Skip to main content

File Upload

4034 CVEs technique

Monthly

CVE-2023-43647 PHP MEDIUM PATCH This Month

baserCMS is a website development framework. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload XSS Basercms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-42803 HIGH This Week

BigBlueButton is an open-source virtual classroom. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Bigbluebutton
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-5829 HIGH POC This Week

A vulnerability was found in code-projects Admission Management System 1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Admission Management System
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-46815 HIGH This Week

An issue was discovered in SugarCRM 12 before 12.0.4 and 13 before 13.0.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload PHP Sugarcrm
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-5812 HIGH POC This Week

A vulnerability has been found in flusity CMS and classified as critical. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Flusity
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-5796 HIGH POC This Week

A vulnerability was found in CodeAstro POS System 1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Pos System
NVD VulDB
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-5795 HIGH POC This Week

A vulnerability was found in CodeAstro POS System 1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Pos System
NVD VulDB
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-5790 CRITICAL POC Act Now

A vulnerability classified as critical was found in SourceCodester File Manager App 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP File Manager App
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-45555 HIGH POC This Week

File Upload vulnerability in zzzCMS v.2.1.9 allows a remote attacker to execute arbitrary code via a crafted file to the down_url function in zzz.php file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload PHP Zzzcms
NVD GitHub
CVSS 3.1
7.8
EPSS
0.9%
CVE-2023-45554 CRITICAL POC Act Now

File Upload vulnerability in zzzCMS v.2.1.9 allows a remote attacker to execute arbitrary code via modification of the imageext parameter from jpg, jpeg,gif, and png to jpg, jpeg,gif, png, pphphp. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Zzzcms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2023-44767 MEDIUM POC This Month

A File upload vulnerability in RiteCMS 3.0 allows a local attacker to upload a SVG file with XSS content. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload XSS Ritecms
NVD GitHub
CVSS 3.1
4.8
EPSS
0.5%
CVE-2023-26578 HIGH This Week

Arbitrary file upload to web root in the IDAttend’s IDWeb application 3.1.013 allows authenticated attackers to upload dangerous files to web root such as ASP or ASPX, gaining command execution on. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal File Upload Idweb
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2023-5524 HIGH This Week

Insufficient blacklisting in M-Files Web Companion before release version 23.10 and LTS Service Release Versions before 23.8 LTS SR1 allows Remote Code Execution via specific file types. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

RCE File Upload Web Companion
NVD
CVSS 3.1
7.3
EPSS
0.3%
CVE-2020-36706 CRITICAL POC Act Now

The Simple:Press - WordPress Forum Plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ~/admin/resources/jscript/ajaxupload/sf-uploader.php file in. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress PHP File Upload RCE Simple
NVD WPScan VulDB
CVSS 3.1
9.8
EPSS
7.1%
CVE-2023-45384 CRITICAL Act Now

KnowBand supercheckout > 5.0.7 and < 6.0.7 is vulnerable to Unrestricted Upload of File with Dangerous Type. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload PHP Supercheckout
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-37502 HIGH This Week

HCL Compass is vulnerable to lack of file upload security. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Hcl Compass
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-46004 HIGH POC This Week

Sourcecodester Best Courier Management System 1.0 is vulnerable to Arbitrary file upload in the update_user function. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Best Courier Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.7%
CVE-2023-41631 HIGH POC This Week

eSST Monitoring v2.147.1 was discovered to contain a remote code execution (RCE) vulnerability via the file upload function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Esst Monitoring
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2023-45952 CRITICAL POC Act Now

An arbitrary file upload vulnerability in the component ajax_link.php of lylme_spage v1.7.0 allows attackers to execute arbitrary code via uploading a crafted file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload PHP Lylme Spage
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-44824 HIGH POC This Week

An issue in Expense Management System v.1.0 allows a local attacker to execute arbitrary code via a crafted file uploaded to the sign-up.php component. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload PHP Expense Management System
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-34207 HIGH This Week

Unrestricted upload of file with dangerous type vulnerability in create template function in EasyUse MailHunter Ultimate 2023 and earlier allows remote authenticated users to perform arbitrary system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Mailhunter Ultimate
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-4821 MEDIUM POC This Month

The Drag and Drop Multiple File Upload for WooCommerce WordPress plugin before 1.1.1 does not filter all potentially dangerous file extensions. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload WordPress Drag And Drop Multiple File Uploader
NVD WPScan
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-4811 MEDIUM POC This Month

The WordPress File Upload WordPress plugin before 4.23.3 does not sanitise and escape some of its settings, which could allow high privilege users such as contributors to perform Stored Cross-Site. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload WordPress XSS Wordpress File Upload
NVD WPScan
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-35018 HIGH PATCH This Week

