Total
2650 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-34613 | 1 Mealie Project | 1 Mealie | 2024-11-21 | N/A | 9.8 CRITICAL |
| Mealie 1.0.0beta3 contains an arbitrary file upload vulnerability which allows attackers to execute arbitrary code via a crafted file. | |||||
| CVE-2022-34578 | 1 Opensourcepos | 1 Open Source Point Of Sale | 2024-11-21 | N/A | 7.2 HIGH |
| Open Source Point of Sale v3.3.7 was discovered to contain an arbitrary file upload vulnerability via the Update Branding Settings page. | |||||
| CVE-2022-34549 | 1 Sims Project | 1 Sims | 2024-11-21 | N/A | 8.8 HIGH |
| Sims v1.0 was discovered to contain an arbitrary file upload vulnerability via the component /uploadServlet. This vulnerability allows attackers to escalate privileges and execute arbitrary commands via a crafted file. | |||||
| CVE-2022-34496 | 1 Hiby | 4 Hiby R3 Pro, Hiby R3 Pro Firmware, Hiby R3 Pro Saber and 1 more | 2024-11-21 | N/A | 9.8 CRITICAL |
| Hiby R3 PRO firmware v1.5 to v1.7 was discovered to contain a file upload vulnerability via the file upload feature. | |||||
| CVE-2022-34154 | 1 Ideastocode | 1 Enable Svg\, Webp \& Ico Upload | 2024-11-21 | N/A | 7.2 HIGH |
| Authenticated (author or higher user role) Arbitrary File Upload vulnerability in ideasToCode Enable SVG, WebP & ICO Upload plugin <= 1.0.1 at WordPress. | |||||
| CVE-2022-34128 | 1 Glpi-project | 1 Positions | 2024-11-21 | N/A | 9.8 CRITICAL |
| The Cartography (aka positions) plugin before 6.0.1 for GLPI allows remote code execution via PHP code in the POST data to front/upload.php. | |||||
| CVE-2022-34120 | 1 Barangay Management System Project | 1 Barangay Management System | 2024-11-21 | N/A | 7.2 HIGH |
| Barangay Management System v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the module editing function at /pages/activity/activity.php. | |||||
| CVE-2022-34115 | 1 Dataease Project | 1 Dataease | 2024-11-21 | N/A | 9.8 CRITICAL |
| DataEase v1.11.1 was discovered to contain a arbitrary file write vulnerability via the parameter dataSourceId. | |||||
| CVE-2022-34024 | 1 Barangay Management System Project | 1 Barangay Management System | 2024-11-21 | N/A | 7.2 HIGH |
| Barangay Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via the resident module editing function at /bmis/pages/resident/resident.php. | |||||
| CVE-2022-33859 | 1 Eaton | 1 Foreseer Electrical Power Monitoring System | 2024-11-21 | N/A | 8.1 HIGH |
| A security vulnerability was discovered in the Eaton Foreseer EPMS software. Foreseer EPMS connects an operation’s vast array of devices to assist in the reduction of energy consumption and avoid unplanned downtime caused by the failures of critical systems. A threat actor may upload arbitrary files using the file upload feature. This vulnerability is present in versions 4.x, 5.x, 6.x & 7.0 to 7.5. A new version (v7.6) containing the remediation has been made available by Eaton and a mitigation has been provided for the affected versions that are currently supported. Customers are advised to update the software to the latest version (v7.6). Foreseer EPMS versions 4.x, 5.x, 6.x are no longer supported by Eaton. Please refer to the End-of-Support notification https://www.eaton.com/in/en-us/catalog/services/foreseer/foreseer-legacy.html . | |||||
| CVE-2022-33166 | 1 Ibm | 1 Security Directory Suite Va | 2024-11-21 | N/A | 7.2 HIGH |
| IBM Security Directory Suite VA 8.0.1 through 8.0.1.19 could allow a privileged user to upload malicious files of dangerous types that can be automatically processed within the product's environment. IBM X-Force ID: 228586. | |||||
| CVE-2022-32994 | 1 Halo | 1 Halo | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Halo CMS v1.5.3 was discovered to contain an arbitrary file upload vulnerability via the component /api/admin/attachments/upload. | |||||
| CVE-2022-32433 | 1 Advanced School Management System Project | 1 Advanced School Management System | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| itsourcecode Advanced School Management System v1.0 is vulnerable to Arbitrary code execution via ip/school/view/all_teacher.php. | |||||
| CVE-2022-32413 | 1 Dice Project | 1 Dice | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An arbitrary file upload vulnerability in Dice v4.2.0 allows attackers to execute arbitrary code via a crafted file. | |||||
| CVE-2022-32177 | 1 Gin-vue-admin Project | 1 Gin-vue-admin | 2024-11-21 | N/A | 9.0 CRITICAL |
| In "Gin-Vue-Admin", versions v2.5.1 through v2.5.3beta are vulnerable to Unrestricted File Upload that leads to execution of javascript code, through the 'Normal Upload' functionality to the Media Library. When an admin user views the uploaded file, a low privilege attacker will get access to the admin’s cookie leading to account takeover. | |||||
| CVE-2022-32176 | 1 Gin-vue-admin Project | 1 Gin-vue-admin | 2024-11-21 | N/A | 9.0 CRITICAL |
| In "Gin-Vue-Admin", versions v2.5.1 through v2.5.3b are vulnerable to Unrestricted File Upload that leads to execution of javascript code, through the "Compress Upload" functionality to the Media Library. When an admin user views the uploaded file, a low privilege attacker will get access to the admin's cookie leading to account takeover. | |||||
| CVE-2022-32119 | 1 Arox | 1 School Erp Pro | 2024-11-21 | N/A | 8.8 HIGH |
| Arox School ERP Pro v1.0 was discovered to contain multiple arbitrary file upload vulnerabilities via the Add Photo function at photogalleries.inc.php and the import staff excel function at 1finance_master.inc.php. | |||||
| CVE-2022-32114 | 1 Strapi | 1 Strapi | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| An unrestricted file upload vulnerability in the Add New Assets function of Strapi 4.1.12 allows attackers to conduct XSS attacks via a crafted PDF file. NOTE: the project documentation suggests that a user with the Media Library "Create (upload)" permission is supposed to be able to upload PDF files containing JavaScript, and that all files in a public assets folder are accessible to the outside world (unless the filename begins with a dot character). The administrator can choose to allow only image, video, and audio files (i.e., not PDF) if desired. | |||||
| CVE-2022-32019 | 1 Car Rental Management System Project | 1 Car Rental Management System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Car Rental Management System v1.0 is vulnerable to Arbitrary code execution via car-rental-management-system/admin/ajax.php?action=save_car. | |||||
| CVE-2022-31943 | 1 Mingsoft | 1 Mcms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| MCMS v5.2.8 was discovered to contain an arbitrary file upload vulnerability. | |||||