||
| CVE-2017-9069 | 1 Modx | 1 Modx Revolution | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| In MODX Revolution before 2.5.7, a user with file upload permissions is able to execute arbitrary code by uploading a file with the name .htaccess. | |||||
| CVE-2017-7989 | 1 Joomla | 1 Joomla\! | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| In Joomla! 3.2.0 through 3.6.5 (fixed in 3.7.0), inadequate MIME type checks allowed low-privilege users to upload swf files even if they were explicitly forbidden. | |||||
| CVE-2015-8249 | 1 Manageengine | 1 Desktop Central | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
| The FileUploadServlet class in ManageEngine Desktop Central 9 before build 91093 allows remote attackers to upload and execute arbitrary files via the ConnectionId parameter. | |||||
| CVE-2017-11326 | 1 Tilde Cms Project | 1 Tilde Cms | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Tilde CMS 1.0.1. It is possible to bypass the implemented restrictions on arbitrary file upload via a filename.+php manipulation. | |||||
| CVE-2017-8862 | 1 Cohuhd | 2 3960hd, 3960hd Firmware | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
| The webupgrade function on the Cohu 3960HD does not verify the firmware upgrade files or process, allowing an attacker to upload a specially crafted postinstall.sh file that will be executed with "root" privileges. | |||||
| CVE-2015-4455 | 1 Aviary Image Editor Add-on For Gravity Forms Project | 1 Aviary Image Editor Add-on For Gravity Forms | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Unrestricted file upload vulnerability in includes/upload.php in the Aviary Image Editor Add-on For Gravity Forms plugin 3.0 beta for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in wp-content/uploads/gform_aviary. | |||||
| CVE-2015-4462 | 1 Efrontlearning | 1 Efront | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| Absolute path traversal vulnerability in the file_manager component of eFront CMS before 3.6.15.5 allows remote authenticated users to read arbitrary files via a full pathname in the "Upload file from url" field in the file manager for professor.php. | |||||
| CVE-2017-1000119 | 1 Octobercms | 1 October | 2025-04-20 | 6.5 MEDIUM | 7.2 HIGH |
| October CMS build 412 is vulnerable to PHP code execution in the file upload functionality resulting in site compromise and possibly other applications on the server. | |||||
| CVE-2017-14050 | 1 Blackcat-cms | 1 Blackcat Cms | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| In BlackCat CMS 1.2, backend/addons/install.php allows remote authenticated users to execute arbitrary PHP code via a ZIP archive that contains a .php file. | |||||
| CVE-2017-3108 | 1 Adobe | 1 Experience Manager | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Adobe Experience Manager 6.2 and earlier has a malicious file execution vulnerability. | |||||
| CVE-2016-8921 | 1 Ibm | 1 Filenet Workplace Xt | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| IBM FileNet WorkPlace XT could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server. | |||||
| CVE-2017-7281 | 1 Unitrends | 1 Enterprise Backup | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in Unitrends Enterprise Backup before 9.1.2. A lack of sanitization of user input in the createReportName and saveReport functions in recoveryconsole/bpl/reports.php allows for an authenticated user to create a randomly named file on disk with a user-controlled extension, contents, and path, leading to remote code execution, aka Unrestricted File Upload. | |||||
| CVE-2017-15990 | 1 Savsofteproducts | 1 Phpinventory | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Php Inventory & Invoice Management System allows Arbitrary File Upload via dashboard/edit_myaccountdetail/. | |||||
| CVE-2017-17987 | 1 Muslim Matrimonial Script Project | 1 Muslim Matrimonial Script | 2025-04-20 | 6.5 MEDIUM | 7.2 HIGH |
| PHP Scripts Mall Muslim Matrimonial Script allows arbitrary file upload via admin/mydetails_edit.php. | |||||
| CVE-2016-6124 | 1 Ibm | 1 Kenexa Lms On Cloud | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server. | |||||