CVE-2023-38836

Public exploit
File Upload vulnerability in BoidCMS v.2.0.0 allows a remote attacker to execute arbitrary code by adding a GIF header to bypass MIME type checks.
Max CVSS
8.8
EPSS Score
71.25%
Published
2023-08-21
Updated
2023-10-10

CVE-2023-28128

Public exploit
An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.3.x and below that could allow an attacker to achieve a remove code execution.
Max CVSS
7.2
EPSS Score
31.06%
Published
2023-05-09
Updated
2023-05-16

CVE-2023-5360

Public exploit
The Royal Elementor Addons and Templates WordPress plugin before 1.3.79 does not properly validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as PHP and achieve RCE.
Max CVSS
9.8
EPSS Score
96.72%
Published
2023-10-31
Updated
2023-11-29

CVE-2023-2068

Public exploit
The File Manager Advanced Shortcode WordPress plugin through 2.3.2 does not adequately prevent uploading files with disallowed MIME types when using the shortcode. This leads to RCE in cases where the allowed MIME type list does not include PHP files. In the worst case, this is available to unauthenticated users.
Max CVSS
9.8
EPSS Score
28.82%
Published
2023-06-27
Updated
2023-08-02

CVE-2022-41352

Known exploited
Public exploit
An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0. An attacker can upload arbitrary files through amavis via a cpio loophole (extraction to /opt/zimbra/jetty/webapps/zimbra/public) that can lead to incorrect access to any other user accounts. Zimbra recommends pax over cpio. Also, pax is in the prerequisites of Zimbra on Ubuntu; however, pax is no longer part of a default Red Hat installation after RHEL 6 (or CentOS 6). Once pax is installed, amavis automatically prefers it over cpio.
Max CVSS
9.8
EPSS Score
95.69%
Published
2022-09-26
Updated
2024-02-01
CISA KEV Added
2022-10-20

CVE-2022-29464

Known exploited
Public exploit
Used for ransomware
Certain WSO2 products allow unrestricted file upload with resultant remote code execution. The attacker must use a /fileupload endpoint with a Content-Disposition directory traversal sequence to reach a directory under the web root, such as a ../../../../repository/deployment/server/webapps directory. This affects WSO2 API Manager 2.2.0 up to 4.0.0, WSO2 Identity Server 5.2.0 up to 5.11.0, WSO2 Identity Server Analytics 5.4.0, 5.4.1, 5.5.0 and 5.6.0, WSO2 Identity Server as Key Manager 5.3.0 up to 5.11.0, WSO2 Enterprise Integrator 6.2.0 up to 6.6.0, WSO2 Open Banking AM 1.4.0 up to 2.0.0 and WSO2 Open Banking KM 1.4.0, up to 2.0.0.
Max CVSS
10.0
EPSS Score
97.15%
Published
2022-04-18
Updated
2023-10-23
CISA KEV Added
2022-04-25

CVE-2022-27925

Known exploited
Public exploit
Zimbra Collaboration (aka ZCS) 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts files from it. An authenticated user with administrator rights has the ability to upload arbitrary files to the system, leading to directory traversal.
Max CVSS
7.2
EPSS Score
96.50%
Published
2022-04-21
Updated
2022-10-28
CISA KEV Added
2022-08-11

CVE-2022-26352

Known exploited
Public exploit
Used for ransomware
An issue was discovered in the ContentResource API in dotCMS 3.0 through 22.02. Attackers can craft a multipart form request to post a file whose filename is not initially sanitized. This allows directory traversal, in which the file is saved outside of the intended storage location. If anonymous content creation is enabled, this allows an unauthenticated attacker to upload an executable file, such as a .jsp file, that can lead to remote code execution.
Max CVSS
9.8
EPSS Score
97.53%
Published
2022-07-17
Updated
2022-07-25
CISA KEV Added
2022-08-25

CVE-2022-1329

Public exploit
The Elementor Website Builder plugin for WordPress is vulnerable to unauthorized execution of several AJAX actions due to a missing capability check in the ~/core/app/modules/onboarding/module.php file that make it possible for attackers to modify site data in addition to uploading malicious files that can be used to obtain remote code execution, in versions 3.6.0 to 3.6.2.
Max CVSS
8.8
EPSS Score
96.08%
Published
2022-04-19
Updated
2023-05-26

CVE-2021-43258

Public exploit
CartView.php in ChurchInfo 1.3.0 allows attackers to achieve remote code execution through insecure uploads. This requires authenticated access tot he ChurchInfo application. Once authenticated, a user can add names to their cart, and compose an email. Uploading an attachment for the email stores the attachment on the site in the /tmp_attach/ folder where it can be accessed with a GET request. There are no limitations on files that can be attached, allowing for malicious PHP code to be uploaded and interpreted by the server.
Max CVSS
8.8
EPSS Score
4.83%
Published
2022-11-23
Updated
2022-11-30

CVE-2021-42840

Public exploit
SuiteCRM before 7.11.19 allows remote code execution via the system settings Log File Name setting. In certain circumstances involving admin account takeover, logger_file_name can refer to an attacker-controlled PHP file under the web root, because only the all-lowercase PHP file extensions were blocked. NOTE: this issue exists because of an incomplete fix for CVE-2020-28328.
Max CVSS
9.0
EPSS Score
7.33%
Published
2021-10-22
Updated
2021-11-30

CVE-2021-42362

Public exploit
The WordPress Popular Posts WordPress plugin is vulnerable to arbitrary file uploads due to insufficient input file type validation found in the ~/src/Image.php file which makes it possible for attackers with contributor level access and above to upload malicious files that can be used to obtain remote code execution, in versions up to and including 5.3.2.
Max CVSS
8.8
EPSS Score
96.30%
Published
2021-11-17
Updated
2023-11-22

CVE-2021-39352

Public exploit
The Catch Themes Demo Import WordPress plugin is vulnerable to arbitrary file uploads via the import functionality found in the ~/inc/CatchThemesDemoImport.php file, in versions up to and including 1.7, due to insufficient file type validation. This makes it possible for an attacker with administrative privileges to upload malicious files that can be used to achieve remote code execution.
Max CVSS
7.2
EPSS Score
92.47%
Published
2021-10-21
Updated
2022-02-28

CVE-2021-24155

Public exploit
The WordPress Backup and Migrate Plugin – Backup Guard WordPress plugin before 1.6.0 did not ensure that the imported files are of the SGBP format and extension, allowing high privilege users (admin+) to upload arbitrary files, including PHP ones, leading to RCE.
Max CVSS
7.2
EPSS Score
96.33%
Published
2021-04-05
Updated
2021-12-03

CVE-2021-24145

Public exploit
Arbitrary file upload in the Modern Events Calendar Lite WordPress plugin, versions before 5.16.5, did not properly check the imported file, allowing PHP ones to be uploaded by administrator by using the 'text/csv' content-type in the request.
Max CVSS
7.2
EPSS Score
95.61%
Published
2021-03-18
Updated
2021-12-03

CVE-2021-22005

Known exploited
Public exploit
Used for ransomware
The vCenter Server contains an arbitrary file upload vulnerability in the Analytics service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to execute code on vCenter Server by uploading a specially crafted file.
Max CVSS
9.8
EPSS Score
97.39%
Published
2021-09-23
Updated
2021-11-30
CISA KEV Added
2021-11-03

CVE-2021-21978

Public exploit
VMware View Planner 4.x prior to 4.6 Security Patch 1 contains a remote code execution vulnerability. Improper input validation and lack of authorization leading to arbitrary file upload in logupload web application. An unauthorized attacker with network access to View Planner Harness could upload and execute a specially crafted file leading to remote code execution within the logupload container.
Max CVSS
9.8
EPSS Score
97.47%
Published
2021-03-03
Updated
2021-03-26

CVE-2021-3378

Public exploit
FortiLogger 4.4.2.2 is affected by Arbitrary File Upload by sending a "Content-Type: image/png" header to Config/SaveUploadedHotspotLogoFile and then visiting Assets/temp/hotspot/img/logohotspot.asp.
Max CVSS
9.8
EPSS Score
46.04%
Published
2021-02-01
Updated
2021-03-31

CVE-2020-28871

Public exploit
Remote code execution in Monitorr v1.7.6m in upload.php allows an unauthorized person to execute arbitrary code on the server-side via an insecure file upload.
Max CVSS
9.8
EPSS Score
96.91%
Published
2021-02-10
Updated
2024-01-26

CVE-2020-28328

Public exploit
SuiteCRM before 7.11.17 is vulnerable to remote code execution via the system settings Log File Name setting. In certain circumstances involving admin account takeover, logger_file_name can refer to an attacker-controlled .php file under the web root.
Max CVSS
9.0
EPSS Score
7.81%
Published
2020-11-06
Updated
2021-12-02

CVE-2020-27387

Public exploit
An unrestricted file upload issue in HorizontCMS through 1.0.0-beta allows an authenticated remote attacker (with access to the FileManager) to upload and execute arbitrary PHP code by uploading a PHP payload, and then using the FileManager's rename function to provide the payload (which will receive a random name on the server) with the PHP extension, and finally executing the PHP file via an HTTP GET request to /storage/<php_file_name>. NOTE: the vendor has patched this while leaving the version number at 1.0.0-beta.
Max CVSS
8.8
EPSS Score
8.91%
Published
2020-11-05
Updated
2022-10-19

CVE-2020-27386

Public exploit
An unrestricted file upload issue in FlexDotnetCMS before v1.5.9 allows an authenticated remote attacker to upload and execute arbitrary files by using the FileManager to upload malicious code (e.g., ASP code) in the form of a safe file type (e.g., a TXT file), and then using the FileEditor (in v1.5.8 and prior) or the FileManager's rename function (in v1.5.7 and prior) to rename the file to an executable extension (e.g., ASP), and finally executing the file via an HTTP GET request to /<path_to_file>.
Max CVSS
8.8
EPSS Score
25.60%
Published
2020-11-12
Updated
2022-12-06

CVE-2020-25213

Known exploited
Public exploit
The File Manager (wp-file-manager) plugin before 6.9 for WordPress allows remote attackers to upload and execute arbitrary PHP code because it renames an unsafe example elFinder connector file to have the .php extension. This, for example, allows attackers to run the elFinder upload (or mkfile and put) command to write PHP code into the wp-content/plugins/wp-file-manager/lib/files/ directory. This was exploited in the wild in August and September 2020.
Max CVSS
10.0
EPSS Score
97.40%
Published
2020-09-09
Updated
2023-04-03
CISA KEV Added
2021-11-03

CVE-2020-25042

Public exploit
An arbitrary file upload issue exists in Mara CMS 7.5. In order to exploit this, an attacker must have a valid authenticated (admin/manager) session and make a codebase/dir.php?type=filenew request to upload PHP code to codebase/handler.php.
Max CVSS
7.2
EPSS Score
62.80%
Published
2020-09-03
Updated
2022-12-03

CVE-2020-24186

Public exploit
A Remote Code Execution vulnerability exists in the gVectors wpDiscuz plugin 7.0 through 7.0.4 for WordPress, which allows unauthenticated users to upload any type of file, including PHP files via the wmuUploadFiles AJAX action.
Max CVSS
10.0
EPSS Score
97.45%
Published
2020-08-24
Updated
2022-01-01
2224 vulnerabilities found
1 2 3 4 5 6 ...... 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!