Skip to main content

File Upload

4034 CVEs technique

Monthly

CVE-2023-6675 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in National Keep Cyber Security Services CyberMath allows Upload a Web Shell to a Web Server.1.4 before v.1.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Cybermath
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2024-24059 MEDIUM POC This Month

springboot-manager v1.6 is vulnerable to Arbitrary File Upload. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS File Upload Springboot Manager
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-1116 CRITICAL Act Now

A vulnerability was found in openBI up to 1.0.8. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP File Upload Openbi
NVD VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-1113 CRITICAL Act Now

A vulnerability, which was classified as critical, was found in openBI up to 1.0.8. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP File Upload Openbi
NVD VulDB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-1069 HIGH PATCH This Week

The Contact Form Entries plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file validation on the 'view_page' function in versions up to, and including, 1.3.2. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload RCE WordPress Database For Contact Form 7 Wpforms Elementor Forms Elementor
NVD
CVSS 3.1
7.2
EPSS
3.4%
CVE-2024-1036 CRITICAL Act Now

A vulnerability was found in openBI up to 1.0.8 and classified as critical.php of the component Icon Handler. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP File Upload Openbi
NVD VulDB
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-1035 CRITICAL Act Now

A vulnerability has been found in openBI up to 1.0.8 and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP File Upload Openbi
NVD VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-1034 CRITICAL Act Now

A vulnerability, which was classified as critical, was found in openBI up to 1.0.8. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP File Upload Openbi
NVD VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-1027 CRITICAL Act Now

A vulnerability, which was classified as critical, was found in SourceCodester Facebook News Feed Like 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Facebook News Feed Like
NVD VulDB
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-23822 CRITICAL POC PATCH Act Now

Thruk is a multibackend monitoring webinterface. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal File Upload Thruk
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2024-1008 HIGH POC This Week

A vulnerability was found in SourceCodester Employee Management System 1.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Employee Management System
NVD VulDB
CVSS 3.1
7.2
EPSS
0.8%
CVE-2024-0939 CRITICAL POC THREAT Act Now

A vulnerability has been found in Byzoro Smart S210 Management Platform up to 20240117 and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Smart S210 Firmware
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
43.8%
CVE-2024-0933 CRITICAL Act Now

A vulnerability was found in Niushop B2B2C V5 and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP File Upload B2B2C Multi Business
NVD VulDB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-22550 MEDIUM POC This Month

An arbitrary file upload vulnerability in the component /alsdemo/ss/mediam.cgi of ShopSite v14.0 allows attackers to execute arbitrary code via uploading a crafted SVG file. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Shopsite
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2024-23630 HIGH This Week

An arbitrary firmware upload vulnerability exists in the Motorola MR2600. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Mr2600 Firmware
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2024-24399 HIGH POC THREAT This Week

An arbitrary file upload vulnerability in LEPTON v7.0.0 allows authenticated attackers to execute arbitrary PHP code by uploading this code to the backend/languages/index.php languages area. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Leptoncms
NVD GitHub Exploit-DB
CVSS 3.1
7.2
EPSS
15.6%
CVE-2024-22152 HIGH This Week

Unrestricted Upload of File with Dangerous Type vulnerability in WebToffee Product Import Export for WooCommerce.3.7. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable. No vendor patch available.

WordPress File Upload Product Import Export For Woocommerce
NVD
CVSS 3.1
8.0
EPSS
0.2%
CVE-2024-22135 HIGH This Week

Unrestricted Upload of File with Dangerous Type vulnerability in WebToffee Order Export & Order Import for WooCommerce.4.3. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable. No vendor patch available.

WordPress File Upload Order Export Order Import For Woocommerce
NVD
CVSS 3.1
8.0
EPSS
0.2%
CVE-2023-52221 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in UkrSolution Barcode Scanner and Inventory manager.5.1. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Barcode Scanner And Inventory Manager
NVD
CVSS 3.1
10.0
EPSS
0.3%
CVE-2024-23180 HIGH This Week

Improper input validation vulnerability in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE File Upload A Blog Cms
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2024-0783 CRITICAL POC Act Now

A vulnerability was found in Project Worlds Online Admission System 1.0 and classified as critical.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Online Admission System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
1.2%
CVE-2024-22895 HIGH POC This Week

DedeCMS 5.7.112 has a File Upload vulnerability via uploads/dede/module_upload.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Dedecms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-51925 CRITICAL Act Now

An arbitrary file upload vulnerability in the nccloud.web.arcp.taskmonitor.action.ArcpUploadAction.doAction() method of YonBIP v3_23.05 allows attackers to execute arbitrary code via uploading a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload RCE Yonbip
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-51924 CRITICAL Act Now

An arbitrary file upload vulnerability in the uap.framework.rc.itf.IResourceManager interface of YonBIP v3_23.05 allows attackers to execute arbitrary code via uploading a crafted file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload RCE Yonbip
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-51928 CRITICAL Act Now

An arbitrary file upload vulnerability in the nccloud.web.arcp.taskmonitor.action.ArcpUploadAction.doAction() method of YonBIP v3_23.05 allows attackers to execute arbitrary code via uploading a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload RCE Yonbip
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
1.0%
CVE-2024-22418 MEDIUM POC PATCH This Month

Group-Office is an enterprise CRM and groupware tool. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

File Upload XSS Microsoft Group Office
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-0648 CRITICAL Act Now

A vulnerability has been found in Yunyou CMS up to 2.2.6 and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP File Upload Yunyou Cms
NVD VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-20272 CRITICAL Act Now

A vulnerability in the web-based management interface of Cisco Unity Connection could allow an unauthenticated, remote attacker to upload arbitrary files to an affected system and execute commands on. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco File Upload Unity Connection
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2024-0643 CRITICAL Act Now

Unrestricted upload of dangerous file types in the C21 Live Encoder and Live Mosaic product, version 5.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Live Encoder
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-0505 MEDIUM POC This Month

A vulnerability was found in ZhongFuCheng3y Austin 1.0 and classified as critical.java of the component Upload Material Menu. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

File Upload Java Austin
NVD GitHub VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-0468 MEDIUM This Month

A vulnerability has been found in code-projects Fighting Cock Information System 1.0 and classified as critical. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload PHP Fighting Cock Information System
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.1%
CVE-2023-51806 MEDIUM POC This Month

File Upload vulnerability in Ujcms v.8.0.2 allows a local attacker to execute arbitrary code via a crafted file. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Ujcms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-46474 HIGH POC THREAT Act Now

File Upload vulnerability PMB v.7.4.8 allows a remote attacker to execute arbitrary code and escalate privileges via a crafted PHP file uploaded to the start_import.php file. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 72.7%.

File Upload RCE PHP Pmb
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
72.7%
Threat
5.1
CVE-2023-6979 HIGH PATCH This Week

The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ivole_import_upload_csv AJAX action in all versions up to,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload WordPress RCE
NVD VulDB
CVSS 3.1
8.8
EPSS
3.7%
CVE-2023-6636 HIGH PATCH This Week

The Greenshift - animation and page builder blocks plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation on the 'gspb_save_files' function in versions up. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload WordPress RCE
NVD
CVSS 3.1
7.2
EPSS
4.4%
CVE-2023-6558 HIGH PATCH This Week

The Export and Import Users and Customers plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation on the 'upload_import_file' function in versions up to,. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload WordPress RCE
NVD
CVSS 3.1
7.2
EPSS
3.8%
CVE-2023-6316 CRITICAL PATCH Act Now

The MW WP Form plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the '_single_file_upload' function in versions up to, and including, 5.0.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload WordPress RCE
NVD VulDB
CVSS 3.1
9.8
EPSS
8.3%
CVE-2023-6220 HIGH This Week

The Piotnet Forms plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'piotnetforms_ajax_form_builder' function in versions up to, and. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

File Upload WordPress RCE
NVD VulDB
CVSS 3.1
8.1
EPSS
6.3%
CVE-2023-49715 MEDIUM POC This Month

A unrestricted php file upload vulnerability exists in the import.json.php temporary copy functionality of WWBN AVideo dev master commit 15fed957fb. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE PHP Avideo
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2020-26629 CRITICAL POC Act Now

A JQuery Unrestricted Arbitrary File Upload vulnerability was discovered in Hospital Management System V4.0 which allows an unauthenticated attacker to upload any file to the server. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Hospital Management System
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2024-0352 HIGH POC THREAT Act Now

Likeshop e-commerce platform through version 2.5.7.20210311 contains a critical unrestricted file upload vulnerability in the FileServer::userFormImage function. Unauthenticated attackers can upload PHP webshells via crafted HTTP POST requests, achieving remote code execution on the server.

File Upload PHP Likeshop
NVD VulDB
CVSS 3.1
7.3
EPSS
91.9%
Threat
5.7
CVE-2024-0348 MEDIUM POC Monitor

A vulnerability was found in SourceCodester Engineers Online Portal 1.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Denial Of Service Engineers Online Portal
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-47890 PyPI HIGH POC PATCH This Week

pyLoad 0.5.0 is vulnerable to Unrestricted File Upload. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

File Upload Path Traversal Pyload
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-6140 HIGH POC This Week

The Essential Real Estate WordPress plugin before 4.4.0 does not prevent users with limited privileges on the site, like subscribers, from momentarily uploading malicious PHP files disguised as ZIP. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload WordPress RCE PHP Essential Real Estate
NVD WPScan
CVSS 3.1
8.8
EPSS
3.9%
CVE-2023-5957 HIGH POC This Week

The Ni Purchase Order(PO) For WooCommerce WordPress plugin through 1.2.1 does not validate logo and signature image files uploaded in the settings, allowing high privileged user to upload arbitrary. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload WordPress Ni Purchase Order Po For Woocommerce
NVD WPScan
CVSS 3.1
7.2
EPSS
0.6%
CVE-2024-0300 MEDIUM POC This Month

A vulnerability was found in Byzoro Smart S150 Management Platform up to 20240101. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Smart S150 Firmware
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.9%
CVE-2023-7212 MEDIUM This Month

A vulnerability classified as critical has been found in DeDeCMS up to 5.7.112. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload PHP Dedecms
NVD VulDB
CVSS 3.1
4.7
EPSS
0.0%
CVE-2022-46839 CRITICAL Act Now

Unrestricted file upload in JS Help Desk WordPress plugin. CVSS 10.0.

File Upload
NVD
CVSS 3.1
10.0
EPSS
0.3%
CVE-2023-6551 PHP MEDIUM This Month

As a simple library, class.upload.php does not perform an in-depth check on uploaded files, allowing a stored XSS vulnerability when the default configuration is used. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload XSS PHP Class Upload Php
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-50760 HIGH POC This Week

Online Notice Board System v1.0 is vulnerable to an Insecure File Upload vulnerability on the 'f' parameter of user/update_profile_pic.php page, allowing an authenticated attacker to obtain Remote. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE PHP Online Notice Board System
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-50922 HIGH POC This Week

An issue was discovered on GL.iNet devices through 4.5.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Gl Mt1300 Firmware Gl Mt300N V2 Firmware Gl Ar750S Firmware +9
NVD GitHub
CVSS 3.1
7.2
EPSS
0.1%
CVE-2023-45724 HIGH This Week

HCL DRYiCE MyXalytics product is impacted by unauthenticated file upload vulnerability. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Dryice Myxalytics
NVD
CVSS 3.1
8.2
EPSS
0.2%
CVE-2023-45723 HIGH This Week

HCL DRYiCE MyXalytics is impacted by path traversal vulnerability which allows file upload capability. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Path Traversal Dryice Myxalytics
NVD
CVSS 3.1
7.6
EPSS
0.1%
CVE-2024-0194 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in CodeAstro Internet Banking System up to 1.0.php of the component Profile Picture Handler. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Internet Banking System
NVD VulDB
CVSS 3.1
6.3
EPSS
0.2%
CVE-2024-0192 MEDIUM POC This Month

A vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1.0. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Rrj Nueva Ecija Engineer Online Portal
NVD VulDB
CVSS 3.1
6.3
EPSS
0.2%
CVE-2024-0185 MEDIUM POC Monitor

A vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1.0. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Rrj Nueva Ecija Engineer Online Portal
NVD VulDB
CVSS 3.1
4.7
EPSS
0.1%
CVE-2023-7181 HIGH POC This Week

A vulnerability was found in Muyun DedeBIZ up to 6.2.12 and classified as critical. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Dedebiz
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
0.8%
CVE-2023-51475 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in IOSS WP MLM SOFTWARE PLUGIN.0. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Wp Mlm Unilevel
NVD
CVSS 3.1
10.0
EPSS
0.7%
CVE-2023-51473 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in Pixelemu TerraClassifieds - Simple Classifieds Plugin.0.3. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Terraclassifieds
NVD
CVSS 3.1
10.0
EPSS
0.7%
CVE-2023-51468 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in Jacques Malgrange Rencontre - Dating Site.10.1. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Download Rencontre Dating Site
NVD
CVSS 3.1
10.0
EPSS
0.7%
CVE-2023-51421 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in Soft8Soft LLC Verge3D Publishing and E-Commerce.5.2. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Verge3D
NVD
CVSS 3.1
9.9
EPSS
0.7%
CVE-2023-51419 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in Bertha.Ai BERTHA AI. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google WordPress File Upload Bertha Ai Chrome
NVD
CVSS 3.1
10.0
EPSS
0.7%
CVE-2023-51417 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in Joris van Montfort JVM Gutenberg Rich Text Icons.2.3. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Jvm Gutenberg Rich Text Icons
NVD
CVSS 3.1
9.9
EPSS
0.7%
CVE-2023-51412 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in Piotnet Piotnet Forms.0.25. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

File Upload Piotnet Forms
NVD
CVSS 3.1
9.0
EPSS
0.7%
CVE-2023-51411 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in Shabti Kaplan Frontend Admin by DynamiApps.18.3. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Frontend Admin
NVD
CVSS 3.1
10.0
EPSS
0.7%
CVE-2023-51410 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in WPVibes WP Mail Log.1.2. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Wp Mail Log
NVD
CVSS 3.1
9.9
EPSS
0.7%
CVE-2023-7159 CRITICAL Act Now

A vulnerability was found in gopeak MasterLab up to 3.3.10. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload PHP Masterlab
NVD VulDB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-7150 HIGH This Week

A vulnerability classified as critical was found in Campcodes Chic Beauty Salon 20230703. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload PHP Chic Beauty Salon
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-7147 CRITICAL Act Now

A vulnerability, which was classified as critical, was found in gopeak MasterLab up to 3.3.10. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload PHP Masterlab
NVD VulDB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-50104 CRITICAL POC Act Now

ZZCMS 2023 has a file upload vulnerability in 3/E_bak5.1/upload/index.php, allowing attackers to exploit this loophole to gain server privileges and execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload PHP Zzcms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-50038 HIGH POC This Week

There is an arbitrary file upload vulnerability in the background of textpattern cms v4.8.8, which leads to the loss of server permissions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Textpattern
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-50692 HIGH POC This Week

File Upload vulnerability in JIZHICMS v.2.5, allows remote attacker to execute arbitrary code via a crafted file uploaded and downloaded to the download_url parameter in the app/admin/exts/ directory. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Jizhicms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-5931 HIGH POC This Week

The rtMedia for WordPress, BuddyPress and bbPress WordPress plugin before 4.6.16 does not validate files to be uploaded, which could allow attackers with a low-privilege account (e.g. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload WordPress PHP Rtmedia
NVD WPScan
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-5673 HIGH POC This Week

The WP Mail Log WordPress plugin before 1.1.3 does not properly validate file extensions uploading files to attach to emails, allowing attackers to upload PHP files, leading to remote code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload WordPress PHP Wp Mail Log
NVD WPScan
CVSS 3.1
8.8
EPSS
1.1%
CVE-2023-52086 HIGH PATCH This Week

resumable.php (aka PHP backend for resumable.js) 0.1.4 before 3c6dbf5 allows arbitrary file upload anywhere in the filesystem via ../ in multipart/form-data content to upload.php. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload PHP Php Backend For Resumable Js
NVD GitHub
CVSS 3.1
8.1
EPSS
0.7%
CVE-2023-51772 HIGH This Week

One Identity Password Manager before 5.13.1 allows Kiosk Escape. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Google Microsoft Password Manager
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-48654 CRITICAL Act Now

One Identity Password Manager before 5.13.1 allows Kiosk Escape. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Google Microsoft Password Manager
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-7091 HIGH POC This Week

A vulnerability was found in Dreamer CMS 4.1.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Dreamer Cms
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-51034 CRITICAL POC Act Now

TOTOlink EX1200L V9.3.5u.6146_B20201023 is vulnerable to arbitrary command execution via the cstecgi.cgi UploadFirmwareFile interface. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Ex1200L Firmware
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-42017 CRITICAL Act Now

IBM Planning Analytics Local 2.0 could allow a remote attacker to upload arbitrary files, caused by the improper validation of file extensions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE File Upload IBM Planning Analytics
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-7054 MEDIUM POC This Month

A vulnerability was found in PHPGurukul Online Notes Sharing System 1.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Online Notes Sharing System
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-7036 MEDIUM POC This Month

A vulnerability was found in automad up to 1.10.9. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Automad
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-45377 MEDIUM This Month

Unrestricted Upload of File with Dangerous Type vulnerability in Glen Don L. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload WordPress Drag And Drop Multiple File Upload For Woocommerce
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-7026 MEDIUM POC This Month

A vulnerability was found in Lightxun IPTV Gateway up to 20231208. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Iptv Gateway
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-50639 MEDIUM This Month

Cross Site Scripting (XSS) vulnerability in CuteHttpFileServer v.1.0 and v.2.0 allows attackers to obtain sensitive information via the file upload function in the home page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload XSS Cute Http File Server
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-25970 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in Zendrop Zendrop - Global Dropshipping.0.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Zendrop
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2023-23970 HIGH This Week

Unrestricted Upload of File with Dangerous Type vulnerability in WooRockets Corsa.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Corsa
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-49814 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in Symbiostock symbiostock.0.0. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Symbiostock
NVD
CVSS 3.1
9.1
EPSS
0.2%
CVE-2023-47784 HIGH This Week

Unrestricted Upload of File with Dangerous Type vulnerability in ThemePunch OHG Slider Revolution.6.15. Rated high severity (CVSS 8.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Slider Revolution
NVD
CVSS 3.1
8.4
EPSS
0.2%
CVE-2023-46149 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in Themify Themify Ultra.3.5. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Ultra
NVD
CVSS 3.1
9.9
EPSS
0.3%
EPSS 0% CVSS 9.8
CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in National Keep Cyber Security Services CyberMath allows Upload a Web Shell to a Web Server.1.4 before v.1.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Cybermath
NVD VulDB
EPSS 0% CVSS 5.4
MEDIUM POC This Month

springboot-manager v1.6 is vulnerable to Arbitrary File Upload. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS File Upload Springboot Manager
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

A vulnerability was found in openBI up to 1.0.8. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP File Upload Openbi
NVD VulDB
EPSS 1% CVSS 9.8
CRITICAL Act Now

A vulnerability, which was classified as critical, was found in openBI up to 1.0.8. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP File Upload Openbi
NVD VulDB
EPSS 3% CVSS 7.2
HIGH PATCH This Week

The Contact Form Entries plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file validation on the 'view_page' function in versions up to, and including, 1.3.2. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload RCE WordPress +2
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

A vulnerability was found in openBI up to 1.0.8 and classified as critical.php of the component Icon Handler. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP File Upload Openbi
NVD VulDB
EPSS 1% CVSS 9.8
CRITICAL Act Now

A vulnerability has been found in openBI up to 1.0.8 and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP File Upload Openbi
NVD VulDB
EPSS 1% CVSS 9.8
CRITICAL Act Now

A vulnerability, which was classified as critical, was found in openBI up to 1.0.8. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP File Upload Openbi
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL Act Now

A vulnerability, which was classified as critical, was found in SourceCodester Facebook News Feed Like 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Facebook News Feed Like
NVD VulDB
EPSS 1% CVSS 9.8
CRITICAL POC PATCH Act Now

Thruk is a multibackend monitoring webinterface. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal File Upload Thruk
NVD GitHub
EPSS 1% CVSS 7.2
HIGH POC This Week

A vulnerability was found in SourceCodester Employee Management System 1.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Employee Management System
NVD VulDB
EPSS 44% CVSS 9.8
CRITICAL POC THREAT Act Now

A vulnerability has been found in Byzoro Smart S210 Management Platform up to 20240117 and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Smart S210 Firmware
NVD GitHub VulDB
EPSS 1% CVSS 9.8
CRITICAL Act Now

A vulnerability was found in Niushop B2B2C V5 and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP File Upload B2B2C Multi Business
NVD VulDB
EPSS 1% CVSS 6.1
MEDIUM POC This Month

An arbitrary file upload vulnerability in the component /alsdemo/ss/mediam.cgi of ShopSite v14.0 allows attackers to execute arbitrary code via uploading a crafted SVG file. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Shopsite
NVD
EPSS 1% CVSS 8.8
HIGH This Week

An arbitrary firmware upload vulnerability exists in the Motorola MR2600. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Mr2600 Firmware
NVD
EPSS 16% CVSS 7.2
HIGH POC THREAT This Week

An arbitrary file upload vulnerability in LEPTON v7.0.0 allows authenticated attackers to execute arbitrary PHP code by uploading this code to the backend/languages/index.php languages area. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Leptoncms
NVD GitHub Exploit-DB
EPSS 0% CVSS 8.0
HIGH This Week

Unrestricted Upload of File with Dangerous Type vulnerability in WebToffee Product Import Export for WooCommerce.3.7. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable. No vendor patch available.

WordPress File Upload Product Import Export For Woocommerce
NVD
EPSS 0% CVSS 8.0
HIGH This Week

Unrestricted Upload of File with Dangerous Type vulnerability in WebToffee Order Export & Order Import for WooCommerce.4.3. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable. No vendor patch available.

WordPress File Upload Order Export Order Import For Woocommerce
NVD
EPSS 0% CVSS 10.0
CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in UkrSolution Barcode Scanner and Inventory manager.5.1. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Barcode Scanner And Inventory Manager
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Improper input validation vulnerability in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE File Upload A Blog Cms
NVD
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

A vulnerability was found in Project Worlds Online Admission System 1.0 and classified as critical.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Online Admission System
NVD GitHub VulDB
EPSS 1% CVSS 8.8
HIGH POC This Week

DedeCMS 5.7.112 has a File Upload vulnerability via uploads/dede/module_upload.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Dedecms
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

An arbitrary file upload vulnerability in the nccloud.web.arcp.taskmonitor.action.ArcpUploadAction.doAction() method of YonBIP v3_23.05 allows attackers to execute arbitrary code via uploading a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload RCE Yonbip
NVD GitHub VulDB
EPSS 1% CVSS 9.8
CRITICAL Act Now

An arbitrary file upload vulnerability in the uap.framework.rc.itf.IResourceManager interface of YonBIP v3_23.05 allows attackers to execute arbitrary code via uploading a crafted file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload RCE Yonbip
NVD GitHub VulDB
EPSS 1% CVSS 9.8
CRITICAL Act Now

An arbitrary file upload vulnerability in the nccloud.web.arcp.taskmonitor.action.ArcpUploadAction.doAction() method of YonBIP v3_23.05 allows attackers to execute arbitrary code via uploading a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload RCE Yonbip
NVD GitHub VulDB
EPSS 0% CVSS 5.4
MEDIUM POC PATCH This Month

Group-Office is an enterprise CRM and groupware tool. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

File Upload XSS Microsoft +1
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

A vulnerability has been found in Yunyou CMS up to 2.2.6 and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP File Upload Yunyou Cms
NVD VulDB
EPSS 2% CVSS 9.8
CRITICAL Act Now

A vulnerability in the web-based management interface of Cisco Unity Connection could allow an unauthenticated, remote attacker to upload arbitrary files to an affected system and execute commands on. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco File Upload Unity Connection
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Unrestricted upload of dangerous file types in the C21 Live Encoder and Live Mosaic product, version 5.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Live Encoder
NVD
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A vulnerability was found in ZhongFuCheng3y Austin 1.0 and classified as critical.java of the component Upload Material Menu. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

File Upload Java Austin
NVD GitHub VulDB
EPSS 0% CVSS 6.3
MEDIUM This Month

A vulnerability has been found in code-projects Fighting Cock Information System 1.0 and classified as critical. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload PHP Fighting Cock Information System
NVD GitHub VulDB
EPSS 0% CVSS 5.4
MEDIUM POC This Month

File Upload vulnerability in Ujcms v.8.0.2 allows a local attacker to execute arbitrary code via a crafted file. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Ujcms
NVD GitHub
EPSS 73% 5.1 CVSS 7.2
HIGH POC THREAT Act Now

File Upload vulnerability PMB v.7.4.8 allows a remote attacker to execute arbitrary code and escalate privileges via a crafted PHP file uploaded to the start_import.php file. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 72.7%.

File Upload RCE PHP +1
NVD GitHub VulDB
EPSS 4% CVSS 8.8
HIGH PATCH This Week

The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ivole_import_upload_csv AJAX action in all versions up to,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload WordPress RCE
NVD VulDB
EPSS 4% CVSS 7.2
HIGH PATCH This Week

The Greenshift - animation and page builder blocks plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation on the 'gspb_save_files' function in versions up. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload WordPress RCE
NVD
EPSS 4% CVSS 7.2
HIGH PATCH This Week

The Export and Import Users and Customers plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation on the 'upload_import_file' function in versions up to,. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload WordPress RCE
NVD
EPSS 8% CVSS 9.8
CRITICAL PATCH Act Now

The MW WP Form plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the '_single_file_upload' function in versions up to, and including, 5.0.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload WordPress RCE
NVD VulDB
EPSS 6% CVSS 8.1
HIGH This Week

The Piotnet Forms plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'piotnetforms_ajax_form_builder' function in versions up to, and. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

File Upload WordPress RCE
NVD VulDB
EPSS 1% CVSS 4.3
MEDIUM POC This Month

A unrestricted php file upload vulnerability exists in the import.json.php temporary copy functionality of WWBN AVideo dev master commit 15fed957fb. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE PHP +1
NVD
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

A JQuery Unrestricted Arbitrary File Upload vulnerability was discovered in Hospital Management System V4.0 which allows an unauthenticated attacker to upload any file to the server. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Hospital Management System
NVD
EPSS 92% 5.7 CVSS 7.3
HIGH POC THREAT Act Now

Likeshop e-commerce platform through version 2.5.7.20210311 contains a critical unrestricted file upload vulnerability in the FileServer::userFormImage function. Unauthenticated attackers can upload PHP webshells via crafted HTTP POST requests, achieving remote code execution on the server.

File Upload PHP Likeshop
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM POC Monitor

A vulnerability was found in SourceCodester Engineers Online Portal 1.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Denial Of Service Engineers Online Portal
NVD VulDB
EPSS 0% CVSS 8.8
HIGH POC PATCH This Week

pyLoad 0.5.0 is vulnerable to Unrestricted File Upload. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

File Upload Path Traversal Pyload
NVD GitHub VulDB
EPSS 4% CVSS 8.8
HIGH POC This Week

The Essential Real Estate WordPress plugin before 4.4.0 does not prevent users with limited privileges on the site, like subscribers, from momentarily uploading malicious PHP files disguised as ZIP. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload WordPress RCE +2
NVD WPScan
EPSS 1% CVSS 7.2
HIGH POC This Week

The Ni Purchase Order(PO) For WooCommerce WordPress plugin through 1.2.1 does not validate logo and signature image files uploaded in the settings, allowing high privileged user to upload arbitrary. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload WordPress Ni Purchase Order Po For Woocommerce
NVD WPScan
EPSS 1% CVSS 6.3
MEDIUM POC This Month

A vulnerability was found in Byzoro Smart S150 Management Platform up to 20240101. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Smart S150 Firmware
NVD GitHub VulDB
EPSS 0% CVSS 4.7
MEDIUM This Month

A vulnerability classified as critical has been found in DeDeCMS up to 5.7.112. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload PHP Dedecms
NVD VulDB
EPSS 0% CVSS 10.0
CRITICAL Act Now

Unrestricted file upload in JS Help Desk WordPress plugin. CVSS 10.0.

File Upload
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

As a simple library, class.upload.php does not perform an in-depth check on uploaded files, allowing a stored XSS vulnerability when the default configuration is used. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload XSS PHP +1
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

Online Notice Board System v1.0 is vulnerable to an Insecure File Upload vulnerability on the 'f' parameter of user/update_profile_pic.php page, allowing an authenticated attacker to obtain Remote. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE PHP +1
NVD
EPSS 0% CVSS 7.2
HIGH POC This Week

An issue was discovered on GL.iNet devices through 4.5.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Gl Mt1300 Firmware +11
NVD GitHub
EPSS 0% CVSS 8.2
HIGH This Week

HCL DRYiCE MyXalytics product is impacted by unauthenticated file upload vulnerability. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Dryice Myxalytics
NVD
EPSS 0% CVSS 7.6
HIGH This Week

HCL DRYiCE MyXalytics is impacted by path traversal vulnerability which allows file upload capability. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Path Traversal Dryice Myxalytics
NVD
EPSS 0% CVSS 6.3
MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in CodeAstro Internet Banking System up to 1.0.php of the component Profile Picture Handler. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Internet Banking System
NVD VulDB
EPSS 0% CVSS 6.3
MEDIUM POC This Month

A vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1.0. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Rrj Nueva Ecija Engineer Online Portal
NVD VulDB
EPSS 0% CVSS 4.7
MEDIUM POC Monitor

A vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1.0. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Rrj Nueva Ecija Engineer Online Portal
NVD VulDB
EPSS 1% CVSS 7.2
HIGH POC This Week

A vulnerability was found in Muyun DedeBIZ up to 6.2.12 and classified as critical. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Dedebiz
NVD GitHub VulDB
EPSS 1% CVSS 10.0
CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in IOSS WP MLM SOFTWARE PLUGIN.0. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Wp Mlm Unilevel
NVD
EPSS 1% CVSS 10.0
CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in Pixelemu TerraClassifieds - Simple Classifieds Plugin.0.3. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Terraclassifieds
NVD
EPSS 1% CVSS 10.0
CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in Jacques Malgrange Rencontre - Dating Site.10.1. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Download Rencontre Dating Site
NVD
EPSS 1% CVSS 9.9
CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in Soft8Soft LLC Verge3D Publishing and E-Commerce.5.2. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Verge3D
NVD
EPSS 1% CVSS 10.0
CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in Bertha.Ai BERTHA AI. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google WordPress File Upload +2
NVD
EPSS 1% CVSS 9.9
CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in Joris van Montfort JVM Gutenberg Rich Text Icons.2.3. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Jvm Gutenberg Rich Text Icons
NVD
EPSS 1% CVSS 9.0
CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in Piotnet Piotnet Forms.0.25. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

File Upload Piotnet Forms
NVD
EPSS 1% CVSS 10.0
CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in Shabti Kaplan Frontend Admin by DynamiApps.18.3. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Frontend Admin
NVD
EPSS 1% CVSS 9.9
CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in WPVibes WP Mail Log.1.2. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Wp Mail Log
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

A vulnerability was found in gopeak MasterLab up to 3.3.10. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload PHP Masterlab
NVD VulDB
EPSS 1% CVSS 8.8
HIGH This Week

A vulnerability classified as critical was found in Campcodes Chic Beauty Salon 20230703. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload PHP Chic Beauty Salon
NVD GitHub VulDB
EPSS 1% CVSS 9.8
CRITICAL Act Now

A vulnerability, which was classified as critical, was found in gopeak MasterLab up to 3.3.10. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload PHP Masterlab
NVD VulDB
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

ZZCMS 2023 has a file upload vulnerability in 3/E_bak5.1/upload/index.php, allowing attackers to exploit this loophole to gain server privileges and execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload PHP +1
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

There is an arbitrary file upload vulnerability in the background of textpattern cms v4.8.8, which leads to the loss of server permissions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Textpattern
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

File Upload vulnerability in JIZHICMS v.2.5, allows remote attacker to execute arbitrary code via a crafted file uploaded and downloaded to the download_url parameter in the app/admin/exts/ directory. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Jizhicms
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

The rtMedia for WordPress, BuddyPress and bbPress WordPress plugin before 4.6.16 does not validate files to be uploaded, which could allow attackers with a low-privilege account (e.g. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload WordPress PHP +1
NVD WPScan
EPSS 1% CVSS 8.8
HIGH POC This Week

The WP Mail Log WordPress plugin before 1.1.3 does not properly validate file extensions uploading files to attach to emails, allowing attackers to upload PHP files, leading to remote code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload WordPress +2
NVD WPScan
EPSS 1% CVSS 8.1
HIGH PATCH This Week

resumable.php (aka PHP backend for resumable.js) 0.1.4 before 3c6dbf5 allows arbitrary file upload anywhere in the filesystem via ../ in multipart/form-data content to upload.php. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload PHP Php Backend For Resumable Js
NVD GitHub
EPSS 1% CVSS 8.8
HIGH This Week

One Identity Password Manager before 5.13.1 allows Kiosk Escape. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Google Microsoft +1
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

One Identity Password Manager before 5.13.1 allows Kiosk Escape. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Google Microsoft +1
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

A vulnerability was found in Dreamer CMS 4.1.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Dreamer Cms
NVD GitHub VulDB
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

TOTOlink EX1200L V9.3.5u.6146_B20201023 is vulnerable to arbitrary command execution via the cstecgi.cgi UploadFirmwareFile interface. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Ex1200L Firmware
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

IBM Planning Analytics Local 2.0 could allow a remote attacker to upload arbitrary files, caused by the improper validation of file extensions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE File Upload IBM +1
NVD
EPSS 1% CVSS 5.4
MEDIUM POC This Month

A vulnerability was found in PHPGurukul Online Notes Sharing System 1.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Online Notes Sharing System
NVD GitHub VulDB
EPSS 1% CVSS 5.4
MEDIUM POC This Month

A vulnerability was found in automad up to 1.10.9. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Automad
NVD GitHub VulDB
EPSS 0% CVSS 6.5
MEDIUM This Month

Unrestricted Upload of File with Dangerous Type vulnerability in Glen Don L. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload WordPress Drag And Drop Multiple File Upload For Woocommerce
NVD
EPSS 1% CVSS 6.5
MEDIUM POC This Month

A vulnerability was found in Lightxun IPTV Gateway up to 20231208. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Iptv Gateway
NVD GitHub VulDB
EPSS 0% CVSS 5.4
MEDIUM This Month

Cross Site Scripting (XSS) vulnerability in CuteHttpFileServer v.1.0 and v.2.0 allows attackers to obtain sensitive information via the file upload function in the home page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload XSS Cute Http File Server
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in Zendrop Zendrop - Global Dropshipping.0.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Zendrop
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Unrestricted Upload of File with Dangerous Type vulnerability in WooRockets Corsa.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Corsa
NVD
EPSS 0% CVSS 9.1
CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in Symbiostock symbiostock.0.0. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Symbiostock
NVD
EPSS 0% CVSS 8.4
HIGH This Week

Unrestricted Upload of File with Dangerous Type vulnerability in ThemePunch OHG Slider Revolution.6.15. Rated high severity (CVSS 8.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Slider Revolution
NVD
EPSS 0% CVSS 9.9
CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in Themify Themify Ultra.3.5. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Ultra
NVD
Prev Page 24 of 45 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy