Total
2650 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-43103 | 1 Diyhi | 1 Bbs | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| A File Upload vulnerability exists in bbs 5.3 is via ForumManageAction.java in a GetType function, which lets a remote malicious user execute arbitrary code. | |||||
| CVE-2021-43102 | 1 Diyhi | 1 Bbs | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| A File Upload vulnerability exists in bbs 5.3 is via HelpManageAction.java in a GetType function, which lets a remote malicious user execute arbitrary code. | |||||
| CVE-2021-43101 | 1 Diyhi | 1 Bbs | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| A File Upload vulnerability exists in bbs 5.3 is via MembershipCardManageAction.java in a GetType function, which lets a remote malicious user execute arbitrary code. | |||||
| CVE-2021-43100 | 1 Diyhi | 1 Bbs | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| A File Upload vulnerability exists in bbs 5.3 is via TopicManageAction.java in a GetType function, which lets a remote malicious user execute arbitrary code. | |||||
| CVE-2021-43098 | 1 Diyhi | 1 Bbs | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| A File Upload vulnerability exists in bbs v5.3 via QuestionManageAction.java in a getType function. | |||||
| CVE-2021-42967 | 1 Xxyopen | 1 Novel-plus | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Unrestricted file upload in /novel-admin/src/main/java/com/java2nb/common/controller/FileController.java in novel-plus all versions allows allows an attacker to upload malicious JSP files. | |||||
| CVE-2021-42840 | 1 Salesagility | 1 Suitecrm | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| SuiteCRM before 7.11.19 allows remote code execution via the system settings Log File Name setting. In certain circumstances involving admin account takeover, logger_file_name can refer to an attacker-controlled PHP file under the web root, because only the all-lowercase PHP file extensions were blocked. NOTE: this issue exists because of an incomplete fix for CVE-2020-28328. | |||||
| CVE-2021-42839 | 1 Vice | 1 Webopac | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| Grand Vice info Co. webopac7 file upload function fails to filter special characters. While logging in with general user’s permission, remote attackers can upload malicious script and execute arbitrary code to control the system or interrupt services. | |||||
| CVE-2021-42675 | 1 Kreado | 1 Kreasfero | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Kreado Kreasfero 1.5 does not properly sanitize uploaded files to the media directory. One can upload a malicious PHP file and obtain remote code execution. | |||||
| CVE-2021-42669 | 1 Engineers Online Portal Project | 1 Engineers Online Portal | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| A file upload vulnerability exists in Sourcecodester Engineers Online Portal in PHP via dashboard_teacher.php, which allows changing the avatar through teacher_avatar.php. Once an avatar gets uploaded it is getting uploaded to the /admin/uploads/ directory, and is accessible by all users. By uploading a php webshell containing "<?php system($_GET["cmd"]); ?>" the attacker can execute commands on the web server with - /admin/uploads/php-webshell?cmd=id. | |||||
| CVE-2021-42654 | 1 Sscms | 1 Siteserver Cms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SiteServer CMS < V5.1 is affected by an unrestricted upload of a file with dangerous type (getshell), which could be used to execute arbitrary code. | |||||
| CVE-2021-42645 | 1 Cmsimple-xh | 1 Cmsimple Xh | 2024-11-21 | 10.0 HIGH | 10.0 CRITICAL |
| CMSimple_XH 1.7.4 is affected by a remote code execution (RCE) vulnerability. To exploit this vulnerability, an attacker must use the "File" parameter to upload a PHP payload to get a reverse shell from the vulnerable host. | |||||
| CVE-2021-42362 | 1 Wordpress Popular Posts Project | 1 Wordpress Popular Posts | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| The WordPress Popular Posts WordPress plugin is vulnerable to arbitrary file uploads due to insufficient input file type validation found in the ~/src/Image.php file which makes it possible for attackers with contributor level access and above to upload malicious files that can be used to obtain remote code execution, in versions up to and including 5.3.2. | |||||
| CVE-2021-42342 | 1 Embedthis | 1 Goahead | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in GoAhead 4.x and 5.x before 5.1.5. In the file upload filter, user form variables can be passed to CGI scripts without being prefixed with the CGI prefix. This permits tunneling untrusted environment variables into vulnerable CGI scripts. | |||||
| CVE-2021-42171 | 1 Tribalsystems | 1 Zenario | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| Zenario CMS 9.0.54156 is vulnerable to File Upload. The web server can be compromised by uploading and executing a web-shell which can run commands, browse system files, browse local resources, attack other servers, and exploit the local vulnerabilities, and so forth. | |||||
| CVE-2021-42125 | 1 Ivanti | 1 Avalanche | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| An unrestricted file upload vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to write dangerous files. | |||||
| CVE-2021-42123 | 1 Businessdnasolutions | 1 Topease | 2024-11-21 | 6.5 MEDIUM | 7.3 HIGH |
| Unrestricted File Upload in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 in the File Upload Functions allows an authenticated remote attacker with Upload privileges to upload files with any file type, enabling client-side attacks. | |||||
| CVE-2021-42099 | 1 Zohocorp | 1 Manageengine M365 Manager Plus | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Zoho ManageEngine M365 Manager Plus before 4421 is vulnerable to file-upload remote code execution. | |||||
| CVE-2021-41938 | 1 Shopxo | 1 Shopxo | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| An issue was discovered in ShopXO CMS 2.2.0. After entering the management page, there is an arbitrary file upload vulnerability in three locations. | |||||
| CVE-2021-41921 | 1 Xxyopen | 1 Novel-plus | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| novel-plus V3.6.1 allows unrestricted file uploads. Unrestricted file suffixes and contents can lead to server attacks and arbitrary code execution. | |||||