Skip to main content

File Upload

4034 CVEs technique

Monthly

CVE-2024-22724 MEDIUM POC This Month

An issue was discovered in osCommerce v4, allows local attackers to bypass file upload restrictions and execute arbitrary code via administrator profile photo upload feature. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE File Upload Oscommerce
NVD GitHub
CVSS 3.1
6.6
EPSS
0.3%
CVE-2024-2690 CRITICAL POC Act Now

A vulnerability was found in SourceCodester Online Discussion Forum Site 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Online Discussion Forum Site
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
1.0%
CVE-2024-1205 HIGH This Week

The Management App for WooCommerce - Order notifications, Order management, Lead management, Uptime Monitoring plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE WordPress File Upload Wemanage
NVD VulDB
CVSS 3.1
8.8
EPSS
4.7%
CVE-2024-29135 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in Themefic Tourfic tourfic.11.15. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload
NVD VulDB
CVSS 3.1
9.9
EPSS
0.5%
CVE-2024-2636 CRITICAL Act Now

An Unrestricted Upload of File vulnerability has been found on Cegid Meta4 HR, that allows an attacker to upload malicios files to the server via '/config/espanol/update_password.jsp' file. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

File Upload
NVD
CVSS 3.1
9.0
EPSS
0.6%
CVE-2024-2604 CRITICAL Act Now

A vulnerability was found in SourceCodester File Manager App 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP File Upload File Manager App
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-2599 HIGH This Week

File upload restriction evasion vulnerability in AMSS++ version 4.31. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Amss
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-27957 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in Pie Register.8.3.1. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Pie Register
NVD
CVSS 3.1
10.0
EPSS
0.6%
CVE-2024-2565 CRITICAL Act Now

A vulnerability was found in PandaXGO PandaX up to 20240310. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Pandax
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-2561 HIGH POC This Week

A vulnerability, which was classified as critical, has been found in 74CMS 3.28.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload 74Cms
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
6.1%
CVE-2024-2531 HIGH This Week

A vulnerability classified as critical has been found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP File Upload Online College Event Hall Reservation System
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-2529 HIGH This Week

A vulnerability was found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP File Upload Online College Event Hall Reservation System
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-26503 CRITICAL POC Act Now

Unrestricted File Upload vulnerability in Greek Universities Network Open eClass v.3.15 and earlier allows attackers to run arbitrary code via upload of crafted file to certbadge.php endpoint. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Openeclass
NVD
CVSS 3.1
9.1
EPSS
1.1%
CVE-2024-28425 PyPI HIGH This Week

greykite v1.0.0 was discovered to contain an arbitrary file upload vulnerability in the load_obj function at /templates/pickle_utils.py. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

RCE File Upload Greykite
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-28424 HIGH This Week

zenml v0.55.4 was discovered to contain an arbitrary file upload vulnerability in the load function at /materializers/cloudpickle_materializer.py. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE File Upload Zenml
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-28423 PyPI CRITICAL Act Now

Airflow-Diagrams v2.1.0 was discovered to contain an arbitrary file upload vulnerability in the unsafe_load function at cli.py. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE File Upload Airflow Diagrams
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-28418 MEDIUM POC This Month

Webedition CMS 9.2.2.0 has a File upload vulnerability via /webEdition/we_cmd.php. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Webedition Cms
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-0800 HIGH POC This Week

A path traversal vulnerability exists in Arcserve Unified Data Protection 9.2 and 8.1 in edge-app-base-webui.jar!com.ca.arcserve.edge.app.base.ui.server.servlet.ImportNodeServlet. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal File Upload Udp
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2024-1691 MEDIUM This Month

The Otter Blocks - Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via file upload form, which allows SVG uploads, in. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress File Upload Otter Blocks
NVD VulDB
CVSS 3.1
6.1
EPSS
0.9%
CVE-2024-1311 HIGH PATCH This Week

The Brizy - Page Builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the storeImages function in all versions up to, and including, 2.4.40. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

RCE WordPress File Upload Brizy
NVD VulDB
CVSS 3.1
8.8
EPSS
9.6%
CVE-2024-2406 CRITICAL Act Now

A vulnerability, which was classified as critical, was found in Gacjie Server up to 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP File Upload Gacjie Server
NVD VulDB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-1527 HIGH This Week

Unrestricted file upload vulnerability in CMS Made Simple, affecting version 2.2.14. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Cms Made Simple
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2024-2394 CRITICAL Act Now

A vulnerability was found in SourceCodester Employee Management System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP File Upload Employee Management System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-25994 MEDIUM This Month

An unauthenticated remote attacker can upload a arbitrary script file due to improper input validation. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Charx Sec 3000 Firmware Charx Sec 3050 Firmware Charx Sec 3100 Firmware Charx Sec 3150 Firmware
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2024-28187 HIGH PATCH This Week

SOY CMS is an open source CMS (content management system) that allows you to build blogs and online shops. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection File Upload Soy Cms
NVD GitHub
CVSS 3.1
7.2
EPSS
1.6%
CVE-2024-2268 CRITICAL Act Now

A vulnerability was found in keerti1924 Online-Book-Store-Website 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP File Upload Online Bookstore Website
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-1986 HIGH Act Now

The Booster Elite for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the wc_add_new_product() function in all versions up to, and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 10.5% and no vendor patch available.

RCE WordPress File Upload Booster For Woocommerce
NVD VulDB
CVSS 3.1
8.8
EPSS
10.5%
CVE-2024-27733 HIGH This Week

File Upload vulnerability in Byzro Network Smart s42 Management Platform v.S42 allows a local attacker to execute arbitrary code via the useratte/userattestation.php component. Rated high severity (CVSS 7.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE PHP File Upload
NVD GitHub
CVSS 3.1
7.7
EPSS
0.3%
CVE-2024-20345 MEDIUM This Month

A vulnerability in the file upload functionality of Cisco AppDynamics Controller could allow an authenticated, remote attacker to conduct directory traversal attacks on an affected device. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Cisco Information Disclosure Path Traversal Appdynamics Controller
NVD
CVSS 3.1
6.5
EPSS
2.2%
CVE-2024-2148 HIGH POC This Week

A vulnerability classified as critical has been found in SourceCodester Online Mobile Management Store 1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Online Mobile Store Management System
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-27747 CRITICAL POC THREAT Act Now

File Upload vulnerability in Petrol Pump Mangement Software v.1.0 allows an attacker to execute arbitrary code via a crafted payload to the email Image parameter in the profile.php component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Petrol Pump Management
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
23.6%
CVE-2024-27499 PHP MEDIUM POC PATCH This Month

Bagisto v1.5.1 is vulnerable for Cross site scripting(XSS) via png file upload vulnerability in product review option. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS File Upload Bagisto
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-2059 HIGH This Week

A vulnerability was found in SourceCodester Petrol Pump Management Software 1.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP File Upload Petrol Pump Management
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
0.6%
CVE-2024-2058 HIGH This Week

A vulnerability was found in SourceCodester Petrol Pump Management Software 1.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP File Upload Petrol Pump Management
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
0.6%
CVE-2024-0864 CRITICAL Act Now

Enabling Simple Ajax Uploader plugin included in Laragon open-source software allows for a remote code execution (RCE) attack via an improper input validation in a file_upload.php file which serves. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE PHP File Upload Laragon
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2023-6090 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in Mollie Mollie Payments for WooCommerce.3.11. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress File Upload Mollie Payments For Woocommerce
NVD
CVSS 3.1
9.1
EPSS
0.2%
CVE-2024-1468 HIGH This Week

The Avada | Website Builder For WordPress & WooCommerce theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ajax_import_options() function in all. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE WordPress File Upload Avada
NVD VulDB
CVSS 3.1
8.8
EPSS
3.6%
CVE-2024-25832 HIGH POC THREAT This Week

F-logic DataCube3 v1.0 is vulnerable to unrestricted file upload, which could allow an authenticated malicious actor to upload a file of dangerous type by manipulating the filename extension. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Datacube3
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
12.8%
CVE-2024-25869 HIGH POC THREAT This Week

An Unrestricted File Upload vulnerability in CodeAstro Membership Management System in PHP v.1.0 allows a remote attacker to execute arbitrary code via upload of a crafted php file in the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Membership Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
18.7%
CVE-2024-1932 MEDIUM POC This Month

Unrestricted Upload of File with Dangerous Type in freescout-helpdesk/freescout. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Freescout
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2024-25846 CRITICAL POC Act Now

In the module "Product Catalog (CSV, Excel) Import" (simpleimportproduct) <= 6.7.0 from MyPrestaModules for PrestaShop, a guest can upload files with extensions .php. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Product Catalog Csv Excel Import
NVD
CVSS 3.1
9.1
EPSS
0.8%
CVE-2024-1925 HIGH This Week

A vulnerability was found in Ctcms 2.1.2. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

PHP File Upload Ctcms
NVD VulDB
CVSS 3.1
8.1
EPSS
0.6%
CVE-2024-1921 CRITICAL Act Now

A vulnerability, which was classified as critical, was found in osuuu LightPicture up to 1.2.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP File Upload Lightpicture
NVD VulDB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-1918 CRITICAL Act Now

A vulnerability has been found in Byzoro Smart S42 Management Platform up to 20240219 and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP File Upload Smart S42 Management Platform
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
2.3%
CVE-2024-25925 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in SYSBASICS WooCommerce Easy Checkout Field Editor, Fees & Discounts.5.12. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress File Upload Easy Checkout Field Editor
NVD
CVSS 3.1
10.0
EPSS
0.6%
CVE-2024-25913 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in Skymoonlabs MoveTo.2. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Moveto
NVD
CVSS 3.1
10.0
EPSS
0.8%
CVE-2024-25909 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in JoomUnited WP Media folder.7.2. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Wp Media Folder
NVD
CVSS 3.1
9.9
EPSS
0.7%
CVE-2024-25410 MEDIUM POC PATCH This Month

flusity-CMS 2.33 is vulnerable to Unrestricted Upload of File with Dangerous Type in update_setting.php. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP File Upload Flusity
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-24714 HIGH This Week

Unrestricted Upload of File with Dangerous Type vulnerability in bPlugins LLC Icons Font Loader.1.4. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Icons Font Loader
NVD
CVSS 3.1
7.2
EPSS
0.6%
CVE-2024-1875 HIGH POC This Week

A vulnerability was found in SourceCodester Complaint Management System 1.0 and classified as critical.php of the component Lodge Complaint Section. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Complaint Management System
NVD VulDB
CVSS 3.1
8.8
EPSS
0.9%
CVE-2024-1819 HIGH POC This Week

A vulnerability was found in CodeAstro Membership Management System 1.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Membership Management System
NVD VulDB
CVSS 3.1
7.2
EPSS
0.7%
CVE-2024-1818 HIGH POC This Week

A vulnerability was found in CodeAstro Membership Management System 1.0 and classified as critical. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Membership Management System
NVD VulDB
CVSS 3.1
7.2
EPSS
0.7%
CVE-2024-26152 PyPI MEDIUM POC PATCH This Month

### Summary On all Label Studio versions prior to 1.11.0, data imported via file upload feature is not properly sanitized prior to being rendered within a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS CSRF File Upload Label Studio
NVD GitHub
CVSS 3.1
6.1
EPSS
2.2%
CVE-2024-25802 CRITICAL Act Now

SKINsoft S-Museum 7.02.3 allows Unrestricted File Upload via the Add Media function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload S Museum
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-22393 Go CRITICAL PATCH Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in Apache Answer.2.1. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache File Upload Answer
NVD
CVSS 3.1
9.1
EPSS
2.5%
CVE-2024-27283 HIGH This Week

A vulnerability was discovered in Veritas eDiscovery Platform before 10.2.5. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Ediscovery Platform
NVD
CVSS 3.1
7.2
EPSS
0.7%
CVE-2024-26483 PHP HIGH POC PATCH This Week

An arbitrary file upload vulnerability in the Profile Image module of Kirby CMS v4.1.0 allows attackers to execute arbitrary code via a crafted PDF file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE File Upload Kirby
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2024-25274 CRITICAL Act Now

An arbitrary file upload vulnerability in the component /sysFile/upload of Novel-Plus v4.3.0-RC1 allows attackers to execute arbitrary code via uploading a crafted file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE File Upload Novel Plus
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-22824 CRITICAL POC Act Now

An issue in Timo v.2.0.3 allows a remote attacker to execute arbitrary code via the filetype restrictions in the UploadController.java component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Java File Upload Timo
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2024-1644 HIGH POC This Week

Suite CRM version 7.14.2 allows including local php files. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Suitecrm
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2024-25636 HIGH PATCH This Week

Misskey is an open source, decentralized social media platform with ActivityPub support. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload Misskey
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-25623 HIGH PATCH This Week

Mastodon is a free, open-source social network server based on ActivityPub. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload Mastodon
NVD GitHub
CVSS 3.1
7.7
EPSS
0.5%
CVE-2024-22426 CRITICAL Act Now

Dell RecoverPoint for Virtual Machines 5.3.x, 6.0.SP1 contains an OS Command injection vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Dell File Upload Recoverpoint For Virtual Machines
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2024-25414 CRITICAL POC Act Now

An arbitrary file upload vulnerability in /admin/upgrade of CSZ CMS v1.3.0 allows attackers to execute arbitrary code via uploading a crafted Zip file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Csz Cms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2024-23811 HIGH This Week

A vulnerability has been identified in SINEC NMS (All versions < V2.0 SP1). Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE File Upload Sinec Nms
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-23762 HIGH POC This Week

Unrestricted File Upload vulnerability in Content Manager feature in Gambio 4.9.2.0 allows attackers to execute arbitrary code via upload of crafted PHP file. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Gambio
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-23759 CRITICAL POC THREAT Emergency