IBM Security Verify Governance 10.0 could allow a privileged use to upload arbitrary files due to improper file validation. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload IBM Security Verify Governance
NVD
CVSS 3.1
7.2
EPSS
0.4%
CVE-2023-45856 CRITICAL POC Act Now

qdPM 9.2 allows remote code execution by using the Add Attachments feature of Edit Project to upload a .php file to the /uploads URI. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload PHP Qdpm
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2023-44962 MEDIUM POC This Month

File Upload vulnerability in Koha Library Software 23.05.04 and before allows a remote attacker to read arbitrary files via the upload-cover-image.pl component. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Koha Library Software
NVD GitHub
CVSS 3.1
5.3
EPSS
1.0%
CVE-2023-5493 HIGH POC This Week

A vulnerability has been found in Byzoro Smart S45F Multi-Service Secure Gateway Intelligent Management Platform up to 20230928 and classified as critical. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Smart S45F Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.7%
CVE-2023-5492 HIGH POC This Week

A vulnerability, which was classified as critical, was found in Byzoro Smart S45F Multi-Service Secure Gateway Intelligent Management Platform up to 20230928. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Smart S45F Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.8%
CVE-2023-5491 HIGH POC This Week

A vulnerability, which was classified as critical, has been found in Byzoro Smart S45F Multi-Service Secure Gateway Intelligent Management Platform up to 20230928.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Smart S45F Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.7%
CVE-2023-5490 HIGH POC This Week

A vulnerability classified as critical was found in Byzoro Smart S45F Multi-Service Secure Gateway Intelligent Management Platform up to 20230928. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Smart S45F Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.7%
CVE-2023-5489 HIGH POC This Week

A vulnerability classified as critical has been found in Byzoro Smart S45F Multi-Service Secure Gateway Intelligent Management Platform up to 20230928. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Smart S45F Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.7%
CVE-2023-5488 HIGH POC This Week

A vulnerability was found in Byzoro Smart S45F Multi-Service Secure Gateway Intelligent Management Platform up to 20230928. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Smart S45F Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.8%
CVE-2023-44763 PHP MEDIUM POC This Month

Concrete CMS v9.2.1 is affected by an Arbitrary File Upload vulnerability via a Thumbnail file upload, which allows Cross-Site Scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload XSS Concrete Cms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-45353 HIGH This Week

Atos Unify OpenScape Common Management Portal V10 before V10 R4.17.0 and V10 R5.1.0 allows an authenticated attacker to execute arbitrary code on the operating system by leveraging the Common. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE File Upload Unify Openscape Common Management
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-44061 HIGH POC This Week

File Upload vulnerability in Simple and Nice Shopping Cart Script v.1.0 allows a remote attacker to execute arbitrary code via the upload function in the edit profile component. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Simple And Nice Shopping Cart Script
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2023-43269 CRITICAL Act Now

pigcms up to 7.0 was discovered to contain an arbitrary file upload vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Pigcms
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-43321 HIGH POC This Week

File Upload vulnerability in Digital China Networks DCFW-1800-SDC v.3.0 allows an authenticated attacker to execute arbitrary code via the wget function in the /sbin/cloudadmin.sh component. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Dcfw 1800 Sdc Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-43838 HIGH POC This Week

An arbitrary file upload vulnerability in Personal Management System v1.4.64 allows attackers to execute arbitrary code via uploading a crafted SVG file into a user profile's avatar. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Personal Management System
NVD GitHub
CVSS 3.1
7.8
EPSS
0.6%
CVE-2023-44974 CRITICAL POC THREAT Act Now

An arbitrary file upload vulnerability in the component /admin/plugin.php of Emlog Pro v2.2.0 allows attackers to execute arbitrary code via uploading a crafted PHP file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload PHP Emlog
NVD GitHub
CVSS 3.1
9.8
EPSS
19.1%
CVE-2023-44973 CRITICAL POC Act Now

An arbitrary file upload vulnerability in the component /content/templates/ of Emlog Pro v2.2.0 allows attackers to execute arbitrary code via uploading a crafted PHP file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload PHP Emlog
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-4817 HIGH This Week

This vulnerability allows an authenticated attacker to upload malicious files by bypassing the restrictions of the upload functionality, compromising the entire device. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Et 7060 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-4097 HIGH This Week

The file upload functionality is not implemented correctly and allows uploading of any type of file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Qsige
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-44009 CRITICAL POC Act Now

File Upload vulnerability in mojoPortal v.2.7.0.0 allows a remote attacker to execute arbitrary code via the Skin Management function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Mojoportal
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2023-44008 CRITICAL POC Act Now

File Upload vulnerability in mojoPortal v.2.7.0.0 allows a remote attacker to execute arbitrary code via the File Manager function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Mojoportal
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2023-5227 PHP CRITICAL PATCH Act Now

Unrestricted Upload of File with Dangerous Type in GitHub repository thorsten/phpmyfaq prior to 3.1.8. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload Phpmyfaq
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-5284 HIGH POC This Week

A vulnerability classified as critical has been found in SourceCodester Engineers Online Portal 1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Engineers Online Portal
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-5277 CRITICAL POC Act Now

A vulnerability, which was classified as critical, has been found in SourceCodester Engineers Online Portal 1.0.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Engineers Online Portal
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-5262 HIGH POC This Week

A vulnerability has been found in OpenRapid RapidCMS 1.3.1 and classified as critical. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Rapidcms
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-5185 HIGH POC This Week

Gym Management System Project v1.0 is vulnerable to an Insecure File Upload vulnerability on the 'file' parameter of profile/i.php page, allowing an authenticated attacker to obtain Remote Code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload PHP Gym Management System Project
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2023-43740 HIGH POC This Week

Online Book Store Project v1.0 is vulnerable to an Insecure File Upload vulnerability on the 'image' parameter of admin_edit.php page, allowing an authenticated attacker to obtain Remote Code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload PHP Online Book Store Project
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2023-43226 HIGH POC This Week

An arbitrary file upload vulnerability in dede/baidunews.php in DedeCMS 5.7.111 and earlier allows attackers to execute arbitrary code via uploading a crafted PHP file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload PHP Dedecms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-43872 MEDIUM POC This Month

A File upload vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to upload a pdf file with hidden Cross Site Scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload XSS Cms Made Simple
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-43871 MEDIUM POC This Month

A File upload vulnerability in WBCE v.1.6.1 allows a local attacker to upload a pdf file with hidden Cross Site Scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload XSS Wbce Cms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-38874 PHP HIGH POC THREAT This Week

A remote code execution (RCE) vulnerability via an insecure file upload exists in gugoan's Economizzer v.0.9-beta1 and commit 3730880 (April 2023). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload PHP Economizzer
NVD GitHub
CVSS 3.1
8.8
EPSS
28.5%
CVE-2023-40219 HIGH This Week

Welcart e-Commerce versions 2.7 to 2.8.21 allows a user with editor or higher privilege to upload an arbitrary file to an unauthorized directory. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Welcart E Commerce
NVD
CVSS 3.1
7.2
EPSS
0.9%
CVE-2023-39377 HIGH This Week

SiberianCMS - CWE-434: Unrestricted Upload of File with Dangerous Type - A malicious user with administrative privileges may be able to upload a dangerous filetype via an unspecified method. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Siberiancms
NVD
CVSS 3.1
7.2
EPSS
0.8%
CVE-2023-5154 HIGH This Week

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability has been found in D-Link DAR-8000 up to 20151231 and classified as critical. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload D-Link PHP Dar 8000 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
15.1%
CVE-2023-5150 HIGH POC THREAT This Week

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical has been found in D-Link DAR-7000 and DAR-8000 up to 20151231. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload D-Link PHP Dar 7000 Firmware Dar 8000 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
22.8%
CVE-2023-5149 HIGH POC THREAT This Week

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DAR-7000 up to 20151231. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload D-Link PHP Dar 7000 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
21.0%
CVE-2023-5148 HIGH POC THREAT This Week

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DAR-7000 and DAR-8000 up to 20151231. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload D-Link PHP Dar 7000 Firmware Dar 8000 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
30.7%
CVE-2023-5147 HIGH POC THREAT This Week

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DAR-7000 up to 20151231. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload D-Link PHP Dar 7000 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
26.6%
CVE-2023-5146 HIGH POC THREAT This Week

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DAR-7000 and DAR-8000 up to 20151231 and classified as critical. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload D-Link PHP Dar 7000 Firmware Dar 8000 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
32.9%
CVE-2023-5145 HIGH This Week

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability has been found in D-Link DAR-7000 up to 20151231 and classified as critical. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload D-Link PHP Dar 7000 Firmware Dar 8000 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
34.3%
CVE-2023-5144 HIGH POC This Week

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in D-Link DAR-7000 and DAR-8000 up to 20151231. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload D-Link PHP Dar 7000 Firmware Dar 8000 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
6.0%
CVE-2023-40183 MEDIUM POC PATCH This Month

DataEase is an open source data visualization and analysis tool. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

File Upload Dataease
NVD GitHub
CVSS 3.1
5.3
EPSS
0.6%
CVE-2023-42335 HIGH POC This Week

Unrestricted File Upload vulnerability in Fl3xx Dispatch 2.10.37 and fl3xx Crew 2.10.37 allows a remote attacker to execute arbitrary code via the add attachment function in the New Expense component. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Crew Dispatch
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2023-42331 HIGH POC This Week

A file upload vulnerability in EliteCMS v1.01 allows a remote attacker to execute arbitrary code via the manage_uploads.php component. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload PHP Elite Cms
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2023-43497 Maven HIGH PATCH This Week

In Jenkins 2.423 and earlier, LTS 2.414.1 and earlier, processing file uploads using the Stapler web framework creates temporary files in the default system temporary directory with the default. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins File Upload
NVD
CVSS 3.1
8.1
EPSS
0.8%
CVE-2023-43478 CRITICAL POC THREAT Act Now

fake_upload.cgi on the Telstra Smart Modem Gen 2 (Arcadyan LH1000), firmware versions < 0.18.15r, allows unauthenticated attackers to upload firmware images and configuration backups, which could. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Arcadyan Lh1000 Firmware
NVD
CVSS 3.1
9.8
EPSS
17.4%
CVE-2023-41902 HIGH This Week

An XPC misconfiguration vulnerability in CoreCode MacUpdater before 2.3.8, and 3.x before 3.1.2, allows attackers to escalate privileges by crafting malicious .pkg files. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

File Upload Macupdater
NVD GitHub
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-43619 Go HIGH POC PATCH This Week

An issue was discovered in Croc through 9.6.5. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Croc
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-38887 PHP HIGH POC PATCH This Week

File Upload vulnerability in Dolibarr ERP CRM v.17.0.1 and before allows a remote attacker to execute arbitrary code and obtain sensitive information via the extension filtering and renaming. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

File Upload RCE Dolibarr Erp Crm
NVD VulDB
CVSS 3.1
8.8
EPSS
1.3%
CVE-2023-36319 HIGH POC This Week

File Upload vulnerability in Openupload Stable v.0.4.3 allows a remote attacker to execute arbitrary code via the action parameter of the compress-inc.php file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload PHP Openupload
NVD GitHub
CVSS 3.1
8.8
EPSS
1.7%
CVE-2023-5034 CRITICAL Act Now

A vulnerability classified as problematic was found in SourceCodester My Food Recipe 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload PHP My Food Recipe
NVD VulDB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-41626 PyPI MEDIUM This Month

Gradio v3.27.0 was discovered to contain an arbitrary file upload vulnerability via the /upload interface. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

File Upload Gradio
NVD GitHub
CVSS 3.1
4.8
EPSS
0.3%
CVE-2023-4988 CRITICAL Act Now

A vulnerability, which was classified as problematic, was found in Bettershop LaikeTui. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload PHP Laiketui
NVD VulDB
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-42362 MEDIUM This Month

An arbitrary file upload vulnerability in Teller Web App v.4.4.0 allows a remote attacker to execute arbitrary commands and obtain sensitive information via uploading a crafted file. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload XSS Teller
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-42180 HIGH POC This Week

An arbitrary file upload vulnerability in the /user/upload component of lenosp 1.0-1.2.0 allows attackers to execute html code via a crafted JPG file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Lenosp
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-30962 MEDIUM This Month

The Gotham Cerberus service was found to have a stored cross-site scripting (XSS) vulnerability that could have allowed an attacker with access to Gotham to launch attacks against other users. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload XSS Gotham Cerberus
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-40784 CRITICAL Act Now

DedeCMS 5.7.102 has a File Upload vulnerability via uploads/dede/module_make.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload PHP Dedecms
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-40731 HIGH This Week

A vulnerability has been identified in QMS Automotive (All versions < V12.39). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Qms Automotive
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-42472 HIGH This Week

Due to insufficient file type validation, SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface) - version 420, allows a report creator to upload files from local system. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP File Upload Information Disclosure Businessobjects Business Intelligence Platform
NVD
CVSS 3.1
7.3
EPSS
0.5%
CVE-2023-41564 PHP MEDIUM This Month

An arbitrary file upload vulnerability in the Upload Asset function of Cockpit CMS v2.6.3 allows attackers to execute arbitrary code via uploading a crafted .shtml file. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE File Upload Cockpit
NVD GitHub
CVSS 3.1
6.1
EPSS
1.0%
CVE-2023-41009 CRITICAL POC Act Now

File Upload vulnerability in adlered bolo-solo v.2.6 allows a remote attacker to execute arbitrary code via a crafted script to the authorization field in the header. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Bolo Solo
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
1.7%
CVE-2023-3375 HIGH This Week

Unrestricted Upload of File with Dangerous Type vulnerability in Unisign Bookreen allows OS Command Injection.0.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Command Injection
NVD VulDB
CVSS 3.1
7.2
EPSS
0.1%
CVE-2023-41108 HIGH POC This Week

TEF portal 2023-07-17 is vulnerable to authenticated remote code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Tef Portal
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2023-4739 CRITICAL POC Act Now

A vulnerability, which was classified as critical, has been found in Byzoro Smart S85F Management Platform up to 20230820. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Smart S85F Firmware
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
3.1%
CVE-2023-40980 CRITICAL POC Act Now

File Upload vulnerability in DWSurvey DWSurvey-OSS v.3.2.0 and before allows a remote attacker to execute arbitrary code via the saveimage method and savveFile in the action/UploadAction.java file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java RCE File Upload Dwsurvey
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-41638 HIGH POC This Week

An arbitrary file upload vulnerability in the Gestione Documentale module of GruppoSCAI RealGimm 1.1.37p38 allows attackers to execute arbitrary code via uploading a crafted file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Realgimm
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-41637 CRITICAL POC Act Now

An arbitrary file upload vulnerability in the Carica immagine function of GruppoSCAI RealGimm 1.1.37p38 allows attackers to execute arbitrary code via uploading a crafted HTML file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Realgimm
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

baserCMS is a website development framework. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload XSS Basercms
NVD GitHub
EPSS 1% CVSS 8.8
HIGH This Week

BigBlueButton is an open-source virtual classroom. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Bigbluebutton
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

A vulnerability was found in code-projects Admission Management System 1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Admission Management System
NVD GitHub VulDB
EPSS 1% CVSS 8.8
HIGH This Week

An issue was discovered in SugarCRM 12 before 12.0.4 and 13 before 13.0.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload PHP Sugarcrm
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

A vulnerability has been found in flusity CMS and classified as critical. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Flusity
NVD GitHub VulDB
EPSS 1% CVSS 8.8
HIGH POC This Week

A vulnerability was found in CodeAstro POS System 1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Pos System
NVD VulDB
EPSS 1% CVSS 8.8
HIGH POC This Week

A vulnerability was found in CodeAstro POS System 1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Pos System
NVD VulDB
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

A vulnerability classified as critical was found in SourceCodester File Manager App 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP File Manager App
NVD GitHub VulDB
EPSS 1% CVSS 7.8
HIGH POC This Week

File Upload vulnerability in zzzCMS v.2.1.9 allows a remote attacker to execute arbitrary code via a crafted file to the down_url function in zzz.php file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload PHP +1
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

File Upload vulnerability in zzzCMS v.2.1.9 allows a remote attacker to execute arbitrary code via modification of the imageext parameter from jpg, jpeg,gif, and png to jpg, jpeg,gif, png, pphphp. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Zzzcms
NVD GitHub
EPSS 0% CVSS 4.8
MEDIUM POC This Month

A File upload vulnerability in RiteCMS 3.0 allows a local attacker to upload a SVG file with XSS content. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload XSS Ritecms
NVD GitHub
EPSS 1% CVSS 8.8
HIGH This Week

Arbitrary file upload to web root in the IDAttend’s IDWeb application 3.1.013 allows authenticated attackers to upload dangerous files to web root such as ASP or ASPX, gaining command execution on. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal File Upload Idweb
NVD
EPSS 0% CVSS 7.3
HIGH This Week

Insufficient blacklisting in M-Files Web Companion before release version 23.10 and LTS Service Release Versions before 23.8 LTS SR1 allows Remote Code Execution via specific file types. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

RCE File Upload Web Companion
NVD
EPSS 7% CVSS 9.8
CRITICAL POC Act Now

The Simple:Press - WordPress Forum Plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ~/admin/resources/jscript/ajaxupload/sf-uploader.php file in. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress PHP File Upload +2
NVD WPScan VulDB
EPSS 1% CVSS 9.8
CRITICAL Act Now

KnowBand supercheckout > 5.0.7 and < 6.0.7 is vulnerable to Unrestricted Upload of File with Dangerous Type. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload PHP Supercheckout
NVD
EPSS 0% CVSS 8.8
HIGH This Week

HCL Compass is vulnerable to lack of file upload security. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Hcl Compass
NVD
EPSS 1% CVSS 7.2
HIGH POC This Week

Sourcecodester Best Courier Management System 1.0 is vulnerable to Arbitrary file upload in the update_user function. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Best Courier Management System
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

eSST Monitoring v2.147.1 was discovered to contain a remote code execution (RCE) vulnerability via the file upload function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Esst Monitoring
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

An arbitrary file upload vulnerability in the component ajax_link.php of lylme_spage v1.7.0 allows attackers to execute arbitrary code via uploading a crafted file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload PHP +1
NVD GitHub
EPSS 0% CVSS 7.8
HIGH POC This Week

An issue in Expense Management System v.1.0 allows a local attacker to execute arbitrary code via a crafted file uploaded to the sign-up.php component. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload PHP +1
NVD GitHub
EPSS 1% CVSS 8.8
HIGH This Week

Unrestricted upload of file with dangerous type vulnerability in create template function in EasyUse MailHunter Ultimate 2023 and earlier allows remote authenticated users to perform arbitrary system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Mailhunter Ultimate
NVD
EPSS 0% CVSS 5.4
MEDIUM POC This Month

The Drag and Drop Multiple File Upload for WooCommerce WordPress plugin before 1.1.1 does not filter all potentially dangerous file extensions. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload WordPress Drag And Drop Multiple File Uploader
NVD WPScan
EPSS 0% CVSS 5.4
MEDIUM POC This Month

The WordPress File Upload WordPress plugin before 4.23.3 does not sanitise and escape some of its settings, which could allow high privilege users such as contributors to perform Stored Cross-Site. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload WordPress XSS +1
NVD WPScan
EPSS 0% CVSS 7.2
HIGH PATCH This Week

IBM Security Verify Governance 10.0 could allow a privileged use to upload arbitrary files due to improper file validation. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload IBM Security Verify Governance
NVD
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

qdPM 9.2 allows remote code execution by using the Add Attachments feature of Edit Project to upload a .php file to the /uploads URI. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload PHP +1
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM POC This Month

File Upload vulnerability in Koha Library Software 23.05.04 and before allows a remote attacker to read arbitrary files via the upload-cover-image.pl component. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Koha Library Software
NVD GitHub
EPSS 2% CVSS 8.8
HIGH POC This Week

A vulnerability has been found in Byzoro Smart S45F Multi-Service Secure Gateway Intelligent Management Platform up to 20230928 and classified as critical. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Smart S45F Firmware
NVD GitHub VulDB
EPSS 2% CVSS 8.8
HIGH POC This Week

A vulnerability, which was classified as critical, was found in Byzoro Smart S45F Multi-Service Secure Gateway Intelligent Management Platform up to 20230928. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Smart S45F Firmware
NVD GitHub VulDB
EPSS 2% CVSS 8.8
HIGH POC This Week

A vulnerability, which was classified as critical, has been found in Byzoro Smart S45F Multi-Service Secure Gateway Intelligent Management Platform up to 20230928.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Smart S45F Firmware
NVD GitHub VulDB
EPSS 2% CVSS 8.8
HIGH POC This Week

A vulnerability classified as critical was found in Byzoro Smart S45F Multi-Service Secure Gateway Intelligent Management Platform up to 20230928. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Smart S45F Firmware
NVD GitHub VulDB
EPSS 2% CVSS 8.8
HIGH POC This Week

A vulnerability classified as critical has been found in Byzoro Smart S45F Multi-Service Secure Gateway Intelligent Management Platform up to 20230928. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Smart S45F Firmware
NVD GitHub VulDB
EPSS 2% CVSS 8.8
HIGH POC This Week

A vulnerability was found in Byzoro Smart S45F Multi-Service Secure Gateway Intelligent Management Platform up to 20230928. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Smart S45F Firmware
NVD GitHub VulDB
EPSS 1% CVSS 5.4
MEDIUM POC This Month

Concrete CMS v9.2.1 is affected by an Arbitrary File Upload vulnerability via a Thumbnail file upload, which allows Cross-Site Scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload XSS Concrete Cms
NVD GitHub
EPSS 1% CVSS 8.8
HIGH This Week

Atos Unify OpenScape Common Management Portal V10 before V10 R4.17.0 and V10 R5.1.0 allows an authenticated attacker to execute arbitrary code on the operating system by leveraging the Common. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE File Upload Unify Openscape Common Management
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

File Upload vulnerability in Simple and Nice Shopping Cart Script v.1.0 allows a remote attacker to execute arbitrary code via the upload function in the edit profile component. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Simple And Nice Shopping Cart Script
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

pigcms up to 7.0 was discovered to contain an arbitrary file upload vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Pigcms
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

File Upload vulnerability in Digital China Networks DCFW-1800-SDC v.3.0 allows an authenticated attacker to execute arbitrary code via the wget function in the /sbin/cloudadmin.sh component. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Dcfw 1800 Sdc Firmware
NVD GitHub
EPSS 1% CVSS 7.8
HIGH POC This Week

An arbitrary file upload vulnerability in Personal Management System v1.4.64 allows attackers to execute arbitrary code via uploading a crafted SVG file into a user profile's avatar. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Personal Management System
NVD GitHub
EPSS 19% CVSS 9.8
CRITICAL POC THREAT Act Now

An arbitrary file upload vulnerability in the component /admin/plugin.php of Emlog Pro v2.2.0 allows attackers to execute arbitrary code via uploading a crafted PHP file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload PHP +1
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

An arbitrary file upload vulnerability in the component /content/templates/ of Emlog Pro v2.2.0 allows attackers to execute arbitrary code via uploading a crafted PHP file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload PHP +1
NVD GitHub
EPSS 1% CVSS 8.8
HIGH This Week

This vulnerability allows an authenticated attacker to upload malicious files by bypassing the restrictions of the upload functionality, compromising the entire device. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Et 7060 Firmware
NVD
EPSS 1% CVSS 8.8
HIGH This Week

The file upload functionality is not implemented correctly and allows uploading of any type of file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Qsige
NVD
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

