Vulnerabilities (CVE)

Filtered by CWE-434
Total 2646 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-52429 1 Antonhoelstad 1 Wp Quick Setup 2024-11-20 N/A 8.8 HIGH
Unrestricted Upload of File with Dangerous Type vulnerability in Anton Hoelstad WP Quick Setup allows Upload a Web Shell to a Web Server.This issue affects WP Quick Setup: from n/a through 2.0.
CVE-2024-11311 1 Trcore 1 Dvc 2024-11-20 N/A 9.8 CRITICAL
The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbitrary files to any directory, leading to arbitrary code execution by uploading webshells.
CVE-2024-11312 1 Trcore 1 Dvc 2024-11-20 N/A 9.8 CRITICAL
The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbitrary files to any directory, leading to arbitrary code execution by uploading webshells.
CVE-2024-11313 1 Trcore 1 Dvc 2024-11-20 N/A 9.8 CRITICAL
The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbitrary files to any directory, leading to arbitrary code execution by uploading webshells.
CVE-2024-11314 1 Trcore 1 Dvc 2024-11-20 N/A 9.8 CRITICAL
The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbitrary files to any directory, leading to arbitrary code execution by uploading webshells.
CVE-2024-11315 1 Trcore 1 Dvc 2024-11-20 N/A 9.8 CRITICAL
The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbitrary files to any directory, leading to arbitrary code execution by uploading webshells.
CVE-2024-51743 2024-11-19 N/A 8.8 HIGH
MarkUs is a web application for the submission and grading of student assignments. In versions prior to 2.4.8, an arbitrary file write vulnerability in the update/upload/create file methods in Controllers allows authenticated instructors to write arbitrary files to any location on the web server MarkUs is running on (depending on the permissions of the underlying filesystem). e.g. This can lead to a delayed remote code execution in case an attacker is able to write a Ruby file into the config/initializers/ subfolder of the Ruby on Rails application. MarkUs v2.4.8 has addressed this issue. No known workarounds are available at the application level aside from upgrading.
CVE-2024-51499 2024-11-19 N/A N/A
MarkUs is a web application for the submission and grading of student assignments. In versions prior to 2.4.8, an arbitrary file write vulnerability accessible via the update_files method of the SubmissionsController allows authenticated users (e.g. students) to write arbitrary files to any location on the web server MarkUs is running on (depending on the permissions of the underlying filesystem). e.g. This can lead to a delayed remote code execution in case an attacker is able to write a Ruby file into the config/initializers/ subfolder of the Ruby on Rails application. MarkUs v2.4.8 has addressed this issue. No known workarounds are available at the application level aside from upgrading.
CVE-2024-11211 1 Eyoucms 1 Eyoucms 2024-11-19 5.8 MEDIUM 7.2 HIGH
A vulnerability classified as critical has been found in EyouCMS up to 1.6.7. Affected is an unknown function of the component Website Logo Handler. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-10820 1 Vanquish 1 Woocommerce Upload Files 2024-11-19 N/A 9.8 CRITICAL
The WooCommerce Upload Files plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the upload_files() function in all versions up to, and including, 84.3. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
CVE-2024-11214 1 Mayurik 1 Best Employee Management System 2024-11-19 5.8 MEDIUM 7.2 HIGH
A vulnerability has been found in SourceCodester Best Employee Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/profile.php. The manipulation of the argument website_image leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The initial researcher disclosure contains confusing vulnerability classes.
CVE-2024-42676 1 Isellerpal 1 Enterprise Resource Management System 2024-11-18 N/A 8.8 HIGH
File Upload vulnerability in Huizhi enterprise resource management system v.1.0 and before allows a remote attacker to execute arbitrary code via the /nssys/common/Upload. Aspx? Action=DNPageAjaxPostBack component
CVE-2024-11018 1 Vice 1 Webopac 2024-11-18 N/A 9.8 CRITICAL
Webopac from Grand Vice info does not properly validate uploaded file types, allowing unauthenticated remote attackers to upload and execute webshells, which could lead to arbitrary code execution on the server.
CVE-2024-11017 1 Vice 1 Webopac 2024-11-18 N/A 8.8 HIGH
Webopac from Grand Vice info does not properly validate uploaded file types, allowing remote attackers with regular privileges to upload and execute webshells, which could lead to arbitrary code execution on the server.
CVE-2024-10993 1 Codezips 1 Online Institute Management System 2024-11-18 6.5 MEDIUM 8.8 HIGH
A vulnerability, which was classified as critical, was found in Codezips Online Institute Management System 1.0. Affected is an unknown function of the file /manage_website.php. The manipulation of the argument website_image leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2024-10994 1 Codezips 1 Online Institute Management System 2024-11-18 6.5 MEDIUM 8.8 HIGH
A vulnerability has been found in Codezips Online Institute Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /edit_user.php. The manipulation of the argument image leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2024-52406 2024-11-18 N/A 9.9 CRITICAL
Unrestricted Upload of File with Dangerous Type vulnerability in Wibergs Web CSV to html allows Upload a Web Shell to a Web Server.This issue affects CSV to html: from n/a through 3.04.
CVE-2024-52407 2024-11-18 N/A 9.9 CRITICAL
Unrestricted Upload of File with Dangerous Type vulnerability in codeSavory BasePress Migration Tools allows Upload a Web Shell to a Web Server.This issue affects BasePress Migration Tools: from n/a through 1.0.0.
CVE-2024-52400 2024-11-18 N/A 9.9 CRITICAL
Unrestricted Upload of File with Dangerous Type vulnerability in Subhasis Laha Gallerio allows Upload a Web Shell to a Web Server.This issue affects Gallerio: from n/a through 1.01.
CVE-2024-52399 2024-11-18 N/A 9.9 CRITICAL
Unrestricted Upload of File with Dangerous Type vulnerability in Clarisse K. Writer Helper allows Upload a Web Shell to a Web Server.This issue affects Writer Helper: from n/a through 3.1.6.