Skip to main content

File Upload

4034 CVEs technique

Monthly

CVE-2023-45603 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in Jeff Starr User Submitted Posts - Enable Users to Submit Posts from the Front End. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

File Upload User Submitted Posts
NVD
CVSS 3.1
9.0
EPSS
2.2%
CVE-2023-40204 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in Premio Folders - Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager.9.2. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Folders
NVD
CVSS 3.1
9.1
EPSS
0.2%
CVE-2023-34385 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in Akshay Menariya Export Import Menus.8.0. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Export Import Menus
NVD
CVSS 3.1
9.9
EPSS
0.3%
CVE-2023-34007 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in WPChill Download Monitor.8.3. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Download Monitor
NVD
CVSS 3.1
9.9
EPSS
0.3%
CVE-2023-33318 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in WooCommerce AutomateWoo.9.40. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload WordPress Automatewoo
NVD
CVSS 3.1
9.9
EPSS
0.3%
CVE-2023-31231 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in Unlimited Elements Unlimited Elements For Elementor (Free Widgets, Addons, Templates).5.65. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Unlimited Elements For Elementor Elementor
NVD
CVSS 3.1
9.9
EPSS
0.1%
CVE-2023-31215 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in AmaderCode Lab Dropshipping & Affiliation with Amazon.1.2. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Dropshipping Affiliation With Amazon
NVD
CVSS 3.1
9.9
EPSS
0.3%
CVE-2023-29384 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in HM Plugin WordPress Job Board and Recruitment Plugin - JobWP.0. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload WordPress Jobwp
NVD
CVSS 3.1
10.0
EPSS
4.1%
CVE-2023-29102 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in Olive Themes Olive One Click Demo Import.1.1. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Olive One Click Demo Import
NVD
CVSS 3.1
9.1
EPSS
0.2%
CVE-2023-28170 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in Themely Theme Demo Import.1.1. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Theme Demo Import
NVD
CVSS 3.1
9.1
EPSS
0.2%
CVE-2023-6976 PyPI HIGH POC PATCH This Week

This vulnerability is capable of writing arbitrary files into arbitrary locations on the remote filesystem in the context of the server process. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

File Upload Mlflow
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-47706 HIGH This Week

IBM Security Guardium Key Lifecycle Manager 4.3 could allow an authenticated user to upload files of a dangerous file type. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload IBM Security Guardium Key Lifecycle Manager
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-46264 CRITICAL Act Now

An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.4.1 and below that could allow an attacker to achieve a remove code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE File Upload Avalanche
NVD
CVSS 3.1
9.8
EPSS
90.2%
CVE-2023-46263 CRITICAL Act Now

An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.4.1 and below that could allow an attacker to achieve a remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE File Upload Avalanche
NVD
CVSS 3.1
9.8
EPSS
81.9%
CVE-2023-4311 HIGH POC This Week

The Vrm 360 3D Model Viewer WordPress plugin through 1.2.1 is vulnerable to arbitrary file upload due to insufficient checks in a plugin shortcode. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload WordPress Vrm360
NVD WPScan
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-6902 CRITICAL POC Act Now

A vulnerability has been found in codelyfe Stupid Simple CMS up to 1.2.4 and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Stupid Simple Cms
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-6887 CRITICAL POC Act Now

A vulnerability classified as critical has been found in saysky ForestBlog up to 20220630. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Forestblog
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-6850 CRITICAL PATCH Act Now

A vulnerability was found in kalcaddle KodExplorer up to 4.51.03. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload PHP Kodexplorer
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-48394 HIGH This Week

Kaifa Technology WebITR is an online attendance system, its file uploading function does not restrict upload of file with dangerous type. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Webitr Attendance System
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-6827 HIGH PATCH This Week

The Essential Real Estate plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation on the 'ajaxUploadFonts' function in versions up to, and including,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

WordPress File Upload RCE Essential Real Estate
NVD VulDB
CVSS 3.1
7.5
EPSS
9.6%
CVE-2023-6826 HIGH This Week

The E2Pdf plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation on the 'import_action' function in versions up to, and including, 1.20.25. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload RCE WordPress E2pdf
NVD VulDB
CVSS 3.1
7.2
EPSS
7.3%
CVE-2023-48376 CRITICAL Act Now

SmartStar Software CWS is a web-based integration platform, its file uploading function does not restrict upload of file with dangerous type. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Cws Collaborative Development Platform
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-48371 CRITICAL Act Now

ITPison OMICARD EDM’s file uploading function does not restrict upload of file with dangerous type. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Omicard Edm
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-50564 HIGH POC THREAT This Week

An arbitrary file upload vulnerability in the component /inc/modules_install.php of Pluck-CMS v4.7.18 allows attackers to execute arbitrary code via uploading a crafted ZIP file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload PHP Pluck
NVD GitHub
CVSS 3.1
8.8
EPSS
29.1%
CVE-2023-6794 MEDIUM This Month

An arbitrary file upload vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-write administrator with access to the web interface to disrupt system processes and. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE File Upload Paloalto Pan Os
NVD
CVSS 3.1
4.7
EPSS
0.6%
CVE-2023-6723 CRITICAL Act Now

An unrestricted file upload vulnerability has been identified in Repbox, which allows an attacker to upload malicious files via the transforamationfileupload function, due to the lack of proper file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Repox
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-46456 CRITICAL Act Now

In GL.iNET GL-AR300M routers with firmware 3.216 it is possible to inject arbitrary shell commands through the OpenVPN client file upload functionality. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Gl Ar300M Firmware
NVD
CVSS 3.1
9.8
EPSS
24.7%
CVE-2023-46455 HIGH POC THREAT This Week

In GL.iNET GL-AR300M routers with firmware v4.3.7 it is possible to write arbitrary files through a path traversal attack in the OpenVPN client file upload functionality. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal File Upload Gl Ar300M Firmware
NVD
CVSS 3.1
7.5
EPSS
47.0%
CVE-2023-49058 MEDIUM This Month

SAP Master Data Governance File Upload application allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing ‘traverse to parent. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Path Traversal File Upload Master Data Governance
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2023-49444 MEDIUM POC This Month

An arbitrary file upload vulnerability in DoraCMS v2.1.8 allow attackers to execute arbitrary code via uploading a crafted HTML or image file to the user avatar. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload XSS Doracms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-4122 HIGH POC This Week

Student Information System v1.0 is vulnerable to an Insecure File Upload vulnerability on the 'photo' parameter of my-profile page, allowing an authenticated attacker to obtain Remote Code Execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Student Information System
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2023-6576 HIGH This Week

A vulnerability was found in Byzoro S210 up to 20231123. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload PHP Smart S210 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.4%
CVE-2023-6574 HIGH POC This Week

A vulnerability was found in Byzoro Smart S20 up to 20231120 and classified as critical. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Smart S20 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.6%
CVE-2023-50164 Maven CRITICAL PATCH Act Now

An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Path Traversal RCE Information Disclosure File Upload Struts
NVD
CVSS 3.1
9.8
EPSS
80.8%
CVE-2023-39539 HIGH This Week

AMI AptioV contains a vulnerability in BIOS where a User may cause an unrestricted upload of a PNG Logo file with dangerous type by Local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

File Upload Aptio V
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2023-39538 HIGH This Week

AMI AptioV contains a vulnerability in BIOS where a User may cause an unrestricted upload of a BMP Logo file with dangerous type by Local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

File Upload Aptio V
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-48930 CRITICAL POC Act Now

xinhu xinhuoa 2.2.1 contains a File upload vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Xinhu
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-5953 HIGH POC This Week

The Welcart e-Commerce WordPress plugin before 2.9.5 does not validate files to be uploaded, as well as does not have authorisation and CSRF in an AJAX action handling such upload. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload WordPress PHP CSRF Welcart E Commerce
NVD WPScan
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-48966 PHP HIGH POC This Week

An arbitrary file upload vulnerability in the component /admin/api.upload/file of ThinkAdmin v6.1.53 allows attackers to execute arbitrary code via a crafted Zip file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Thinkadmin
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2023-48965 HIGH POC This Week

An issue in the component /admin/api.plugs/script of ThinkAdmin v6.1.53 allows attackers to getshell via providing a crafted URL to download a malicious PHP file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Thinkadmin
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-5637 HIGH This Week

Unrestricted Upload of File with Dangerous Type vulnerability in ArslanSoft Education Portal allows Read Sensitive Strings Within an Executable.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Arslansoft Education Portal
NVD VulDB
CVSS 3.1
7.5
EPSS
0.2%
CVE-2023-5636 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in ArslanSoft Education Portal allows Command Injection.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection File Upload Arslansoft Education Portal
NVD VulDB
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-6449 MEDIUM PATCH This Month

The Contact Form 7 plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'validate' function and insufficient blocklisting on the. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

WordPress File Upload RCE Contact Form 7
NVD GitHub VulDB
CVSS 3.1
6.6
EPSS
8.7%
CVE-2023-5966 MEDIUM This Month

An authenticated privileged attacker could upload a specially crafted zip to the EspoCRM server in version 7.2.5, via the extension deployment form, which could lead to arbitrary PHP code execution. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload PHP RCE Espocrm
NVD
CVSS 3.1
4.7
EPSS
0.9%
CVE-2023-5965 MEDIUM This Month

An authenticated privileged attacker could upload a specially crafted zip to the EspoCRM server in version 7.2.5, via the update form, which could lead to arbitrary PHP code execution. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload PHP RCE Espocrm
NVD
CVSS 3.1
4.7
EPSS
0.9%
CVE-2023-49052 PHP HIGH POC This Week

File Upload vulnerability in Microweber v.2.0.4 allows a remote attacker to execute arbitrary code via a crafted script to the file upload function in the created forms component. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Microweber
NVD GitHub
CVSS 3.1
8.8
EPSS
2.4%
CVE-2023-4226 HIGH POC PATCH This Week

Unrestricted file upload in `/main/inc/ajax/work.ajax.php` in Chamilo LMS <= v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP files. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE File Upload PHP Chamilo Lms
NVD GitHub
CVSS 3.1
8.8
EPSS
2.4%
CVE-2023-4225 HIGH POC PATCH This Week

Unrestricted file upload in `/main/inc/ajax/exercise.ajax.php` in Chamilo LMS <= v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP files. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE File Upload PHP Chamilo Lms
NVD GitHub
CVSS 3.1
8.8
EPSS
1.8%
CVE-2023-4224 HIGH POC PATCH This Week

Unrestricted file upload in `/main/inc/ajax/dropbox.ajax.php` in Chamilo LMS <= v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP files. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE File Upload PHP Chamilo Lms
NVD GitHub
CVSS 3.1
8.8
EPSS
1.8%
CVE-2023-4223 HIGH POC PATCH This Week

Unrestricted file upload in `/main/inc/ajax/document.ajax.php` in Chamilo LMS <= v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP files. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE File Upload PHP Chamilo Lms
NVD GitHub
CVSS 3.1
8.8
EPSS
1.8%
CVE-2023-4220 MEDIUM POC PATCH THREAT This Month

Unrestricted file upload in big file upload functionality in `/main/inc/lib/javascript/bigupload/inc/bigUpload.php` in Chamilo LMS <= v1.11.24 allows unauthenticated attackers to perform stored. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE File Upload PHP XSS Chamilo Lms
NVD GitHub Exploit-DB
CVSS 3.1
6.1
EPSS
76.1%
CVE-2023-3545 CRITICAL POC PATCH Act Now

Improper sanitisation in `main/inc/lib/fileUpload.lib.php` in Chamilo LMS <= v1.11.20 on Windows and Apache installations allows unauthenticated attackers to bypass file upload security protections. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

File Upload RCE Microsoft Apache PHP +1
NVD GitHub
CVSS 3.1
9.8
EPSS
2.0%
CVE-2023-3533 CRITICAL POC PATCH Act Now

Path traversal in file upload functionality in `/main/webservices/additional_webservices.php` in Chamilo LMS <= v1.11.20 allows unauthenticated attackers to perform stored cross-site scripting. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Path Traversal File Upload RCE PHP +1
NVD GitHub
CVSS 3.1
9.8
EPSS
2.7%
CVE-2023-6219 HIGH PATCH This Week

The BookingPress plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file validation on the 'bookingpress_process_upload' function in versions up to, and including,. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

WordPress File Upload RCE Bookingpress
NVD VulDB
CVSS 3.1
7.2
EPSS
2.1%
CVE-2023-29770 HIGH POC This Week

In Sentrifugo 3.5, the AssetsController::uploadsaveAction function allows an authenticated attacker to upload any file without extension filtering. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Sentrifugo
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-41998 CRITICAL POC THREAT Act Now

Arcserve UDP prior to 9.2 contained a vulnerability in the com.ca.arcflash.rps.webservice.RPSService4CPMImpl interface. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Udp
NVD
CVSS 3.1
9.8
EPSS
15.3%
CVE-2023-6308 HIGH POC This Week

A vulnerability, which was classified as critical, has been found in Xiamen Four-Faith Video Surveillance Management System 2016/2017. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Apache File Upload Video Surveillance Management System
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-6274 CRITICAL POC Act Now

A vulnerability was found in Byzoro Smart S80 up to 20231108. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Smart S80 Firmware
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
2.9%
CVE-2023-41812 HIGH This Week

Unrestricted Upload of File with Dangerous Type vulnerability in Pandora FMS on all allows Accessing Functionality Not Properly Constrained by ACLs. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload PHP Pandora Fms
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-41788 HIGH This Week

Unrestricted Upload of File with Dangerous Type vulnerability in Pandora FMS on all allows Accessing Functionality Not Properly Constrained by ACLs. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload PHP Pandora Fms
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-47792 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Infinite Uploads Big File Uploads - Increase Maximum File Upload Size plugin <= 2.1.1 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload CSRF Big File Uploads
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-47314 MEDIUM POC This Month

Headwind MDM Web panel 5.22.1 is vulnerable to cross-site scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload XSS Headwind Mdm
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-47313 MEDIUM POC This Month

Headwind MDM Web panel 5.22.1 is vulnerable to Directory Traversal. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal File Upload Headwind Mdm
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2023-5822 HIGH PATCH This Week

The Drag and Drop Multiple File Upload - Contact Form 7 plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'dnd_upload_cf7_upload' function. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload RCE WordPress Drag And Drop Multiple File Upload Contact Form 7
NVD VulDB
CVSS 3.1
8.1
EPSS
4.4%
CVE-2023-6142 MEDIUM POC This Month

Dev blog v1.0 allows to exploit an XSS through an unrestricted file upload, together with a bad entropy of filenames. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload XSS Dev Blog
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-6187 HIGH PATCH Act Now

The Paid Memberships Pro plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'pmpro_paypalexpress_session_vars_for_user_fields' function in. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. Epss exploitation probability 19.7%.