File Upload vulnerability in mojoPortal v.2.7.0.0 allows a remote attacker to execute arbitrary code via the Skin Management function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Mojoportal
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

File Upload vulnerability in mojoPortal v.2.7.0.0 allows a remote attacker to execute arbitrary code via the File Manager function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Mojoportal
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

Unrestricted Upload of File with Dangerous Type in GitHub repository thorsten/phpmyfaq prior to 3.1.8. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload Phpmyfaq
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

A vulnerability classified as critical has been found in SourceCodester Engineers Online Portal 1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Engineers Online Portal
NVD GitHub VulDB
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

A vulnerability, which was classified as critical, has been found in SourceCodester Engineers Online Portal 1.0.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Engineers Online Portal
NVD GitHub VulDB
EPSS 1% CVSS 8.8
HIGH POC This Week

A vulnerability has been found in OpenRapid RapidCMS 1.3.1 and classified as critical. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Rapidcms
NVD GitHub VulDB
EPSS 1% CVSS 8.8
HIGH POC This Week

Gym Management System Project v1.0 is vulnerable to an Insecure File Upload vulnerability on the 'file' parameter of profile/i.php page, allowing an authenticated attacker to obtain Remote Code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload PHP +1
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

Online Book Store Project v1.0 is vulnerable to an Insecure File Upload vulnerability on the 'image' parameter of admin_edit.php page, allowing an authenticated attacker to obtain Remote Code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload PHP +1
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

An arbitrary file upload vulnerability in dede/baidunews.php in DedeCMS 5.7.111 and earlier allows attackers to execute arbitrary code via uploading a crafted PHP file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload PHP +1
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC This Month

A File upload vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to upload a pdf file with hidden Cross Site Scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload XSS Cms Made Simple
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM POC This Month

A File upload vulnerability in WBCE v.1.6.1 allows a local attacker to upload a pdf file with hidden Cross Site Scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload XSS Wbce Cms
NVD GitHub
EPSS 28% CVSS 8.8
HIGH POC THREAT This Week

A remote code execution (RCE) vulnerability via an insecure file upload exists in gugoan's Economizzer v.0.9-beta1 and commit 3730880 (April 2023). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload PHP +1
NVD GitHub
EPSS 1% CVSS 7.2
HIGH This Week

Welcart e-Commerce versions 2.7 to 2.8.21 allows a user with editor or higher privilege to upload an arbitrary file to an unauthorized directory. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Welcart E Commerce
NVD
EPSS 1% CVSS 7.2
HIGH This Week

SiberianCMS - CWE-434: Unrestricted Upload of File with Dangerous Type - A malicious user with administrative privileges may be able to upload a dangerous filetype via an unspecified method. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Siberiancms
NVD
EPSS 15% CVSS 8.8
HIGH This Week

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability has been found in D-Link DAR-8000 up to 20151231 and classified as critical. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload D-Link PHP +1
NVD GitHub VulDB
EPSS 23% CVSS 8.8
HIGH POC THREAT This Week

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical has been found in D-Link DAR-7000 and DAR-8000 up to 20151231. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload D-Link PHP +2
NVD GitHub VulDB
EPSS 21% CVSS 8.8
HIGH POC THREAT This Week

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DAR-7000 up to 20151231. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload D-Link PHP +1
NVD GitHub VulDB
EPSS 31% CVSS 8.8
HIGH POC THREAT This Week

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DAR-7000 and DAR-8000 up to 20151231. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload D-Link PHP +2
NVD GitHub VulDB
EPSS 27% CVSS 8.8
HIGH POC THREAT This Week

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DAR-7000 up to 20151231. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload D-Link PHP +1
NVD GitHub VulDB
EPSS 33% CVSS 8.8
HIGH POC THREAT This Week

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DAR-7000 and DAR-8000 up to 20151231 and classified as critical. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload D-Link PHP +2
NVD GitHub VulDB
EPSS 34% CVSS 8.8
HIGH This Week

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability has been found in D-Link DAR-7000 up to 20151231 and classified as critical. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload D-Link PHP +2
NVD GitHub VulDB
EPSS 6% CVSS 8.8
HIGH POC This Week

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in D-Link DAR-7000 and DAR-8000 up to 20151231. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload D-Link PHP +2
NVD GitHub VulDB
EPSS 1% CVSS 5.3
MEDIUM POC PATCH This Month

DataEase is an open source data visualization and analysis tool. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

File Upload Dataease
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

Unrestricted File Upload vulnerability in Fl3xx Dispatch 2.10.37 and fl3xx Crew 2.10.37 allows a remote attacker to execute arbitrary code via the add attachment function in the New Expense component. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Crew +1
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

A file upload vulnerability in EliteCMS v1.01 allows a remote attacker to execute arbitrary code via the manage_uploads.php component. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload PHP +1
NVD GitHub
EPSS 1% CVSS 8.1
HIGH PATCH This Week

In Jenkins 2.423 and earlier, LTS 2.414.1 and earlier, processing file uploads using the Stapler web framework creates temporary files in the default system temporary directory with the default. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins File Upload
NVD
EPSS 17% CVSS 9.8
CRITICAL POC THREAT Act Now

fake_upload.cgi on the Telstra Smart Modem Gen 2 (Arcadyan LH1000), firmware versions < 0.18.15r, allows unauthenticated attackers to upload firmware images and configuration backups, which could. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Arcadyan Lh1000 Firmware
NVD
EPSS 0% CVSS 7.8
HIGH This Week

An XPC misconfiguration vulnerability in CoreCode MacUpdater before 2.3.8, and 3.x before 3.1.2, allows attackers to escalate privileges by crafting malicious .pkg files. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

File Upload Macupdater
NVD GitHub
EPSS 0% CVSS 7.8
HIGH POC PATCH This Week

An issue was discovered in Croc through 9.6.5. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Croc
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC PATCH This Week

File Upload vulnerability in Dolibarr ERP CRM v.17.0.1 and before allows a remote attacker to execute arbitrary code and obtain sensitive information via the extension filtering and renaming. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

File Upload RCE Dolibarr Erp Crm
NVD VulDB
EPSS 2% CVSS 8.8
HIGH POC This Week

File Upload vulnerability in Openupload Stable v.0.4.3 allows a remote attacker to execute arbitrary code via the action parameter of the compress-inc.php file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload PHP +1
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

A vulnerability classified as problematic was found in SourceCodester My Food Recipe 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload PHP My Food Recipe
NVD VulDB
EPSS 0% CVSS 4.8
MEDIUM This Month

Gradio v3.27.0 was discovered to contain an arbitrary file upload vulnerability via the /upload interface. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

File Upload Gradio
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL Act Now

A vulnerability, which was classified as problematic, was found in Bettershop LaikeTui. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload PHP Laiketui
NVD VulDB
EPSS 1% CVSS 5.4
MEDIUM This Month

An arbitrary file upload vulnerability in Teller Web App v.4.4.0 allows a remote attacker to execute arbitrary commands and obtain sensitive information via uploading a crafted file. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload XSS Teller
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

An arbitrary file upload vulnerability in the /user/upload component of lenosp 1.0-1.2.0 allows attackers to execute html code via a crafted JPG file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Lenosp
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

The Gotham Cerberus service was found to have a stored cross-site scripting (XSS) vulnerability that could have allowed an attacker with access to Gotham to launch attacks against other users. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload XSS Gotham Cerberus
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

DedeCMS 5.7.102 has a File Upload vulnerability via uploads/dede/module_make.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload PHP Dedecms
NVD
EPSS 0% CVSS 8.8
HIGH This Week

A vulnerability has been identified in QMS Automotive (All versions < V12.39). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Qms Automotive
NVD
EPSS 1% CVSS 7.3
HIGH This Week

Due to insufficient file type validation, SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface) - version 420, allows a report creator to upload files from local system. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP File Upload Information Disclosure +1
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

An arbitrary file upload vulnerability in the Upload Asset function of Cockpit CMS v2.6.3 allows attackers to execute arbitrary code via uploading a crafted .shtml file. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE File Upload Cockpit
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

File Upload vulnerability in adlered bolo-solo v.2.6 allows a remote attacker to execute arbitrary code via a crafted script to the authorization field in the header. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Bolo Solo
NVD GitHub VulDB
EPSS 0% CVSS 7.2
HIGH This Week

Unrestricted Upload of File with Dangerous Type vulnerability in Unisign Bookreen allows OS Command Injection.0.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Command Injection
NVD VulDB
EPSS 1% CVSS 8.8
HIGH POC This Week

TEF portal 2023-07-17 is vulnerable to authenticated remote code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Tef Portal
NVD
EPSS 3% CVSS 9.8
CRITICAL POC Act Now

A vulnerability, which was classified as critical, has been found in Byzoro Smart S85F Management Platform up to 20230820. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Smart S85F Firmware
NVD GitHub VulDB
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

File Upload vulnerability in DWSurvey DWSurvey-OSS v.3.2.0 and before allows a remote attacker to execute arbitrary code via the saveimage method and savveFile in the action/UploadAction.java file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java RCE File Upload +1
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

An arbitrary file upload vulnerability in the Gestione Documentale module of GruppoSCAI RealGimm 1.1.37p38 allows attackers to execute arbitrary code via uploading a crafted file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Realgimm
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

An arbitrary file upload vulnerability in the Carica immagine function of GruppoSCAI RealGimm 1.1.37p38 allows attackers to execute arbitrary code via uploading a crafted HTML file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Realgimm
NVD GitHub
Prev Page 26 of 45 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy