Total
2650 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-31854 | 1 Codologic | 1 Codoforum | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| Codoforum v5.1 was discovered to contain an arbitrary file upload vulnerability via the logo change option in the admin panel. | |||||
| CVE-2022-31374 | 1 Contec | 2 Sv-cpt-mc310, Sv-cpt-mc310 Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An arbitrary file upload vulnerability /images/background/1.php in of SolarView Compact 6.0 allows attackers to execute arbitrary code via a crafted php file. | |||||
| CVE-2022-31366 | 1 Eve-ng | 1 Eve-ng | 2024-11-21 | N/A | 7.2 HIGH |
| An arbitrary file upload vulnerability in the apiImportLabs function in api_labs.php of EVE-NG 2.0.3-112 Community allows attackers to execute arbitrary code via a crafted UNL file. | |||||
| CVE-2022-31362 | 1 Docebo | 1 Docebo | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Docebo Community Edition v4.0.5 and below was discovered to contain an arbitrary file upload vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | |||||
| CVE-2022-31134 | 1 Zulip | 1 Zulip Server | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
| Zulip is an open-source team collaboration tool. Zulip Server versions 2.1.0 above have a user interface tool, accessible only to server owners and server administrators, which provides a way to download a "public data" export. While this export is only accessible to administrators, in many configurations server administrators are not expected to have access to private messages and private streams. However, the "public data" export which administrators could generate contained the attachment contents for all attachments, even those from private messages and streams. Zulip Server version 5.4 contains a patch for this issue. | |||||
| CVE-2022-31086 | 2 Debian, Ldap-account-manager | 2 Debian Linux, Ldap Account Manager | 2024-11-21 | 6.0 MEDIUM | 8.8 HIGH |
| LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory. In versions prior to 8.0 incorrect regular expressions allow to upload PHP scripts to config/templates/pdf. This vulnerability could lead to a Remote Code Execution if the /config/templates/pdf/ directory is accessible for remote users. This is not a default configuration of LAM. This issue has been fixed in version 8.0. There are no known workarounds for this issue. | |||||
| CVE-2022-31041 | 1 Maykinmedia | 1 Open Forms | 2024-11-21 | 4.0 MEDIUM | 7.6 HIGH |
| Open Forms is an application for creating and publishing smart forms. Open Forms supports file uploads as one of the form field types. These fields can be configured to allow only certain file extensions to be uploaded by end users (e.g. only PDF / Excel / ...). The input validation of uploaded files is insufficient in versions prior to 1.0.9 and 1.1.1. Users could alter or strip file extensions to bypass this validation. This results in files being uploaded to the server that are of a different file type than indicated by the file name extension. These files may be downloaded (manually or automatically) by staff and/or other applications for further processing. Malicious files can therefore find their way into internal/trusted networks. Versions 1.0.9 and 1.1.1 contain patches for this issue. As a workaround, an API gateway or intrusion detection solution in front of open-forms may be able to scan for and block malicious content before it reaches the Open Forms application. | |||||
| CVE-2022-30887 | 1 Pharmacy Management System Project | 1 Pharmacy Management System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Pharmacy Management System v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the component /php_action/editProductImage.php. This vulnerability allows attackers to execute arbitrary code via a crafted image file. | |||||
| CVE-2022-30860 | 1 Fudforum | 1 Fudforum | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| FUDforum 3.1.2 is vulnerable to Remote Code Execution through Upload File feature of File Administration System in Admin Control Panel. | |||||
| CVE-2022-30822 | 1 Wedding Management System Project | 1 Wedding Management System | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| In Wedding Management System v1.0, there is an arbitrary file upload vulnerability in the picture upload point of "users_profile.php" file. | |||||
| CVE-2022-30821 | 1 Wedding Management System Project | 1 Wedding Management System | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| In Wedding Management System v1.0, the editing function of the "Services" module in the background management system has an arbitrary file upload vulnerability in the picture upload point of "package_edit.php" file. | |||||
| CVE-2022-30820 | 1 Wedding Management System Project | 1 Wedding Management System | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| In Wedding Management v1.0, there is an arbitrary file upload vulnerability in the picture upload point of "users_edit.php" file. | |||||
| CVE-2022-30819 | 1 Wedding Management System Project | 1 Wedding Management System | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| In Wedding Management System v1.0, there is an arbitrary file upload vulnerability in the picture upload point of "photos_edit.php" file. | |||||
| CVE-2022-30808 | 1 Elitecms | 1 Elite Cms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| elitecms 1.0.1 is vulnerable to Arbitrary code execution via admin/manage_uploads.php. | |||||
| CVE-2022-30529 | 1 Isic.lk Project | 1 Isic.lk | 2024-11-21 | N/A | 7.2 HIGH |
| File upload vulnerability in asith-eranga ISIC tour booking through version published on Feb 13th 2018, allows attackers to upload arbitrary files via /system/application/libs/js/tinymce/plugins/filemanager/dialog.php and /system/application/libs/js/tinymce/plugins/filemanager/upload.php. | |||||
| CVE-2022-30506 | 1 Mingsoft | 1 Mcms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An arbitrary file upload vulnerability was discovered in MCMS 5.2.7, allowing an attacker to execute arbitrary code through a crafted ZIP file. | |||||
| CVE-2022-30448 | 1 Hospital Management System Project | 1 Hospital Management System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Hospital Management System in PHP with Source Code (HMS) 1.0 was discovered to contain a File upload vulnerability in treatmentrecord.php. | |||||
| CVE-2022-30423 | 1 Merchandise Online Store Project | 1 Merchandise Online Store | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Merchandise Online Store v1.0 by oretnom23 has an arbitrary code execution (RCE) vulnerability in the user profile upload point in the system information. | |||||
| CVE-2022-30216 | 1 Microsoft | 4 Windows 10, Windows 11, Windows Server 2016 and 1 more | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Windows Server Service Tampering Vulnerability | |||||
| CVE-2022-30007 | 1 Gxcms Project | 1 Gxcms | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| GXCMS V1.5 has a file upload vulnerability in the background. The vulnerability is the template management page. You can edit any template content and then rename to PHP suffix file, after calling PHP file can control the server. | |||||