Deserialization of Untrusted Data in Gambio through 4.9.2.0 allows attackers to run arbitrary code via "search" parameter of the Parcelshopfinder/AddAddressBookEntry" function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization RCE File Upload Gambio
NVD
CVSS 3.1
9.8
EPSS
47.8%
CVE-2024-25674 CRITICAL PATCH Act Now

An issue was discovered in MISP before 2.4.184. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload Misp
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-24393 CRITICAL POC Act Now

File Upload vulnerability index.php in Pichome v.1.1.01 allows a remote attacker to execute arbitrary code via crafted POST request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Pichome
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2024-24091 CRITICAL Act Now

Yealink Meeting Server before v26.0.0.66 was discovered to contain an OS command injection vulnerability via the file upload interface. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection File Upload Yealink Meeting Server
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2024-24202 CRITICAL POC Act Now

An arbitrary file upload vulnerability in /upgrade/control.php of ZenTao Community Edition v18.10, ZenTao Biz v8.10, and ZenTao Max v4.10 allows attackers to execute arbitrary code via uploading a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Zentao Zentao Biz +1
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2024-24350 HIGH POC This Week

File Upload vulnerability in Software Publico e-Sic Livre v.2.0 and before allows a remote attacker to execute arbitrary code via the extension filtering component. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload E Sic Livre
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2024-24026 CRITICAL Act Now

An arbitrary File upload vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions at com.java2nb.system.controller.SysUserController: uploadImg(). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Novel Plus
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-24025 CRITICAL Act Now

An arbitrary File upload vulnerability exists in Novel-Plus v4.3.0-RC1 and prior at com.java2nb.common.controller.FileController: upload(). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Novel Plus
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-24024 CRITICAL Act Now

An arbitrary File download vulnerability exists in Novel-Plus v4.3.0-RC1 and prior at com.java2nb.common.controller.FileController: fileDownload(). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Novel Plus
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-1268 CRITICAL Act Now

A vulnerability, which was classified as critical, was found in CodeAstro Restaurant POS System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP File Upload Restaurant Pos System
NVD VulDB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-1264 CRITICAL Act Now

A vulnerability has been found in Juanpao JPShop up to 1.5.02 and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP File Upload Jpshop
NVD VulDB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-1263 CRITICAL Act Now

A vulnerability, which was classified as critical, was found in Juanpao JPShop up to 1.5.02. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP File Upload Jpshop
NVD VulDB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-1262 CRITICAL Act Now

A vulnerability, which was classified as critical, has been found in Juanpao JPShop up to 1.5.02.php of the component API. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP File Upload Jpshop
NVD VulDB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-1261 CRITICAL Act Now

A vulnerability classified as critical was found in Juanpao JPShop up to 1.5.02. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP File Upload Jpshop
NVD VulDB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-1260 CRITICAL Act Now

A vulnerability classified as critical has been found in Juanpao JPShop up to 1.5.02. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP File Upload Jpshop
NVD VulDB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-22515 HIGH This Week

Unrestricted File Upload vulnerability in iSpyConnect.com Agent DVR 5.1.6.0 allows attackers to upload arbitrary files via the upload audio component. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Agent Dvr
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2024-1259 CRITICAL Act Now

A vulnerability was found in Juanpao JPShop up to 1.5.02. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP File Upload Jpshop
NVD VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-1253 HIGH POC This Week

A vulnerability, which was classified as critical, has been found in Byzoro Smart S40 Management Platform up to 20240126. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Smart S40 Firmware
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
1.7%
CVE-2024-24000 CRITICAL Act Now

jshERP v3.3 is vulnerable to Arbitrary File Upload. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Jsherp
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-0699 MEDIUM PATCH This Month

The AI Engine: Chatbots, Generators, Assistants, GPT 4 and more!. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload RCE WordPress Ai Engine
NVD VulDB
CVSS 3.1
6.6
EPSS
7.1%
CVE-2023-6925 HIGH This Week

The Unlimited Addons for WPBakery Page Builder plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation on the 'importZipFile' function in versions up to,. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE WordPress File Upload Unlimited Addons For Wpbakery Page Builder WPBakery Page Builder
NVD VulDB
CVSS 3.1
7.2
EPSS
3.0%
CVE-2023-6846 HIGH POC THREAT Act Now

Remote code execution in the WordPress File Manager Pro plugin (versions up to and including 8.3.4) allows authenticated attackers with subscriber-level access to upload arbitrary files via the mk_check_filemanager_php_syntax AJAX endpoint, leading to full server compromise. Publicly available exploit code exists, and the high EPSS score of 13.31% (94th percentile) indicates significant real-world exploitation likelihood. The flaw is patched in version 8.3.5, which introduces a missing capability check.

Code Injection RCE WordPress File Upload File Manager
NVD GitHub
CVSS 3.1
8.8
EPSS
13.3%
CVE-2023-6635 HIGH PATCH This Week

The EditorsKit plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation on the 'import_styles' function in versions up to, and including, 1.40.3. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

WordPress File Upload RCE Editorskit
NVD VulDB
CVSS 3.1
7.2
EPSS
7.6%
CVE-2024-22567 Maven HIGH POC THREAT This Week

File Upload vulnerability in MCMS 5.3.5 allows attackers to upload arbitrary files via crafted POST request to /ms/file/upload.do. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Mcms
NVD GitHub
CVSS 3.1
8.8
EPSS
17.8%
EPSS 0% CVSS 6.6
MEDIUM POC This Month

An issue was discovered in osCommerce v4, allows local attackers to bypass file upload restrictions and execute arbitrary code via administrator profile photo upload feature. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE File Upload +1
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

A vulnerability was found in SourceCodester Online Discussion Forum Site 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Online Discussion Forum Site
NVD GitHub VulDB
EPSS 5% CVSS 8.8
HIGH This Week

The Management App for WooCommerce - Order notifications, Order management, Lead management, Uptime Monitoring plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE WordPress File Upload +1
NVD VulDB
EPSS 0% CVSS 9.9
CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in Themefic Tourfic tourfic.11.15. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload
NVD VulDB
EPSS 1% CVSS 9.0
CRITICAL Act Now

An Unrestricted Upload of File vulnerability has been found on Cegid Meta4 HR, that allows an attacker to upload malicios files to the server via '/config/espanol/update_password.jsp' file. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

File Upload
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

A vulnerability was found in SourceCodester File Manager App 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP File Upload File Manager App
NVD GitHub VulDB
EPSS 1% CVSS 8.8
HIGH This Week

File upload restriction evasion vulnerability in AMSS++ version 4.31. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Amss
NVD
EPSS 1% CVSS 10.0
CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in Pie Register.8.3.1. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Pie Register
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

A vulnerability was found in PandaXGO PandaX up to 20240310. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Pandax
NVD GitHub VulDB
EPSS 6% CVSS 8.8
HIGH POC This Week

A vulnerability, which was classified as critical, has been found in 74CMS 3.28.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload 74Cms
NVD GitHub VulDB
EPSS 1% CVSS 8.8
HIGH This Week

A vulnerability classified as critical has been found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP File Upload Online College Event Hall Reservation System
NVD GitHub VulDB
EPSS 1% CVSS 8.8
HIGH This Week

A vulnerability was found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP File Upload Online College Event Hall Reservation System
NVD GitHub VulDB
EPSS 1% CVSS 9.1
CRITICAL POC Act Now

Unrestricted File Upload vulnerability in Greek Universities Network Open eClass v.3.15 and earlier allows attackers to run arbitrary code via upload of crafted file to certbadge.php endpoint. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload +1
NVD
EPSS 1% CVSS 7.5
HIGH This Week

greykite v1.0.0 was discovered to contain an arbitrary file upload vulnerability in the load_obj function at /templates/pickle_utils.py. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

RCE File Upload Greykite
NVD GitHub
EPSS 1% CVSS 8.8
HIGH This Week

zenml v0.55.4 was discovered to contain an arbitrary file upload vulnerability in the load function at /materializers/cloudpickle_materializer.py. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE File Upload +1
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

Airflow-Diagrams v2.1.0 was discovered to contain an arbitrary file upload vulnerability in the unsafe_load function at cli.py. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE File Upload Airflow Diagrams
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM POC This Month

Webedition CMS 9.2.2.0 has a File upload vulnerability via /webEdition/we_cmd.php. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Webedition Cms
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

A path traversal vulnerability exists in Arcserve Unified Data Protection 9.2 and 8.1 in edge-app-base-webui.jar!com.ca.arcserve.edge.app.base.ui.server.servlet.ImportNodeServlet. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal File Upload Udp
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

The Otter Blocks - Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via file upload form, which allows SVG uploads, in. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress File Upload +1
NVD VulDB
EPSS 10% CVSS 8.8
HIGH PATCH This Week

The Brizy - Page Builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the storeImages function in all versions up to, and including, 2.4.40. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

RCE WordPress File Upload +1
NVD VulDB
EPSS 1% CVSS 9.8
CRITICAL Act Now

A vulnerability, which was classified as critical, was found in Gacjie Server up to 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP File Upload Gacjie Server
NVD VulDB
EPSS 1% CVSS 8.8
HIGH This Week

Unrestricted file upload vulnerability in CMS Made Simple, affecting version 2.2.14. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Cms Made Simple
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

A vulnerability was found in SourceCodester Employee Management System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP File Upload Employee Management System
NVD GitHub VulDB
EPSS 1% CVSS 5.3
MEDIUM This Month

An unauthenticated remote attacker can upload a arbitrary script file due to improper input validation. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Charx Sec 3000 Firmware Charx Sec 3050 Firmware +2
NVD
EPSS 2% CVSS 7.2
HIGH PATCH This Week

SOY CMS is an open source CMS (content management system) that allows you to build blogs and online shops. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection File Upload Soy Cms
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

A vulnerability was found in keerti1924 Online-Book-Store-Website 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP File Upload Online Bookstore Website
NVD GitHub VulDB
EPSS 11% CVSS 8.8
HIGH Act Now

The Booster Elite for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the wc_add_new_product() function in all versions up to, and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 10.5% and no vendor patch available.

RCE WordPress File Upload +1
NVD VulDB
EPSS 0% CVSS 7.7
HIGH This Week

File Upload vulnerability in Byzro Network Smart s42 Management Platform v.S42 allows a local attacker to execute arbitrary code via the useratte/userattestation.php component. Rated high severity (CVSS 7.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE PHP File Upload
NVD GitHub
EPSS 2% CVSS 6.5
MEDIUM This Month

A vulnerability in the file upload functionality of Cisco AppDynamics Controller could allow an authenticated, remote attacker to conduct directory traversal attacks on an affected device. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Cisco Information Disclosure +2
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

A vulnerability classified as critical has been found in SourceCodester Online Mobile Management Store 1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Online Mobile Store Management System
NVD GitHub VulDB
EPSS 24% CVSS 9.8
CRITICAL POC THREAT Act Now

File Upload vulnerability in Petrol Pump Mangement Software v.1.0 allows an attacker to execute arbitrary code via a crafted payload to the email Image parameter in the profile.php component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload +1
NVD GitHub Exploit-DB
EPSS 1% CVSS 6.5
MEDIUM POC PATCH This Month

Bagisto v1.5.1 is vulnerable for Cross site scripting(XSS) via png file upload vulnerability in product review option. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS File Upload Bagisto
NVD GitHub
EPSS 1% CVSS 7.2
HIGH This Week

A vulnerability was found in SourceCodester Petrol Pump Management Software 1.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP File Upload Petrol Pump Management
NVD GitHub VulDB
EPSS 1% CVSS 7.2
HIGH This Week

A vulnerability was found in SourceCodester Petrol Pump Management Software 1.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP File Upload Petrol Pump Management
NVD GitHub VulDB
EPSS 1% CVSS 9.8
CRITICAL Act Now

Enabling Simple Ajax Uploader plugin included in Laragon open-source software allows for a remote code execution (RCE) attack via an improper input validation in a file_upload.php file which serves. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE PHP File Upload +1
NVD
EPSS 0% CVSS 9.1
CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in Mollie Mollie Payments for WooCommerce.3.11. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress File Upload Mollie Payments For Woocommerce
NVD
EPSS 4% CVSS 8.8
HIGH This Week

The Avada | Website Builder For WordPress & WooCommerce theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ajax_import_options() function in all. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE WordPress File Upload +1
NVD VulDB
EPSS 13% CVSS 8.8
HIGH POC THREAT This Week

F-logic DataCube3 v1.0 is vulnerable to unrestricted file upload, which could allow an authenticated malicious actor to upload a file of dangerous type by manipulating the filename extension. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Datacube3
NVD Exploit-DB
EPSS 19% CVSS 8.8
HIGH POC THREAT This Week

An Unrestricted File Upload vulnerability in CodeAstro Membership Management System in PHP v.1.0 allows a remote attacker to execute arbitrary code via upload of a crafted php file in the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload +1
NVD GitHub
EPSS 0% CVSS 4.8
MEDIUM POC This Month

Unrestricted Upload of File with Dangerous Type in freescout-helpdesk/freescout. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Freescout
NVD
EPSS 1% CVSS 9.1
CRITICAL POC Act Now

In the module "Product Catalog (CSV, Excel) Import" (simpleimportproduct) <= 6.7.0 from MyPrestaModules for PrestaShop, a guest can upload files with extensions .php. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Product Catalog Csv Excel Import
NVD
EPSS 1% CVSS 8.1
HIGH This Week

A vulnerability was found in Ctcms 2.1.2. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

PHP File Upload Ctcms
NVD VulDB
EPSS 1% CVSS 9.8
CRITICAL Act Now

A vulnerability, which was classified as critical, was found in osuuu LightPicture up to 1.2.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP File Upload Lightpicture
NVD VulDB
EPSS 2% CVSS 9.8
CRITICAL Act Now

A vulnerability has been found in Byzoro Smart S42 Management Platform up to 20240219 and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP File Upload Smart S42 Management Platform
NVD GitHub VulDB
EPSS 1% CVSS 10.0
CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in SYSBASICS WooCommerce Easy Checkout Field Editor, Fees & Discounts.5.12. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress File Upload Easy Checkout Field Editor
NVD
EPSS 1% CVSS 10.0
CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in Skymoonlabs MoveTo.2. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Moveto
NVD
EPSS 1% CVSS 9.9
CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in JoomUnited WP Media folder.7.2. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Wp Media Folder
NVD
EPSS 1% CVSS 6.5
MEDIUM POC PATCH This Month

flusity-CMS 2.33 is vulnerable to Unrestricted Upload of File with Dangerous Type in update_setting.php. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP File Upload Flusity
NVD GitHub
EPSS 1% CVSS 7.2
HIGH This Week

Unrestricted Upload of File with Dangerous Type vulnerability in bPlugins LLC Icons Font Loader.1.4. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Icons Font Loader
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

A vulnerability was found in SourceCodester Complaint Management System 1.0 and classified as critical.php of the component Lodge Complaint Section. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Complaint Management System
NVD VulDB
EPSS 1% CVSS 7.2
HIGH POC This Week

A vulnerability was found in CodeAstro Membership Management System 1.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Membership Management System
NVD VulDB
EPSS 1% CVSS 7.2
HIGH POC This Week

A vulnerability was found in CodeAstro Membership Management System 1.0 and classified as critical. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Membership Management System
NVD VulDB
EPSS 2% CVSS 6.1
MEDIUM POC PATCH This Month

### Summary On all Label Studio versions prior to 1.11.0, data imported via file upload feature is not properly sanitized prior to being rendered within a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS CSRF File Upload +1
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

SKINsoft S-Museum 7.02.3 allows Unrestricted File Upload via the Add Media function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload S Museum
NVD
EPSS 2% CVSS 9.1
CRITICAL PATCH Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in Apache Answer.2.1. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache File Upload Answer
NVD
EPSS 1% CVSS 7.2
HIGH This Week

A vulnerability was discovered in Veritas eDiscovery Platform before 10.2.5. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Ediscovery Platform
NVD
EPSS 1% CVSS 8.8
HIGH POC PATCH This Week

An arbitrary file upload vulnerability in the Profile Image module of Kirby CMS v4.1.0 allows attackers to execute arbitrary code via a crafted PDF file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE File Upload +1
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

An arbitrary file upload vulnerability in the component /sysFile/upload of Novel-Plus v4.3.0-RC1 allows attackers to execute arbitrary code via uploading a crafted file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE File Upload Novel Plus
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

An issue in Timo v.2.0.3 allows a remote attacker to execute arbitrary code via the filetype restrictions in the UploadController.java component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Java File Upload +1
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

Suite CRM version 7.14.2 allows including local php files. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Suitecrm
NVD GitHub
EPSS 1% CVSS 8.8
HIGH PATCH This Week

Misskey is an open source, decentralized social media platform with ActivityPub support. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload Misskey
NVD GitHub
EPSS 1% CVSS 7.7
HIGH PATCH This Week

Mastodon is a free, open-source social network server based on ActivityPub. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload Mastodon
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

Dell RecoverPoint for Virtual Machines 5.3.x, 6.0.SP1 contains an OS Command injection vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Dell File Upload +1
NVD
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

An arbitrary file upload vulnerability in /admin/upgrade of CSZ CMS v1.3.0 allows attackers to execute arbitrary code via uploading a crafted Zip file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Csz Cms
NVD GitHub
EPSS 0% CVSS 8.8
HIGH This Week

A vulnerability has been identified in SINEC NMS (All versions < V2.0 SP1). Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE File Upload Sinec Nms
NVD
EPSS 0% CVSS 7.8
HIGH POC This Week

Unrestricted File Upload vulnerability in Content Manager feature in Gambio 4.9.2.0 allows attackers to execute arbitrary code via upload of crafted PHP file. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload +1
NVD
EPSS 48% CVSS 9.8
CRITICAL POC THREAT Emergency

Deserialization of Untrusted Data in Gambio through 4.9.2.0 allows attackers to run arbitrary code via "search" parameter of the Parcelshopfinder/AddAddressBookEntry" function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization RCE File Upload +1
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

An issue was discovered in MISP before 2.4.184. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload Misp
NVD GitHub VulDB
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

