Total
2451 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-45171 | 1 Liveboxcloud | 1 Vdesk | 2024-08-26 | N/A | 8.8 HIGH |
An issue was discovered in LIVEBOX Collaboration vDesk through v018. An Unrestricted Upload of a File with a Dangerous Type can occur under the vShare web site section. A remote user, authenticated to the product, can arbitrarily upload potentially dangerous files without restrictions. | |||||
CVE-2024-22060 | 2024-08-25 | N/A | 8.7 HIGH | ||
An unrestricted file upload vulnerability in web component of Ivanti Neurons for ITSM allows a remote, authenticated, high privileged user to write arbitrary files into sensitive directories of ITSM server. | |||||
CVE-2024-42523 | 2024-08-23 | N/A | 7.2 HIGH | ||
publiccms V4.0.202302.e and before is vulnerable to Any File Upload via publiccms/admin/cmsTemplate/saveMetaData | |||||
CVE-2024-6114 | 1 Janobe | 1 Monbela Tourist Inn Online Reservation System | 2024-08-23 | 7.5 HIGH | 9.8 CRITICAL |
A vulnerability classified as critical has been found in itsourcecode Monbela Tourist Inn Online Reservation System up to 1.0. Affected is an unknown function of the file controller.php. The manipulation of the argument image leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-268866 is the identifier assigned to this vulnerability. | |||||
CVE-2024-7329 | 1 Youdiancms | 1 Youdiancms | 2024-08-23 | 6.5 MEDIUM | 9.8 CRITICAL |
A vulnerability, which was classified as critical, was found in YouDianCMS 7. Affected is an unknown function of the file /Public/ckeditor/plugins/multiimage/dialogs/image_upload.php. The manipulation of the argument files leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-273252. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
CVE-2024-42767 | 2024-08-23 | N/A | 7.2 HIGH | ||
Kashipara Hotel Management System v1.0 is vulnerable to Unrestricted File Upload RCE via /admin/add_room_controller.php. | |||||
CVE-2024-42780 | 1 Lopalopa | 1 Music Management System | 2024-08-23 | N/A | 8.8 HIGH |
An Unrestricted file upload vulnerability was found in "/music/ajax.php?action=save_genre" in Kashipara Music Management System v1.0. This allows attackers to execute arbitrary code via uploading a crafted PHP file. | |||||
CVE-2024-42777 | 1 Lopalopa | 1 Music Management System | 2024-08-23 | N/A | 9.8 CRITICAL |
An Unrestricted file upload vulnerability was found in "/music/ajax.php?action=signup" of Kashipara Music Management System v1.0, which allows attackers to execute arbitrary code via uploading a crafted PHP file. | |||||
CVE-2024-42779 | 1 Lopalopa | 1 Music Management System | 2024-08-23 | N/A | 8.8 HIGH |
An Unrestricted file upload vulnerability was found in "/music/ajax.php?action=save_music" in Kashipara Music Management System v1.0. This allows attackers to execute arbitrary code via uploading a crafted PHP file. | |||||
CVE-2024-7192 | 1 Angeljudesuarez | 1 Society Management System | 2024-08-23 | 6.5 MEDIUM | 8.8 HIGH |
A vulnerability, which was classified as critical, was found in itsourcecode Society Management System 1.0. This affects an unknown part of the file /admin/student.php. The manipulation of the argument image leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-272613 was assigned to this vulnerability. | |||||
CVE-2024-7189 | 1 Kevinwong | 1 Online Food Ordering System | 2024-08-23 | 6.5 MEDIUM | 9.8 CRITICAL |
A vulnerability classified as critical has been found in itsourcecode Online Food Ordering System 1.0. Affected is an unknown function of the file editproduct.php. The manipulation of the argument photo leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-272610 is the identifier assigned to this vulnerability. | |||||
CVE-2024-6115 | 1 Clivedelacruz | 1 Simple Online Hotel Reservation System | 2024-08-23 | 7.5 HIGH | 9.8 CRITICAL |
A vulnerability classified as critical was found in itsourcecode Simple Online Hotel Reservation System 1.0. Affected by this vulnerability is an unknown functionality of the file add_room.php. The manipulation of the argument photo leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-268867. | |||||
CVE-2024-6116 | 1 Clivedelacruz | 1 Simple Online Hotel Reservation System | 2024-08-23 | 7.5 HIGH | 9.8 CRITICAL |
A vulnerability, which was classified as critical, has been found in itsourcecode Simple Online Hotel Reservation System 1.0. Affected by this issue is some unknown functionality of the file edit_room.php. The manipulation of the argument photo leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-268868. | |||||
CVE-2020-22539 | 2024-08-22 | N/A | 7.2 HIGH | ||
An arbitrary file upload vulnerability in the Add Category function of Codoforum v4.9 allows attackers to execute arbitrary code via uploading a crafted file. | |||||
CVE-2024-36811 | 2024-08-22 | N/A | 8.8 HIGH | ||
An arbitrary file upload vulnerability in the image upload function of aimeos-core v2024.04 allows attackers to execute arbitrary code via uploading a crafted PHP file. | |||||
CVE-2024-28441 | 2024-08-22 | N/A | 9.8 CRITICAL | ||
File Upload vulnerability in magicflue v.7.0 and before allows a remote attacker to execute arbitrary code via a crafted request to the messageid parameter of the mail/mailupdate.jsp endpoint. | |||||
CVE-2024-42778 | 1 Lopalopa | 1 Music Management System | 2024-08-22 | N/A | 8.8 HIGH |
An Unrestricted file upload vulnerability was found in "/music/ajax.php?action=save_playlist" in Kashipara Music Management System v1.0. This allows attackers to execute arbitrary code via uploading a crafted PHP file. | |||||
CVE-2024-31411 | 1 Apache | 1 Streampipes | 2024-08-22 | N/A | 8.8 HIGH |
Unrestricted Upload of File with dangerous type vulnerability in Apache StreamPipes. Such a dangerous type might be an executable file that may lead to a remote code execution (RCE). The unrestricted upload is only possible for authenticated and authorized users. This issue affects Apache StreamPipes: through 0.93.0. Users are recommended to upgrade to version 0.95.0, which fixes the issue. | |||||
CVE-2024-7706 | 1 Mainwww | 1 Mwcms | 2024-08-22 | 5.8 MEDIUM | 2.7 LOW |
A vulnerability was found in Fujian mwcms 1.0.0. It has been rated as critical. Affected by this issue is the function uploadimage of the file /uploadfile.html. The manipulation of the argument upfile leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
CVE-2024-7384 | 2024-08-22 | N/A | 7.5 HIGH | ||
The AcyMailing – An Ultimate Newsletter Plugin and Marketing Automation Solution for WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the acym_extractArchive function in all versions up to, and including, 9.7.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. |