Unrestricted Upload of File with Dangerous Type vulnerability in WebToffee Product Import Export for WooCommerce.This issue affects Product Import Export for WooCommerce: from n/a through 2.4.1.
Max CVSS
9.1
EPSS Score
0.04%
Published
2024-03-26
Updated
2024-03-26
Unrestricted Upload of File with Dangerous Type vulnerability in Tourfic.This issue affects Tourfic: from n/a through 2.11.15.
Max CVSS
9.9
EPSS Score
0.04%
Published
2024-03-19
Updated
2024-03-19
Unrestricted Upload of File with Dangerous Type vulnerability in Jordy Meow AI Engine: ChatGPT Chatbot.This issue affects AI Engine: ChatGPT Chatbot: from n/a through 2.1.4.
Max CVSS
9.1
EPSS Score
0.04%
Published
2024-03-28
Updated
2024-03-28
Unrestricted Upload of File with Dangerous Type vulnerability in Pie Register.This issue affects Pie Register: from n/a through 3.8.3.1.
Max CVSS
10.0
EPSS Score
0.04%
Published
2024-03-17
Updated
2024-03-17
Unrestricted Upload of File with Dangerous Type vulnerability in SYSBASICS WooCommerce Easy Checkout Field Editor, Fees & Discounts.This issue affects WooCommerce Easy Checkout Field Editor, Fees & Discounts: from n/a through 3.5.12.
Max CVSS
10.0
EPSS Score
0.04%
Published
2024-02-26
Updated
2024-02-26
Unrestricted Upload of File with Dangerous Type vulnerability in Skymoonlabs MoveTo.This issue affects MoveTo: from n/a through 6.2.
Max CVSS
10.0
EPSS Score
0.04%
Published
2024-02-26
Updated
2024-02-26
Unrestricted Upload of File with Dangerous Type vulnerability in JoomUnited WP Media folder.This issue affects WP Media folder: from n/a through 5.7.2.
Max CVSS
9.9
EPSS Score
0.04%
Published
2024-02-26
Updated
2024-02-26
An issue was discovered in MISP before 2.4.184. Organisation logo upload is insecure because of a lack of checks for the file extension and MIME type.
Max CVSS
9.8
EPSS Score
0.09%
Published
2024-02-09
Updated
2024-02-12
Unrestricted File Upload vulnerability in Employee Management System 1.0 allows a remote attacker to execute arbitrary code via the edit-photo.php component.
Max CVSS
9.8
EPSS Score
0.11%
Published
2024-02-08
Updated
2024-02-12
File Upload vulnerability index.php in Pichome v.1.1.01 allows a remote attacker to execute arbitrary code via crafted POST request.
Max CVSS
9.8
EPSS Score
0.11%
Published
2024-02-08
Updated
2024-02-15
An arbitrary file upload vulnerability in /upgrade/control.php of ZenTao Community Edition v18.10, ZenTao Biz v8.10, and ZenTao Max v4.10 allows attackers to execute arbitrary code via uploading a crafted .txt file.
Max CVSS
9.8
EPSS Score
0.11%
Published
2024-02-08
Updated
2024-02-15
An arbitrary File upload vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions at com.java2nb.system.controller.SysUserController: uploadImg(). An attacker can pass in specially crafted filename parameter to perform arbitrary File download.
Max CVSS
9.8
EPSS Score
0.09%
Published
2024-02-08
Updated
2024-02-10
An arbitrary File upload vulnerability exists in Novel-Plus v4.3.0-RC1 and prior at com.java2nb.common.controller.FileController: upload(). An attacker can pass in specially crafted filename parameter to perform arbitrary File download.
Max CVSS
9.8
EPSS Score
0.09%
Published
2024-02-08
Updated
2024-02-10
An arbitrary File download vulnerability exists in Novel-Plus v4.3.0-RC1 and prior at com.java2nb.common.controller.FileController: fileDownload(). An attacker can pass in specially crafted filePath and fieName parameters to perform arbitrary File download.
Max CVSS
9.8
EPSS Score
0.09%
Published
2024-02-08
Updated
2024-02-10
jshERP v3.3 is vulnerable to Arbitrary File Upload. The jshERP-boot/systemConfig/upload interface does not check the uploaded file type, and the biz parameter can be spliced into the upload path, resulting in arbitrary file uploads with controllable paths.
Max CVSS
9.8
EPSS Score
0.09%
Published
2024-02-06
Updated
2024-02-13
Deserialization of Untrusted Data in Gambio through 4.9.2.0 allows attackers to run arbitrary code via "search" parameter of the Parcelshopfinder/AddAddressBookEntry" function.
Max CVSS
9.8
EPSS Score
0.11%
Published
2024-02-12
Updated
2024-02-15
An arbitrary firmware upload vulnerability exists in the Motorola MR2600. An attacker can exploit this vulnerability to achieve code execution on the device. Authentication is required, however can be bypassed.
Max CVSS
9.0
EPSS Score
0.08%
Published
2024-01-26
Updated
2024-02-01
A vulnerability in the web-based management interface of Cisco Unity Connection could allow an unauthenticated, remote attacker to upload arbitrary files to an affected system and execute commands on the underlying operating system. This vulnerability is due to a lack of authentication in a specific API and improper validation of user-supplied data. An attacker could exploit this vulnerability by uploading arbitrary files to an affected system. A successful exploit could allow the attacker to store malicious files on the system, execute arbitrary commands on the operating system, and elevate privileges to root.
Max CVSS
9.8
EPSS Score
0.13%
Published
2024-01-17
Updated
2024-02-02
Unrestricted Upload of File with Dangerous Type vulnerability in Tumult Inc. Tumult Hype Animations.This issue affects Tumult Hype Animations: from n/a through 1.9.12.
Max CVSS
9.1
EPSS Score
0.04%
Published
2024-03-28
Updated
2024-03-28
An Unrestricted Upload of File vulnerability has been found on Cegid Meta4 HR, that allows an attacker to upload malicios files to the server via '/config/espanol/update_password.jsp' file. Modifying the 'M4_NEW_PASSWORD' parameter, an attacker could store a malicious JSP file inside the file directory, to be executed the the file is loaded in the application.
Max CVSS
9.0
EPSS Score
0.04%
Published
2024-03-19
Updated
2024-03-19
File upload restriction evasion vulnerability in AMSS++ version 4.31. This vulnerability could allow an authenticated user to potentially obtain RCE through webshell, compromising the entire infrastructure.
Max CVSS
9.9
EPSS Score
0.04%
Published
2024-03-18
Updated
2024-03-18
Unrestricted file upload vulnerability in ManageEngine Desktop Central affecting version 9, build 90055. This vulnerability could allow a remote attacker to upload a malicious file to the system without any credentials provided.
Max CVSS
9.8
EPSS Score
0.04%
Published
2024-03-11
Updated
2024-03-12
Suite CRM version 7.14.2 allows including local php files. This is possible because the application is vulnerable to LFI.
Max CVSS
9.9
EPSS Score
0.05%
Published
2024-02-20
Updated
2024-02-20
Unrestricted file upload vulnerability in CMS Made Simple, affecting version 2.2.14. This vulnerability allows an authenticated user to bypass the security measures of the upload functionality and potentially create a remote execution of commands via webshell.
Max CVSS
9.8
EPSS Score
0.04%
Published
2024-03-12
Updated
2024-03-12
A vulnerability, which was classified as critical, was found in CodeAstro Restaurant POS System 1.0. This affects an unknown part of the file update_product.php. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-253011.
Max CVSS
9.8
EPSS Score
0.06%
Published
2024-02-07
Updated
2024-03-21
1026 vulnerabilities found
1 2 3 4 5 6 ...... 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!