Skip to main content

Express Fileupload

3 CVEs product

Monthly

CVE-2022-27261 npm HIGH POC This Week

An arbitrary file write vulnerability in Express-FileUpload v1.3.1 allows attackers to upload multiple files with the same name, causing an overwrite of files in the web application server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Express Fileupload
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2022-27140 CRITICAL POC Act Now

An arbitrary file upload vulnerability in the file upload module of express-fileupload 1.3.1 allows attackers to execute arbitrary code via a crafted PHP file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE File Upload Express Fileupload
NVD GitHub
CVSS 3.1
9.8
EPSS
2.6%
CVE-2020-7699 npm CRITICAL POC PATCH Act Now

This affects the package express-fileupload before 1.1.8. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Prototype Pollution Denial Of Service Express Fileupload Max Data
NVD GitHub
CVSS 3.1
9.8
EPSS
4.8%
EPSS 1% CVSS 7.5
HIGH POC This Week

An arbitrary file write vulnerability in Express-FileUpload v1.3.1 allows attackers to upload multiple files with the same name, causing an overwrite of files in the web application server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Express Fileupload
NVD
EPSS 3% CVSS 9.8
CRITICAL POC Act Now

An arbitrary file upload vulnerability in the file upload module of express-fileupload 1.3.1 allows attackers to execute arbitrary code via a crafted PHP file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE File Upload +1
NVD GitHub
EPSS 5% CVSS 9.8
CRITICAL POC PATCH Act Now

This affects the package express-fileupload before 1.1.8. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Prototype Pollution Denial Of Service +2
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy