Total
2650 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-23390 | 1 Diyhi | 1 Bbs Forum | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue in the getType function of BBS Forum v5.3 and below allows attackers to upload arbitrary files. | |||||
| CVE-2022-23375 | 1 Wikidocs | 1 Wikidocs | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| WikiDocs version 0.1.18 has an authenticated remote code execution vulnerability. An attacker can upload a malicious file using the image upload form through index.php. | |||||
| CVE-2022-23346 | 1 Bigantsoft | 1 Bigant Server | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| BigAnt Software BigAnt Server v5.6.06 was discovered to contain incorrect access control issues. | |||||
| CVE-2022-23329 | 1 Ujcms | 1 Jspxcms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability in ${"freemarker.template.utility.Execute"?new() of UJCMS Jspxcms v10.2.0 allows attackers to execute arbitrary commands via uploading malicious files. | |||||
| CVE-2022-23315 | 1 Mingsoft | 1 Mcms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| MCMS v5.2.4 was discovered to contain an arbitrary file upload vulnerability via the component /ms/template/writeFileContent.do. | |||||
| CVE-2022-23155 | 1 Dell | 1 Wyse Management Suite | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
| Dell Wyse Management Suite versions 2.0 through 3.5.2 contain an unrestricted file upload vulnerability. A malicious user with admin privileges can exploit this vulnerability in order to execute arbitrary code on the system. | |||||
| CVE-2022-23048 | 1 Exponentcms | 1 Exponent Cms | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| Exponent CMS 2.6.0patch2 allows an authenticated admin user to upload a malicious extension in the format of a ZIP file with a PHP file inside it. After upload it, the PHP file will be placed at "themes/simpletheme/{rce}.php" from where can be accessed in order to execute commands. | |||||
| CVE-2022-23043 | 1 Tribalsystems | 1 Zenario | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| Zenario CMS 9.2 allows an authenticated admin user to bypass the file upload restriction by creating a new 'File/MIME Types' using the '.phar' extension. Then an attacker can upload a malicious file, intercept the request and change the extension to '.phar' in order to run commands on the server. | |||||
| CVE-2022-23026 | 1 F5 | 2 Big-ip Advanced Web Application Firewall, Big-ip Application Acceleration Manager | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| On BIG-IP ASM & Advanced WAF version 16.1.x before 16.1.2, 15.1.x before 15.1.4.1, 14.1.x before 14.1.4.5, and all versions of 13.1.x and 12.1.x, an authenticated user with low privileges, such as a guest, can upload data using an undisclosed REST endpoint causing an increase in disk resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||
| CVE-2022-22952 | 2 Microsoft, Vmware | 2 Windows, Carbon Black App Control | 2024-11-21 | 9.0 HIGH | 9.1 CRITICAL |
| VMware Carbon Black App Control (8.5.x prior to 8.5.14, 8.6.x prior to 8.6.6, 8.7.x prior to 8.7.4 and 8.8.x prior to 8.8.2) contains a file upload vulnerability. A malicious actor with administrative access to the VMware App Control administration interface may be able to execute code on the Windows instance where AppC Server is installed by uploading a specially crafted file. | |||||
| CVE-2022-22929 | 1 Mingsoft | 1 Mcms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| MCMS v5.2.4 was discovered to have an arbitrary file upload vulnerability in the New Template module, which allows attackers to execute arbitrary code via a crafted ZIP file. | |||||
| CVE-2022-22482 | 1 Ibm | 1 Sterling B2b Integrator | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5 and 6.1.0.0 through 6.1.1.0 could allow an authenticated user to upload files that could fill up the filesystem and cause a denial of service. IBM X-Force ID: 225977. | |||||
| CVE-2022-22450 | 2 Ibm, Linux | 2 Security Verify Governance, Linux Kernel | 2024-11-21 | N/A | 3.8 LOW |
| IBM Security Verify Identity Manager 10.0 could allow a privileged user to upload a malicious file by bypassing extension security in an HTTP request. IBM X-Force ID: 224916. | |||||
| CVE-2022-22392 | 1 Ibm | 1 Planning Analytics Workspace | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| IBM Planning Analytics Local 2.0 could allow an attacker to upload arbitrary executable files which, when executed by an unsuspecting victim could result in code execution. IBM X-Force ID: 222066. | |||||
| CVE-2022-22375 | 3 Apple, Ibm, Microsoft | 3 Macos, Security Verify Privilege On-premises, Windows | 2024-11-21 | N/A | 7.2 HIGH |
| IBM Security Verify Privilege On-Premises 11.5 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 221681. | |||||
| CVE-2022-21809 | 1 Inhandnetworks | 2 Inrouter302, Inrouter302 Firmware | 2024-11-21 | 5.5 MEDIUM | 8.1 HIGH |
| A file write vulnerability exists in the httpd upload.cgi functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted HTTP request can lead to arbitrary file upload. An attacker can upload a malicious file to trigger this vulnerability. | |||||
| CVE-2022-20743 | 1 Cisco | 1 Firepower Management Center | 2024-11-21 | 9.0 HIGH | 6.5 MEDIUM |
| A vulnerability in the web management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to bypass security protections and upload malicious files to the affected system. This vulnerability is due to improper validation of files uploaded to the web management interface of Cisco FMC Software. An attacker could exploit this vulnerability by uploading a maliciously crafted file to a device running affected software. A successful exploit could allow the attacker to store malicious files on the device, which they could access later to conduct additional attacks, including executing arbitrary code on the affected device with root privileges. | |||||
| CVE-2022-1952 | 1 Syntactics | 1 Free Booking Plugin For Hotels\, Restaurant And Car Rental | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The Free Booking Plugin for Hotels, Restaurant and Car Rental WordPress plugin before 1.1.16 suffers from insufficient input validation which leads to arbitrary file upload and subsequently to remote code execution. An AJAX action accessible to unauthenticated users is affected by this issue. An allowlist of valid file extensions is defined but is not used during the validation steps. | |||||
| CVE-2022-1939 | 1 Allow Svg Files Project | 1 Allow Svg Files | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| The Allow svg files WordPress plugin before 1.1 does not properly validate uploaded files, which could allow high privilege users such as admin to upload PHP files even when they are not allowed to | |||||
| CVE-2022-1837 | 1 Home Clean Services Management System Project | 1 Home Clean Services Management System | 2024-11-21 | 6.5 MEDIUM | 4.7 MEDIUM |
| A vulnerability was found in Home Clean Services Management System 1.0. It has been rated as critical. Affected by this issue is register.php?link=registerand. The manipulation with the input <?php phpinfo();?> leads to code execution. The attack may be launched remotely but demands an authentication. Exploit details have been disclosed to the public. | |||||