File Upload vulnerability index.php in Pichome v.1.1.01 allows a remote attacker to execute arbitrary code via crafted POST request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload +1
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

Yealink Meeting Server before v26.0.0.66 was discovered to contain an OS command injection vulnerability via the file upload interface. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection File Upload Yealink Meeting Server
NVD
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

An arbitrary file upload vulnerability in /upgrade/control.php of ZenTao Community Edition v18.10, ZenTao Biz v8.10, and ZenTao Max v4.10 allows attackers to execute arbitrary code via uploading a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload +3
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

File Upload vulnerability in Software Publico e-Sic Livre v.2.0 and before allows a remote attacker to execute arbitrary code via the extension filtering component. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload E Sic Livre
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

An arbitrary File upload vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions at com.java2nb.system.controller.SysUserController: uploadImg(). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Novel Plus
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

An arbitrary File upload vulnerability exists in Novel-Plus v4.3.0-RC1 and prior at com.java2nb.common.controller.FileController: upload(). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Novel Plus
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

An arbitrary File download vulnerability exists in Novel-Plus v4.3.0-RC1 and prior at com.java2nb.common.controller.FileController: fileDownload(). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Novel Plus
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

A vulnerability, which was classified as critical, was found in CodeAstro Restaurant POS System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP File Upload Restaurant Pos System
NVD VulDB
EPSS 1% CVSS 9.8
CRITICAL Act Now

A vulnerability has been found in Juanpao JPShop up to 1.5.02 and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP File Upload Jpshop
NVD VulDB
EPSS 1% CVSS 9.8
CRITICAL Act Now

A vulnerability, which was classified as critical, was found in Juanpao JPShop up to 1.5.02. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP File Upload Jpshop
NVD VulDB
EPSS 1% CVSS 9.8
CRITICAL Act Now

A vulnerability, which was classified as critical, has been found in Juanpao JPShop up to 1.5.02.php of the component API. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP File Upload Jpshop
NVD VulDB
EPSS 1% CVSS 9.8
CRITICAL Act Now

A vulnerability classified as critical was found in Juanpao JPShop up to 1.5.02. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP File Upload Jpshop
NVD VulDB
EPSS 1% CVSS 9.8
CRITICAL Act Now

A vulnerability classified as critical has been found in Juanpao JPShop up to 1.5.02. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP File Upload Jpshop
NVD VulDB
EPSS 1% CVSS 8.8
HIGH This Week

Unrestricted File Upload vulnerability in iSpyConnect.com Agent DVR 5.1.6.0 allows attackers to upload arbitrary files via the upload audio component. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Agent Dvr
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

A vulnerability was found in Juanpao JPShop up to 1.5.02. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP File Upload Jpshop
NVD VulDB
EPSS 2% CVSS 7.2
HIGH POC This Week

A vulnerability, which was classified as critical, has been found in Byzoro Smart S40 Management Platform up to 20240126. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Smart S40 Firmware
NVD GitHub VulDB
EPSS 1% CVSS 9.8
CRITICAL Act Now

jshERP v3.3 is vulnerable to Arbitrary File Upload. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Jsherp
NVD GitHub
EPSS 7% CVSS 6.6
MEDIUM PATCH This Month

The AI Engine: Chatbots, Generators, Assistants, GPT 4 and more!. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload RCE WordPress +1
NVD VulDB
EPSS 3% CVSS 7.2
HIGH This Week

The Unlimited Addons for WPBakery Page Builder plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation on the 'importZipFile' function in versions up to,. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE WordPress File Upload +2
NVD VulDB
EPSS 13% CVSS 8.8
HIGH POC THREAT Act Now

Remote code execution in the WordPress File Manager Pro plugin (versions up to and including 8.3.4) allows authenticated attackers with subscriber-level access to upload arbitrary files via the mk_check_filemanager_php_syntax AJAX endpoint, leading to full server compromise. Publicly available exploit code exists, and the high EPSS score of 13.31% (94th percentile) indicates significant real-world exploitation likelihood. The flaw is patched in version 8.3.5, which introduces a missing capability check.

Code Injection RCE WordPress +2
NVD GitHub
EPSS 8% CVSS 7.2
HIGH PATCH This Week

The EditorsKit plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation on the 'import_styles' function in versions up to, and including, 1.40.3. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

WordPress File Upload RCE +1
NVD VulDB
EPSS 18% CVSS 8.8
HIGH POC THREAT This Week

File Upload vulnerability in MCMS 5.3.5 allows attackers to upload arbitrary files via crafted POST request to /ms/file/upload.do. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Mcms
NVD GitHub
Prev Page 23 of 45 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy