Total
2288 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-1406 | 1 Crocoblock | 1 Jetengine For Elementor | 2023-11-07 | N/A | 8.8 HIGH |
| The JetEngine WordPress plugin before 3.1.3.1 includes uploaded files without adequately ensuring that they are not executable, leading to a remote code execution vulnerability. | |||||
| CVE-2023-0587 | 1 Trendmicro | 1 Apex One | 2023-11-07 | N/A | 9.1 CRITICAL |
| A file upload vulnerability in exists in Trend Micro Apex One server build 11110. Using a malformed Content-Length header in an HTTP PUT message sent to URL /officescan/console/html/cgi/fcgiOfcDDA.exe, an unauthenticated remote attacker can upload arbitrary files to the SampleSubmission directory (i.e., \PCCSRV\TEMP\SampleSubmission) on the server. The attacker can upload a large number of large files to fill up the file system on which the Apex One server is installed. | |||||
| CVE-2023-0477 | 1 Cm-wp | 1 Auto Featured Image | 2023-11-07 | N/A | 8.8 HIGH |
| The Auto Featured Image (Auto Post Thumbnail) WordPress plugin before 3.9.16 includes an AJAX endpoint that allows any user with at least Author privileges to upload arbitrary files, such as PHP files. This is caused by incorrect file extension validation. | |||||
| CVE-2023-0255 | 1 Shortpixel | 1 Enable Media Replace | 2023-11-07 | N/A | 8.8 HIGH |
| The Enable Media Replace WordPress plugin before 4.0.2 does not prevent authors from uploading arbitrary files to the site, which may allow them to upload PHP shells on affected sites. | |||||
| CVE-2022-4506 | 1 Open-emr | 1 Openemr | 2023-11-07 | N/A | 8.8 HIGH |
| Unrestricted Upload of File with Dangerous Type in GitHub repository openemr/openemr prior to 7.0.0.2. | |||||
| CVE-2022-4276 | 1 House Rental System Project | 1 House Rental System | 2023-11-07 | N/A | 9.8 CRITICAL |
| A vulnerability was found in House Rental System and classified as critical. Affected by this issue is some unknown functionality of the file tenant-engine.php of the component POST Request Handler. The manipulation of the argument id_photo leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-214772. | |||||
| CVE-2022-4272 | 1 Warehouse Management System Project | 1 Warehouse Management System | 2023-11-07 | N/A | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, has been found in FeMiner wms. Affected by this issue is some unknown functionality of the file /product/savenewproduct.php?flag=1. The manipulation of the argument upfile leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-214760. | |||||
| CVE-2022-47615 | 1 Thimpress | 1 Learnpress | 2023-11-07 | N/A | 9.8 CRITICAL |
| Local File Inclusion vulnerability in LearnPress – WordPress LMS Plugin <= 4.1.7.3.2 versions. | |||||
| CVE-2022-46660 | 1 Ge | 1 Proficy Historian | 2023-11-07 | N/A | 6.5 MEDIUM |
| An unauthorized user could alter or write files with full control over the path and content of the file. | |||||
| CVE-2022-46604 | 1 Tecrail | 1 Responsive Filemanager | 2023-11-07 | N/A | 8.8 HIGH |
| An issue in Tecrail Responsive FileManager v9.9.5 and below allows attackers to bypass the file extension check mechanism and upload a crafted PHP file, leading to arbitrary code execution. | |||||
| CVE-2022-45476 | 1 Tiny File Manager Project | 1 Tiny File Manager | 2023-11-07 | N/A | 9.8 CRITICAL |
| Tiny File Manager version 2.4.8 executes the code of files uploaded by users of the application, instead of just returning them for download. This is possible because the application is vulnerable to insecure file upload. | |||||
| CVE-2022-45359 | 1 Yithemes | 1 Yith Woocommerce Gift Cards | 2023-11-07 | N/A | 9.8 CRITICAL |
| Unauth. Arbitrary File Upload vulnerability in YITH WooCommerce Gift Cards premium plugin <= 3.19.0 on WordPress. | |||||
| CVE-2022-43146 | 1 Canteen Management System Project | 1 Canteen Management System | 2023-11-07 | N/A | 7.2 HIGH |
| An arbitrary file upload vulnerability in the image upload function of Canteen Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. | |||||
| CVE-2022-40721 | 1 Creativedream File Uploader Project | 1 Creativedream File Uploader | 2023-11-07 | N/A | 9.8 CRITICAL |
| Arbitrary file upload vulnerability in php uploader | |||||
| CVE-2022-3944 | 1 Erp Project | 1 Erp | 2023-11-07 | N/A | 8.8 HIGH |
| A vulnerability was found in jerryhanjj ERP. It has been declared as critical. Affected by this vulnerability is the function uploadImages of the file application/controllers/basedata/inventory.php of the component Commodity Management. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-213451. | |||||
| CVE-2022-3912 | 1 Wpeverest | 1 User Registration | 2023-11-07 | N/A | 7.5 HIGH |
| The User Registration WordPress plugin before 2.2.4.1 does not properly restrict the files to be uploaded via an AJAX action available to both unauthenticated and authenticated users, which could allow unauthenticated users to upload PHP files for example. | |||||
| CVE-2022-3771 | 1 Easyiicms | 1 Easyiicms | 2023-11-07 | N/A | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, has been found in easyii CMS. This issue affects the function file of the file helpers/Upload.php of the component File Upload Management. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The identifier VDB-212501 was assigned to this vulnerability. | |||||
| CVE-2022-3682 | 1 Hitachienergy | 1 Sdm600 | 2023-11-07 | N/A | 8.8 HIGH |
| A vulnerability exists in the SDM600 file permission validation. An attacker could exploit the vulnerability by gaining access to the system and uploading a specially crafted message to the system node, which could result in Arbitrary code Executing. This issue affects: All SDM600 versions prior to version 1.2 FP3 HF4 (Build Nr. 1.2.23000.291) List of CPEs: * cpe:2.3:a:hitachienergy:sdm600:1.0:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.1:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.9002.257:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.10002.257:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.11002.149:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.12002.222:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.13002.72:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.44:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.92:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.108:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.182:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.257:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.342:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.447:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.481:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.506:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.566:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.20000.3174:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.21000.291:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.21000.931:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.21000.105:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.23000.291:*:*:*:*:*:*:* | |||||
| CVE-2022-38140 | 1 Squirrly | 1 Seo Plugin By Squirrly Seo | 2023-11-07 | N/A | 8.8 HIGH |
| Auth. (contributor+) Arbitrary File Upload in SEO Plugin by Squirrly SEO plugin <= 12.1.10 on WordPress. | |||||
| CVE-2022-32177 | 1 Gin-vue-admin Project | 1 Gin-vue-admin | 2023-11-07 | N/A | 9.0 CRITICAL |
| In "Gin-Vue-Admin", versions v2.5.1 through v2.5.3beta are vulnerable to Unrestricted File Upload that leads to execution of javascript code, through the 'Normal Upload' functionality to the Media Library. When an admin user views the uploaded file, a low privilege attacker will get access to the admin’s cookie leading to account takeover. | |||||