WordPress File Upload RCE Paid Memberships Pro
NVD VulDB
CVSS 3.1
7.5
EPSS
19.7%
CVE-2023-39548 HIGH PATCH This Week

CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.1 and earlier, EXPRESSCLUSTER X SingleServerSafe 5.1 and earlier allows a attacker to log in to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload Expresscluster X Expresscluster X Singleserversafe
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-48031 CRITICAL POC Act Now

OpenSupports v4.11.0 is vulnerable to Unrestricted Upload of File with Dangerous Type. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Opensupports
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2023-6133 MEDIUM PATCH This Month

The Forminator plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient blacklisting on the 'forminator_allowed_mime_types' function in versions up to, and including, 1.27.0. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload WordPress Forminator
NVD VulDB
CVSS 3.1
6.6
EPSS
0.3%
CVE-2023-6127 MEDIUM POC PATCH This Month

Unrestricted Upload of File with Dangerous Type in GitHub repository salesagility/suitecrm prior to 7.14.2, 7.12.14, 8.4.2. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

File Upload Suitecrm
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-45881 MEDIUM POC This Month

GibbonEdu Gibbon through version 25.0.0 allows /modules/Planner/resources_addQuick_ajaxProcess.php file upload with resultant XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload XSS Gibbon
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-47621 PHP HIGH PATCH This Week

Guest Entries is a php library which allows users to create, update & delete entries from the front-end of a site. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

RCE File Upload PHP Guest Entries
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-6102 CRITICAL Act Now

A vulnerability, which was classified as problematic, was found in Maiwei Safety Production Control Platform 4.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Maiwei Safety Production Control Platform
NVD VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-47129 PHP CRITICAL PATCH Act Now

Statmic is a core Laravel content management system Composer package. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload PHP Statamic
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-37790 MEDIUM POC This Month

Jaspersoft Clarity PPM version 14.3.0.298 was discovered to contain an arbitrary file upload vulnerability via the Profile Picture Upload function. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload XSS Clarity
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-47379 PHP MEDIUM PATCH This Month

Microweber CMS version 2.0.1 is vulnerable to stored Cross Site Scripting (XSS) via the profile picture file upload functionality. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

File Upload XSS Microweber
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-42659 HIGH This Week

In WS_FTP Server versions prior to 8.7.6 and 8.8.4, an unrestricted file upload flaw has been identified. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Ws Ftp Server
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-33480 HIGH POC This Week

RemoteClinic 2.0 contains a critical vulnerability chain that can be exploited by a remote attacker with low-privileged user credentials to create admin users, escalate privileges, and execute. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload PHP Remote Clinic
NVD GitHub
CVSS 3.1
8.8
EPSS
1.9%
CVE-2023-5601 CRITICAL POC Act Now

The WooCommerce Ninja Forms Product Add-ons WordPress plugin before 1.7.1 does not validate the file to be uploaded, allowing any unauthenticated users to upload arbitrary files to the server,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload WordPress Woocommerce Ninja Forms Product Add Ons
NVD WPScan
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-41725 HIGH This Week

Ivanti Avalanche EnterpriseServer Service Unrestricted File Upload Local Privilege Escalation Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation File Upload Ivanti Avalanche
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2023-41357 HIGH This Week

Galaxy Software Services Corporation Vitals ESP is an online knowledge base management portal, it has insufficient filtering and validation during file upload. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Vitals Enterprise Social Platform
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-5919 HIGH POC This Week

A vulnerability was found in SourceCodester Company Website CMS 1.0 and classified as problematic. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Company Website Cms
NVD VulDB
CVSS 3.1
7.2
EPSS
0.8%
CVE-2023-5860 HIGH PATCH This Week

The Icons Font Loader plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the upload function in all versions up to, and including, 1.1.2. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload RCE WordPress Icons Font Loader
NVD VulDB
CVSS 3.1
7.2
EPSS
5.4%
CVE-2023-46428 HIGH POC This Week

An arbitrary file upload vulnerability in HadSky v7.12.10 allows attackers to execute arbitrary code via a crafted file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Hadsky
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-20196 HIGH This Week

Two vulnerabilities in Cisco ISE could allow an authenticated, remote attacker to upload arbitrary files to an affected device. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE File Upload Cisco Identity Services Engine
NVD
CVSS 3.1
7.2
EPSS
0.6%
CVE-2023-20195 HIGH This Week

Two vulnerabilities in Cisco ISE could allow an authenticated, remote attacker to upload arbitrary files to an affected device. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE File Upload Cisco Identity Services Engine
NVD
CVSS 3.1
7.2
EPSS
0.6%
CVE-2023-1720 HIGH POC This Week

Lack of mime type response header in Bitrix24 22.0.300 allows authenticated remote attackers to execute arbitrary JavaScript code in the victim's browser, and possibly execute arbitrary PHP code on. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Bitrix24
NVD
CVSS 3.1
8.0
EPSS
0.9%
CVE-2023-1713 HIGH POC This Week

Insecure temporary file creation in bitrix/modules/crm/lib/order/import/instagram.php in Bitrix24 22.0.300 hosted on Apache HTTP Server allows remote authenticated attackers to execute arbitrary code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Apache File Upload PHP Bitrix24
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2023-5458 MEDIUM POC This Month

The CITS Support svg, webp Media and TTF,OTF File Upload WordPress plugin before 3.0 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload WordPress XSS Cits Support Svg Webp Media And Ttf Otf File Upload
NVD WPScan
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-5360 CRITICAL POC THREAT Emergency

The Royal Elementor Addons and Templates WordPress plugin before 1.3.79 does not properly validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as PHP and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload WordPress PHP Royal Elementor Addons
NVD WPScan Exploit-DB
CVSS 3.1
9.8
EPSS
81.7%
EPSS 2% CVSS 9.0
CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in Jeff Starr User Submitted Posts - Enable Users to Submit Posts from the Front End. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

File Upload User Submitted Posts
NVD
EPSS 0% CVSS 9.1
CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in Premio Folders - Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager.9.2. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Folders
NVD
EPSS 0% CVSS 9.9
CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in Akshay Menariya Export Import Menus.8.0. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Export Import Menus
NVD
EPSS 0% CVSS 9.9
CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in WPChill Download Monitor.8.3. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Download Monitor
NVD
EPSS 0% CVSS 9.9
CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in WooCommerce AutomateWoo.9.40. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload WordPress Automatewoo
NVD
EPSS 0% CVSS 9.9
CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in Unlimited Elements Unlimited Elements For Elementor (Free Widgets, Addons, Templates).5.65. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Unlimited Elements For Elementor Elementor
NVD
EPSS 0% CVSS 9.9
CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in AmaderCode Lab Dropshipping & Affiliation with Amazon.1.2. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Dropshipping Affiliation With Amazon
NVD
EPSS 4% CVSS 10.0
CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in HM Plugin WordPress Job Board and Recruitment Plugin - JobWP.0. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload WordPress Jobwp
NVD
EPSS 0% CVSS 9.1
CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in Olive Themes Olive One Click Demo Import.1.1. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Olive One Click Demo Import
NVD
EPSS 0% CVSS 9.1
CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in Themely Theme Demo Import.1.1. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Theme Demo Import
NVD
EPSS 1% CVSS 8.8
HIGH POC PATCH This Week

This vulnerability is capable of writing arbitrary files into arbitrary locations on the remote filesystem in the context of the server process. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

File Upload Mlflow
NVD GitHub
EPSS 1% CVSS 8.8
HIGH This Week

IBM Security Guardium Key Lifecycle Manager 4.3 could allow an authenticated user to upload files of a dangerous file type. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload IBM Security Guardium Key Lifecycle Manager
NVD
EPSS 90% CVSS 9.8
CRITICAL Act Now

An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.4.1 and below that could allow an attacker to achieve a remove code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE File Upload Avalanche
NVD
EPSS 82% CVSS 9.8
CRITICAL Act Now

An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.4.1 and below that could allow an attacker to achieve a remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE File Upload Avalanche
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

The Vrm 360 3D Model Viewer WordPress plugin through 1.2.1 is vulnerable to arbitrary file upload due to insufficient checks in a plugin shortcode. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload WordPress Vrm360
NVD WPScan
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

A vulnerability has been found in codelyfe Stupid Simple CMS up to 1.2.4 and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Stupid Simple Cms
NVD GitHub VulDB
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

A vulnerability classified as critical has been found in saysky ForestBlog up to 20220630. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Forestblog
NVD GitHub VulDB
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

A vulnerability was found in kalcaddle KodExplorer up to 4.51.03. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload PHP Kodexplorer
NVD GitHub VulDB
EPSS 1% CVSS 8.8
HIGH This Week

Kaifa Technology WebITR is an online attendance system, its file uploading function does not restrict upload of file with dangerous type. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Webitr Attendance System
NVD
EPSS 10% CVSS 7.5
HIGH PATCH This Week

The Essential Real Estate plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation on the 'ajaxUploadFonts' function in versions up to, and including,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

WordPress File Upload RCE +1
NVD VulDB
EPSS 7% CVSS 7.2
HIGH This Week

The E2Pdf plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation on the 'import_action' function in versions up to, and including, 1.20.25. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload RCE WordPress +1
NVD VulDB
EPSS 1% CVSS 9.8
CRITICAL Act Now

SmartStar Software CWS is a web-based integration platform, its file uploading function does not restrict upload of file with dangerous type. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Cws Collaborative Development Platform
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

ITPison OMICARD EDM’s file uploading function does not restrict upload of file with dangerous type. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Omicard Edm
NVD
EPSS 29% CVSS 8.8
HIGH POC THREAT This Week

An arbitrary file upload vulnerability in the component /inc/modules_install.php of Pluck-CMS v4.7.18 allows attackers to execute arbitrary code via uploading a crafted ZIP file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload PHP +1
NVD GitHub
EPSS 1% CVSS 4.7
MEDIUM This Month

An arbitrary file upload vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-write administrator with access to the web interface to disrupt system processes and. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE File Upload Paloalto +1
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

An unrestricted file upload vulnerability has been identified in Repbox, which allows an attacker to upload malicious files via the transforamationfileupload function, due to the lack of proper file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Repox
NVD
EPSS 25% CVSS 9.8
CRITICAL Act Now

In GL.iNET GL-AR300M routers with firmware 3.216 it is possible to inject arbitrary shell commands through the OpenVPN client file upload functionality. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Gl Ar300M Firmware
NVD
EPSS 47% CVSS 7.5
HIGH POC THREAT This Week

In GL.iNET GL-AR300M routers with firmware v4.3.7 it is possible to write arbitrary files through a path traversal attack in the OpenVPN client file upload functionality. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal File Upload Gl Ar300M Firmware
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

SAP Master Data Governance File Upload application allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing ‘traverse to parent. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Path Traversal File Upload +1
NVD
EPSS 1% CVSS 5.4
MEDIUM POC This Month

An arbitrary file upload vulnerability in DoraCMS v2.1.8 allow attackers to execute arbitrary code via uploading a crafted HTML or image file to the user avatar. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload XSS +1
NVD GitHub
EPSS 2% CVSS 8.8
HIGH POC This Week

Student Information System v1.0 is vulnerable to an Insecure File Upload vulnerability on the 'photo' parameter of my-profile page, allowing an authenticated attacker to obtain Remote Code Execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Student Information System
NVD
EPSS 1% CVSS 8.8
HIGH This Week

A vulnerability was found in Byzoro S210 up to 20231123. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload PHP Smart S210 Firmware
NVD GitHub VulDB
EPSS 2% CVSS 8.8
HIGH POC This Week

A vulnerability was found in Byzoro Smart S20 up to 20231120 and classified as critical. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Smart S20 Firmware
NVD GitHub VulDB
EPSS 81% CVSS 9.8
CRITICAL PATCH Act Now

An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Path Traversal RCE Information Disclosure +2
NVD
EPSS 1% CVSS 7.8
HIGH This Week

AMI AptioV contains a vulnerability in BIOS where a User may cause an unrestricted upload of a PNG Logo file with dangerous type by Local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

File Upload Aptio V
NVD
EPSS 0% CVSS 7.8
HIGH This Week

AMI AptioV contains a vulnerability in BIOS where a User may cause an unrestricted upload of a BMP Logo file with dangerous type by Local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

File Upload Aptio V
NVD
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

xinhu xinhuoa 2.2.1 contains a File upload vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Xinhu
NVD GitHub
EPSS 0% CVSS 8.8
HIGH POC This Week

The Welcart e-Commerce WordPress plugin before 2.9.5 does not validate files to be uploaded, as well as does not have authorisation and CSRF in an AJAX action handling such upload. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload WordPress PHP +2
NVD WPScan
EPSS 1% CVSS 8.8
HIGH POC This Week

An arbitrary file upload vulnerability in the component /admin/api.upload/file of ThinkAdmin v6.1.53 allows attackers to execute arbitrary code via a crafted Zip file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Thinkadmin
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

An issue in the component /admin/api.plugs/script of ThinkAdmin v6.1.53 allows attackers to getshell via providing a crafted URL to download a malicious PHP file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Thinkadmin
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

Unrestricted Upload of File with Dangerous Type vulnerability in ArslanSoft Education Portal allows Read Sensitive Strings Within an Executable.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Arslansoft Education Portal
NVD VulDB
EPSS 1% CVSS 9.8
CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in ArslanSoft Education Portal allows Command Injection.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection File Upload Arslansoft Education Portal
NVD VulDB
EPSS 9% CVSS 6.6
MEDIUM PATCH This Month

The Contact Form 7 plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'validate' function and insufficient blocklisting on the. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

WordPress File Upload RCE +1
NVD GitHub VulDB
EPSS 1% CVSS 4.7
MEDIUM This Month

An authenticated privileged attacker could upload a specially crafted zip to the EspoCRM server in version 7.2.5, via the extension deployment form, which could lead to arbitrary PHP code execution. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload PHP RCE +1
NVD
EPSS 1% CVSS 4.7
MEDIUM This Month

An authenticated privileged attacker could upload a specially crafted zip to the EspoCRM server in version 7.2.5, via the update form, which could lead to arbitrary PHP code execution. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload PHP RCE +1
NVD
EPSS 2% CVSS 8.8
HIGH POC This Week

File Upload vulnerability in Microweber v.2.0.4 allows a remote attacker to execute arbitrary code via a crafted script to the file upload function in the created forms component. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Microweber
NVD GitHub
EPSS 2% CVSS 8.8
HIGH POC PATCH This Week

Unrestricted file upload in `/main/inc/ajax/work.ajax.php` in Chamilo LMS <= v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP files. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE File Upload PHP +1
NVD GitHub
EPSS 2% CVSS 8.8
HIGH POC PATCH This Week

Unrestricted file upload in `/main/inc/ajax/exercise.ajax.php` in Chamilo LMS <= v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP files. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE File Upload PHP +1
NVD GitHub
EPSS 2% CVSS 8.8
HIGH POC PATCH This Week

Unrestricted file upload in `/main/inc/ajax/dropbox.ajax.php` in Chamilo LMS <= v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP files. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE File Upload PHP +1
NVD GitHub
EPSS 2% CVSS 8.8
HIGH POC PATCH This Week

Unrestricted file upload in `/main/inc/ajax/document.ajax.php` in Chamilo LMS <= v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP files. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE File Upload PHP +1
NVD GitHub
EPSS 76% CVSS 6.1
MEDIUM POC PATCH THREAT This Month

Unrestricted file upload in big file upload functionality in `/main/inc/lib/javascript/bigupload/inc/bigUpload.php` in Chamilo LMS <= v1.11.24 allows unauthenticated attackers to perform stored. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE File Upload PHP +2
NVD GitHub Exploit-DB
EPSS 2% CVSS 9.8
CRITICAL POC PATCH Act Now

Improper sanitisation in `main/inc/lib/fileUpload.lib.php` in Chamilo LMS <= v1.11.20 on Windows and Apache installations allows unauthenticated attackers to bypass file upload security protections. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

File Upload RCE Microsoft +3
NVD GitHub
EPSS 3% CVSS 9.8
CRITICAL POC PATCH Act Now

Path traversal in file upload functionality in `/main/webservices/additional_webservices.php` in Chamilo LMS <= v1.11.20 allows unauthenticated attackers to perform stored cross-site scripting. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Path Traversal File Upload +3
NVD GitHub
EPSS 2% CVSS 7.2
HIGH PATCH This Week

The BookingPress plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file validation on the 'bookingpress_process_upload' function in versions up to, and including,. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

WordPress File Upload RCE +1
NVD VulDB
EPSS 1% CVSS 8.8
HIGH POC This Week

In Sentrifugo 3.5, the AssetsController::uploadsaveAction function allows an authenticated attacker to upload any file without extension filtering. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Sentrifugo
NVD GitHub
EPSS 15% CVSS 9.8
CRITICAL POC THREAT Act Now

Arcserve UDP prior to 9.2 contained a vulnerability in the com.ca.arcflash.rps.webservice.RPSService4CPMImpl interface. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Udp
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

A vulnerability, which was classified as critical, has been found in Xiamen Four-Faith Video Surveillance Management System 2016/2017. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Apache File Upload Video Surveillance Management System
NVD GitHub VulDB
EPSS 3% CVSS 9.8
CRITICAL POC Act Now

A vulnerability was found in Byzoro Smart S80 up to 20231108. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Smart S80 Firmware
NVD GitHub VulDB
EPSS 1% CVSS 8.8
HIGH This Week

Unrestricted Upload of File with Dangerous Type vulnerability in Pandora FMS on all allows Accessing Functionality Not Properly Constrained by ACLs. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload PHP Pandora Fms
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Unrestricted Upload of File with Dangerous Type vulnerability in Pandora FMS on all allows Accessing Functionality Not Properly Constrained by ACLs. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload PHP Pandora Fms
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Infinite Uploads Big File Uploads - Increase Maximum File Upload Size plugin <= 2.1.1 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload CSRF Big File Uploads
NVD
EPSS 0% CVSS 5.4
MEDIUM POC This Month

Headwind MDM Web panel 5.22.1 is vulnerable to cross-site scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload XSS Headwind Mdm
NVD
EPSS 1% CVSS 5.4
MEDIUM POC This Month

Headwind MDM Web panel 5.22.1 is vulnerable to Directory Traversal. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal File Upload Headwind Mdm
NVD
EPSS 4% CVSS 8.1
HIGH PATCH This Week

The Drag and Drop Multiple File Upload - Contact Form 7 plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'dnd_upload_cf7_upload' function. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload RCE WordPress +1
NVD VulDB
EPSS 0% CVSS 5.4
MEDIUM POC This Month

Dev blog v1.0 allows to exploit an XSS through an unrestricted file upload, together with a bad entropy of filenames. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload XSS Dev Blog
NVD GitHub
EPSS 20% CVSS 7.5
HIGH PATCH Act Now

The Paid Memberships Pro plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'pmpro_paypalexpress_session_vars_for_user_fields' function in. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. Epss exploitation probability 19.7%.

WordPress File Upload RCE +1
NVD VulDB
EPSS 1% CVSS 8.8
HIGH PATCH This Week

CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.1 and earlier, EXPRESSCLUSTER X SingleServerSafe 5.1 and earlier allows a attacker to log in to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload Expresscluster X Expresscluster X Singleserversafe
NVD
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

OpenSupports v4.11.0 is vulnerable to Unrestricted Upload of File with Dangerous Type. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Opensupports
NVD
EPSS 0% CVSS 6.6
MEDIUM PATCH This Month

The Forminator plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient blacklisting on the 'forminator_allowed_mime_types' function in versions up to, and including, 1.27.0. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload WordPress Forminator
NVD VulDB
EPSS 0% CVSS 5.4
MEDIUM POC PATCH This Month

Unrestricted Upload of File with Dangerous Type in GitHub repository salesagility/suitecrm prior to 7.14.2, 7.12.14, 8.4.2. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

File Upload Suitecrm
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM POC This Month

GibbonEdu Gibbon through version 25.0.0 allows /modules/Planner/resources_addQuick_ajaxProcess.php file upload with resultant XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload XSS +1
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

Guest Entries is a php library which allows users to create, update & delete entries from the front-end of a site. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

RCE File Upload PHP +1
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

A vulnerability, which was classified as problematic, was found in Maiwei Safety Production Control Platform 4.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Maiwei Safety Production Control Platform
NVD VulDB
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

Statmic is a core Laravel content management system Composer package. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload PHP Statamic
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM POC This Month

Jaspersoft Clarity PPM version 14.3.0.298 was discovered to contain an arbitrary file upload vulnerability via the Profile Picture Upload function. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload XSS Clarity
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

Microweber CMS version 2.0.1 is vulnerable to stored Cross Site Scripting (XSS) via the profile picture file upload functionality. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

File Upload XSS Microweber
NVD GitHub
EPSS 1% CVSS 8.8
HIGH This Week

In WS_FTP Server versions prior to 8.7.6 and 8.8.4, an unrestricted file upload flaw has been identified. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Ws Ftp Server
NVD
EPSS 2% CVSS 8.8
HIGH POC This Week

RemoteClinic 2.0 contains a critical vulnerability chain that can be exploited by a remote attacker with low-privileged user credentials to create admin users, escalate privileges, and execute. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload PHP +1
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

The WooCommerce Ninja Forms Product Add-ons WordPress plugin before 1.7.1 does not validate the file to be uploaded, allowing any unauthenticated users to upload arbitrary files to the server,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload WordPress Woocommerce Ninja Forms Product Add Ons
NVD WPScan
EPSS 1% CVSS 7.8
HIGH This Week

Ivanti Avalanche EnterpriseServer Service Unrestricted File Upload Local Privilege Escalation Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation File Upload Ivanti +1
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Galaxy Software Services Corporation Vitals ESP is an online knowledge base management portal, it has insufficient filtering and validation during file upload. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Vitals Enterprise Social Platform
NVD
EPSS 1% CVSS 7.2
HIGH POC This Week

A vulnerability was found in SourceCodester Company Website CMS 1.0 and classified as problematic. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Company Website Cms
NVD VulDB
EPSS 5% CVSS 7.2
HIGH PATCH This Week

The Icons Font Loader plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the upload function in all versions up to, and including, 1.1.2. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload RCE WordPress +1
NVD VulDB
EPSS 1% CVSS 8.8
HIGH POC This Week

An arbitrary file upload vulnerability in HadSky v7.12.10 allows attackers to execute arbitrary code via a crafted file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Hadsky
NVD GitHub
EPSS 1% CVSS 7.2
HIGH This Week

Two vulnerabilities in Cisco ISE could allow an authenticated, remote attacker to upload arbitrary files to an affected device. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE File Upload Cisco +1
NVD
EPSS 1% CVSS 7.2
HIGH This Week

Two vulnerabilities in Cisco ISE could allow an authenticated, remote attacker to upload arbitrary files to an affected device. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE File Upload Cisco +1
NVD
EPSS 1% CVSS 8.0
HIGH POC This Week

Lack of mime type response header in Bitrix24 22.0.300 allows authenticated remote attackers to execute arbitrary JavaScript code in the victim's browser, and possibly execute arbitrary PHP code on. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Bitrix24
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

Insecure temporary file creation in bitrix/modules/crm/lib/order/import/instagram.php in Bitrix24 22.0.300 hosted on Apache HTTP Server allows remote authenticated attackers to execute arbitrary code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Apache File Upload +2
NVD
EPSS 0% CVSS 5.4
MEDIUM POC This Month

The CITS Support svg, webp Media and TTF,OTF File Upload WordPress plugin before 3.0 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload WordPress XSS +1
NVD WPScan
EPSS 82% CVSS 9.8
CRITICAL POC THREAT Emergency

The Royal Elementor Addons and Templates WordPress plugin before 1.3.79 does not properly validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as PHP and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload WordPress PHP +1
NVD WPScan Exploit-DB
Prev Page 25 of 45 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy