Total
2650 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-37346 | 1 Ec-cube | 1 Product Image Bulk Upload | 2024-11-21 | N/A | 9.8 CRITICAL |
| EC-CUBE plugin 'Product Image Bulk Upload Plugin' 1.0.0 and 4.1.0 contains an insufficient verification vulnerability when uploading files. Exploiting this vulnerability allows a remote unauthenticated attacker to upload arbitrary files other than image files. If a user with an administrative privilege of EC-CUBE where the vulnerable plugin is installed is led to upload a specially crafted file, an arbitrary script may be executed on the system. | |||||
| CVE-2022-37184 | 1 Garage Management System Project | 1 Garage Management System | 2024-11-21 | N/A | 8.8 HIGH |
| The application manage_website.php on Garage Management System 1.0 is vulnerable to Shell File Upload. The already authenticated malicious user, can upload a dangerous RCE or LCE exploit file. | |||||
| CVE-2022-37181 | 1 72crm | 1 Wukong Crm | 2024-11-21 | N/A | 9.8 CRITICAL |
| 72crm 9.0 has an Arbitrary file upload vulnerability. | |||||
| CVE-2022-37159 | 1 Claroline | 1 Claroline | 2024-11-21 | N/A | 9.8 CRITICAL |
| Claroline 13.5.7 and prior is vulnerable to Remote code execution via arbitrary file upload. | |||||
| CVE-2022-37140 | 1 Techvill | 1 Paymoney | 2024-11-21 | N/A | 8.0 HIGH |
| PayMoney 3.3 is vulnerable to Client Side Remote Code Execution (RCE). The vulnerability exists on the reply ticket function and upload the malicious file. A calculator will open when the victim who download the file open the RTF file. | |||||
| CVE-2022-36769 | 2 Ibm, Redhat | 2 Cloud Pak For Data, Openshift | 2024-11-21 | N/A | 7.2 HIGH |
| IBM Cloud Pak for Data 4.5 and 4.6 could allow a privileged user to upload malicious files of dangerous types that can be automatically processed within the product's environment. IBM X-Force ID: 232034. | |||||
| CVE-2022-36667 | 1 Garage Management System Project | 1 Garage Management System | 2024-11-21 | N/A | 8.8 HIGH |
| Garage Management System 1.0 is vulnerable to the Remote Code Execution (RCE) due to the lack of filtering from the file upload function. The vulnerability exist during adding parts and from the upload function, the attacker can upload PHP Reverse Shell straight away to gain RCE. | |||||
| CVE-2022-36582 | 1 Garage Management System Project | 1 Garage Management System | 2024-11-21 | N/A | 7.2 HIGH |
| An arbitrary file upload vulnerability in the component /php_action/createProduct.php of Garage Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. | |||||
| CVE-2022-36580 | 1 Online Ordering System Project | 1 Online Ordering System | 2024-11-21 | N/A | 7.2 HIGH |
| An arbitrary file upload vulnerability in the component /admin/products/controller.php?action=add of Online Ordering System v2.3.2 allows attackers to execute arbitrary code via a crafted PHP file. | |||||
| CVE-2022-36557 | 1 Seiko-sol | 4 Skybridge Mb-a100, Skybridge Mb-a100 Firmware, Skybridge Mb-a110 and 1 more | 2024-11-21 | N/A | 9.8 CRITICAL |
| Seiko SkyBridge MB-A100/A110 v4.2.0 and below was discovered to contain an arbitrary file upload vulnerability via the restore backup function. This vulnerability allows attackers to execute arbitrary code via a crafted html file. | |||||
| CVE-2022-36452 | 1 Mitel | 1 Micollab | 2024-11-21 | N/A | 9.8 CRITICAL |
| A vulnerability in the web conferencing component of Mitel MiCollab through 9.5.0.101 could allow an unauthenticated attacker to upload malicious files. A successful exploit could allow an attacker to execute arbitrary code within the context of the application. | |||||
| CVE-2022-36431 | 1 Rocketsoftware | 1 Trufusion | 2024-11-21 | N/A | 9.8 CRITICAL |
| An arbitrary file upload vulnerability in Rocket TRUfusion Enterprise before 7.9.6.1 allows unauthenticated attackers to execute arbitrary code via a crafted JSP file. Issue fixed in version 7.9.6.1. | |||||
| CVE-2022-36386 | 1 Soflyy | 1 Wp All Import | 2024-11-21 | N/A | 9.1 CRITICAL |
| Authenticated Arbitrary Code Execution vulnerability in Soflyy Import any XML or CSV File to WordPress plugin <= 3.6.7 at WordPress. | |||||
| CVE-2022-36285 | 1 Uploading Svg\, Webp And Ico Files Project | 1 Uploading Svg\, Webp And Ico Files | 2024-11-21 | N/A | 7.2 HIGH |
| Authenticated Arbitrary File Upload vulnerability in dmitrylitvinov Uploading SVG, WEBP and ICO files plugin <= 1.0.1 at WordPress. | |||||
| CVE-2022-36264 | 1 Airspan | 2 Airspot 5410, Airspot 5410 Firmware | 2024-11-21 | N/A | 9.1 CRITICAL |
| In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists an Unauthenticated remote Arbitrary File Upload vulnerability which allows overwriting arbitrary files. A malicious actor can remotely upload a file of their choice and overwrite any file in the system by manipulating the filename and append a relative path that will be interpreted during the upload process. Using this method, it is possible to rewrite any file in the system or upload a new file. | |||||
| CVE-2022-36066 | 1 Discourse | 1 Discourse | 2024-11-21 | N/A | 9.1 CRITICAL |
| Discourse is an open source discussion platform. In versions prior to 2.8.9 on the `stable` branch and prior to 2.9.0.beta10 on the `beta` and `tests-passed` branches, admins can upload a maliciously crafted Zip or Gzip Tar archive to write files at arbitrary locations and trigger remote code execution. The problem is patched in version 2.8.9 on the `stable` branch and version 2.9.0.beta10 on the `beta` and `tests-passed` branches. There are no known workarounds. | |||||
| CVE-2022-35426 | 1 Ucms Project | 1 Ucms | 2024-11-21 | N/A | 9.8 CRITICAL |
| UCMS 1.6 is vulnerable to arbitrary file upload via ucms/sadmin/file PHP file. | |||||
| CVE-2022-35150 | 1 Baijiacms Project | 1 Baijiacms | 2024-11-21 | N/A | 9.8 CRITICAL |
| Baijicms v4 was discovered to contain an arbitrary file upload vulnerability. | |||||
| CVE-2022-34971 | 1 Feehi | 1 Feehi Cms | 2024-11-21 | N/A | 8.8 HIGH |
| An arbitrary file upload vulnerability in the Advertising Management module of Feehi CMS v2.1.1 allows attackers to execute arbitrary code via a crafted PHP file. | |||||
| CVE-2022-34965 | 1 Openteknik | 1 Open Source Social Network | 2024-11-21 | N/A | 7.2 HIGH |
| OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain an arbitrary file upload vulnerability via the component /ossn/administrator/com_installer. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. Note: The project owner believes this is intended behavior of the application as it only allows authenticated admins to upload files. | |||||