Total
2288 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-6316 | 1 Mw Wp Form Project | 1 Mw Wp Form | 2024-01-17 | N/A | 9.8 CRITICAL |
| The MW WP Form plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the '_single_file_upload' function in versions up to, and including, 5.0.1. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. | |||||
| CVE-2023-6220 | 1 Piotnet | 1 Piotnet Forms | 2024-01-17 | N/A | 9.8 CRITICAL |
| The Piotnet Forms plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'piotnetforms_ajax_form_builder' function in versions up to, and including, 1.0.26. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. | |||||
| CVE-2023-49715 | 1 Wwbn | 1 Avideo | 2024-01-17 | N/A | 8.8 HIGH |
| A unrestricted php file upload vulnerability exists in the import.json.php temporary copy functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary code execution when chained with an LFI vulnerability. An attacker can send a series of HTTP requests to trigger this vulnerability. | |||||
| CVE-2020-26629 | 1 Phpgurukul | 1 Hospital Management System | 2024-01-16 | N/A | 9.8 CRITICAL |
| A JQuery Unrestricted Arbitrary File Upload vulnerability was discovered in Hospital Management System V4.0 which allows an unauthenticated attacker to upload any file to the server. | |||||
| CVE-2022-4949 | 2 Adsanityplugin, Xen | 2 Adsanity, Xen | 2024-01-12 | N/A | 8.8 HIGH |
| The AdSanity plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'ajax_upload' function in versions up to, and including, 1.8.1. This makes it possible for authenticated attackers with Contributor+ level privileges to upload arbitrary files on the affected sites server which makes remote code execution possible. | |||||
| CVE-2023-50982 | 1 Studip | 1 Stud.ip | 2024-01-12 | N/A | 9.0 CRITICAL |
| Stud.IP 5.x through 5.3.3 allows XSS with resultant upload of executable files, because upload_action and edit_action in Admin_SmileysController do not check the file extension. This leads to remote code execution with the privileges of the www-data user. The fixed versions are 5.3.4, 5.2.6, 5.1.7, and 5.0.9. | |||||
| CVE-2023-6140 | 1 G5plus | 1 Essential Real Estate | 2024-01-11 | N/A | 8.8 HIGH |
| The Essential Real Estate WordPress plugin before 4.4.0 does not prevent users with limited privileges on the site, like subscribers, from momentarily uploading malicious PHP files disguised as ZIP archives, which may lead to remote code execution. | |||||
| CVE-2023-5957 | 1 Naziinfotech | 1 Ni Purchase Order\(po\) For Woocommerce | 2024-01-11 | N/A | 7.2 HIGH |
| The Ni Purchase Order(PO) For WooCommerce WordPress plugin through 1.2.1 does not validate logo and signature image files uploaded in the settings, allowing high privileged user to upload arbitrary files to the web server, triggering an RCE vulnerability by uploading a web shell. | |||||
| CVE-2022-46839 | 1 Wiselyhub | 1 Js Help Desk | 2024-01-11 | N/A | 9.8 CRITICAL |
| Unrestricted Upload of File with Dangerous Type vulnerability in JS Help Desk JS Help Desk – Best Help Desk & Support Plugin.This issue affects JS Help Desk – Best Help Desk & Support Plugin: from n/a through 2.7.1. | |||||
| CVE-2023-6551 | 1 Verot | 1 Class.upload.php | 2024-01-11 | N/A | 5.4 MEDIUM |
| As a simple library, class.upload.php does not perform an in-depth check on uploaded files, allowing a stored XSS vulnerability when the default configuration is used. Developers must be aware of that fact and use extension whitelisting accompanied by forcing the server to always provide content-type based on the file extension. The README has been updated to include these guidelines. | |||||
| CVE-2022-0888 | 1 Ninjaforms | 1 Ninja Forms File Uploads | 2024-01-11 | 7.5 HIGH | 9.8 CRITICAL |
| The Ninja Forms - File Uploads Extension WordPress plugin is vulnerable to arbitrary file uploads due to insufficient input file type validation found in the ~/includes/ajax/controllers/uploads.php file which can be bypassed making it possible for unauthenticated attackers to upload malicious files that can be used to obtain remote code execution, in versions up to and including 3.3.0 | |||||
| CVE-2023-50922 | 1 Gl-inet | 24 Gl-a1300, Gl-a1300 Firmware, Gl-ar300m and 21 more | 2024-01-10 | N/A | 7.2 HIGH |
| An issue was discovered on GL.iNet devices through 4.5.0. Attackers who are able to steal the AdminToken cookie can execute arbitrary code by uploading a crontab-formatted file to a specific directory and waiting for its execution. This affects A1300 4.4.6, AX1800 4.4.6, AXT1800 4.4.6, MT3000 4.4.6, MT2500 4.4.6, MT6000 4.5.0, MT1300 4.3.7, MT300N-V2 4.3.7, AR750S 4.3.7, AR750 4.3.7, AR300M 4.3.7, and B1300 4.3.7. | |||||
| CVE-2023-50760 | 1 Kashipara | 1 Online Notice Board System | 2024-01-10 | N/A | 8.8 HIGH |
| Online Notice Board System v1.0 is vulnerable to an Insecure File Upload vulnerability on the 'f' parameter of user/update_profile_pic.php page, allowing an authenticated attacker to obtain Remote Code Execution on the server hosting the application. | |||||
| CVE-2023-45724 | 1 Hcltech | 1 Dryice Myxalytics | 2024-01-09 | N/A | 9.8 CRITICAL |
| HCL DRYiCE MyXalytics product is impacted by unauthenticated file upload vulnerability. The web application permits the upload of a certain file without requiring user authentication. | |||||
| CVE-2023-51475 | 1 Wpmlmsoftware | 1 Wp Mlm Unilevel | 2024-01-08 | N/A | 9.8 CRITICAL |
| Unrestricted Upload of File with Dangerous Type vulnerability in IOSS WP MLM SOFTWARE PLUGIN.This issue affects WP MLM SOFTWARE PLUGIN: from n/a through 4.0. | |||||
| CVE-2023-51421 | 1 Soft8soft | 1 Verge3d | 2024-01-08 | N/A | 8.8 HIGH |
| Unrestricted Upload of File with Dangerous Type vulnerability in Soft8Soft LLC Verge3D Publishing and E-Commerce.This issue affects Verge3D Publishing and E-Commerce: from n/a through 4.5.2. | |||||
| CVE-2023-51468 | 1 Boiteasite | 1 Download Rencontre - Dating Site | 2024-01-05 | N/A | 9.8 CRITICAL |
| Unrestricted Upload of File with Dangerous Type vulnerability in Jacques Malgrange Rencontre – Dating Site.This issue affects Rencontre – Dating Site: from n/a through 3.10.1. | |||||
| CVE-2023-51473 | 1 Pixelemu | 1 Terraclassifieds | 2024-01-05 | N/A | 9.8 CRITICAL |
| Unrestricted Upload of File with Dangerous Type vulnerability in Pixelemu TerraClassifieds – Simple Classifieds Plugin.This issue affects TerraClassifieds – Simple Classifieds Plugin: from n/a through 2.0.3. | |||||
| CVE-2023-39539 | 1 Ami | 1 Aptio V | 2024-01-05 | N/A | 7.8 HIGH |
| AMI AptioV contains a vulnerability in BIOS where a User may cause an unrestricted upload of a PNG Logo file with dangerous type by Local access. A successful exploit of this vulnerability may lead to a loss of Confidentiality, Integrity, and/or Availability. | |||||
| CVE-2023-39538 | 1 Ami | 1 Aptio V | 2024-01-05 | N/A | 7.8 HIGH |
| AMI AptioV contains a vulnerability in BIOS where a User may cause an unrestricted upload of a BMP Logo file with dangerous type by Local access. A successful exploit of this vulnerability may lead to a loss of Confidentiality, Integrity, and/or Availability. | |||||