Skip to main content

File Upload

4034 CVEs technique

Monthly

CVE-2023-4596 CRITICAL POC PATCH THREAT Act Now

The Forminator plugin for WordPress is vulnerable to arbitrary file uploads due to file type validation occurring after a file has been uploaded to the server in the upload_post_image() function in. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 92.1%.

WordPress File Upload RCE Forminator
NVD Exploit-DB VulDB
CVSS 3.1
9.8
EPSS
92.1%
Threat
6.2
CVE-2023-40825 HIGH POC This Week

An issue in Perfree PerfreeBlog v.3.1.2 allows a remote attacker to execute arbitrary code via crafted plugin listed in admin/plugin/access/list. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Perfreeblog
NVD GitHub
CVSS 3.1
7.2
EPSS
1.0%
CVE-2023-38029 CRITICAL Act Now

Saho’s attendance devices ADM100 and ADM-100FP has insufficient filtering for special characters and file type within their file uploading function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Adm 100 Firmware Adm 100Fp Firmware
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-4559 CRITICAL Act Now

A vulnerability, which was classified as critical, has been found in Bettershop LaikeTui. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload PHP Laiketui
NVD VulDB
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-32757 CRITICAL Act Now

e-Excellence U-Office Force file uploading function does not restrict upload of file with dangerous type. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Microsoft U Office Force
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-24517 HIGH POC This Week

Unrestricted Upload of File with Dangerous Type vulnerability in the Pandora FMS File Manager component, allows an attacker to make make use of this issue ( unrestricted file upload ) to execute. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Pandora Fms
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2023-38836 HIGH POC THREAT Act Now

File Upload vulnerability in BoidCMS v.2.0.0 allows a remote attacker to execute arbitrary code by adding a GIF header to bypass MIME type checks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 73.0%.

File Upload RCE Boidcms
NVD GitHub Exploit-DB VulDB
CVSS 3.1
8.8
EPSS
73.0%
Threat
5.5
CVE-2023-4409 HIGH POC This Week

A vulnerability, which was classified as critical, has been found in NBS&HappySoftWeChat 1.1.6. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Nbs Happysoftwechat
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-39970 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in AcyMailing component for Joomla. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE File Upload Acymailing Starter
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-31946 HIGH POC This Week

File Upload vulnerability found in Online Travel Agency System v.1.0 allows a remote attacker to execute arbitrary code via a crafted PHP file to the artical.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload PHP Online Travel Agency System
NVD GitHub
CVSS 3.1
7.2
EPSS
1.2%
CVE-2023-31941 HIGH POC This Week

File Upload vulnerability found in Online Travel Agency System v.1.0 allows a remote attacker to execute arbitrary code via a crafted PHP file to the employee_insert.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload PHP Online Travel Agency System
NVD GitHub
CVSS 3.1
7.2
EPSS
1.2%
CVE-2023-39115 CRITICAL POC Act Now

install/aiz-uploader/upload in Campcodes Online Matrimonial Website System Script 3.3 allows XSS via a crafted SVG document. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload XSS Complete Online Matrimonial Website System Script
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
4.6%
CVE-2023-38915 CRITICAL POC Act Now

File Upload vulnerability in Wolf-leo EasyAdmin8 v.1.0 allows a remote attacker to execute arbtirary code via the upload type function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Easyadmin8
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-28482 MEDIUM POC This Month

An issue was discovered in Tigergraph Enterprise 3.7.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Tigergraph
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-28480 MEDIUM POC This Month

An issue was discovered in Tigergraph Enterprise 3.7.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Tigergraph
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-32564 CRITICAL Act Now

An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.4.1 and below that could allow an attacker to achieve a remove code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE File Upload Avalanche
NVD
CVSS 3.1
9.8
EPSS
37.4%
CVE-2023-32562 CRITICAL Act Now

An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.3.x and below that could allow an attacker to achieve a remove code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE File Upload Avalanche
NVD
CVSS 3.1
9.8
EPSS
38.4%
CVE-2023-39776 CRITICAL Act Now

A File Upload vulnerability in PHPJabbers Ticket Support Script v3.2 allows attackers to execute arbitrary code via uploading a crafted file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE File Upload Ticket Support Script
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-4243 HIGH This Week

The FULL - Customer plugin for WordPress is vulnerable to Arbitrary File Upload via the /install-plugin REST route in versions up to, and including, 2.2.3 due to improper authorization. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress File Upload Full Customer
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-4186 CRITICAL POC Act Now

A vulnerability was found in SourceCodester Pharmacy Management System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Pharmacy Management System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-37581 MEDIUM This Month

Insufficient input validation and sanitation in Weblog Category name, Website About and File Upload features in all versions of Apache Roller on all platforms allows an authenticated user to perform. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache File Upload XSS Roller
NVD
CVSS 3.1
5.4
EPSS
0.9%
CVE-2023-39346 CRITICAL PATCH Act Now

LinuxASMCallGraph is software for drawing the call graph of the programming code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

RCE File Upload Linuxasmcallgraph
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-4159 HIGH POC PATCH This Week

Unrestricted Upload of File with Dangerous Type in GitHub repository omeka/omeka-s prior to 4.0.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

File Upload Omeka S
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-38947 HIGH POC This Week

An arbitrary file upload vulnerability in the /languages/install.php component of WBCE CMS v1.6.1 allows attackers to execute arbitrary code via a crafted PHP file. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload PHP Wbce Cms
NVD GitHub
CVSS 3.1
7.2
EPSS
0.5%
CVE-2023-36299 HIGH POC PATCH This Week

A File Upload vulnerability in typecho v.1.2.1 allows a remote attacker to execute arbitrary code via the upload and options-general parameters in index.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE File Upload PHP Typecho
NVD GitHub
CVSS 3.1
8.8
EPSS
1.4%
CVE-2023-36298 HIGH POC This Week

DedeCMS v5.7.109 has a File Upload vulnerability, leading to remote code execution (RCE). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Dedecms
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2023-4121 CRITICAL POC Act Now

A vulnerability was found in Byzoro Smart S85F Management Platform up to 20230722. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Smart S85F
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
2.3%
CVE-2023-36212 HIGH POC THREAT This Week

File Upload vulnerability in Total CMS v.1.7.4 allows a remote attacker to execute arbitrary code via a crafted PHP file to the edit page function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload PHP Total Cms
NVD GitHub Exploit-DB
CVSS 3.1
8.8
EPSS
23.7%
CVE-2023-38330 MEDIUM This Month

OXID eShop Enterprise Edition 6.5.0 - 6.5.2 before 6.5.3 allows uploading files with modified headers in the administration area. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Eshop
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2023-31428 MEDIUM This Month

Brocade Fabric OS before Brocade Fabric OS v9.1.1c, v9.2.0 contains a vulnerability in the command line that could allow a local user to dump files under user's home directory using grep. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

File Upload Brocade Fabric Operating System
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-39147 HIGH POC This Week

An arbitrary file upload vulnerability in Uvdesk 1.1.3 allows attackers to execute arbitrary code via uploading a crafted image file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Uvdesk
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
1.1%
CVE-2023-33493 CRITICAL Act Now

An Unrestricted Upload of File with Dangerous Type vulnerability in the Ajaxmanager File and Database explorer (ajaxmanager) module for PrestaShop through 2.3.0, allows remote attackers to upload. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Ajaxmanager
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-38306 MEDIUM POC This Month

An issue was discovered in Webmin 2.021. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload XSS Webmin
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-32225 HIGH This Week

Sysaid - CWE-434: Unrestricted Upload of File with Dangerous Type - A malicious user with administrative privileges may be able to upload a dangerous filetype via an unspecified method. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Sysaid On Premises
NVD
CVSS 3.1
7.2
EPSS
0.6%
CVE-2023-37692 PHP MEDIUM POC This Month

An arbitrary file upload vulnerability in October CMS v3.4.4 allows attackers to execute arbitrary code via a crafted file. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload XSS October
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-37677 CRITICAL POC Act Now

Pligg CMS v2.0.2 (also known as Kliqqi) was discovered to contain a remote code execution (RCE) vulnerability in the component admin_editor.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload PHP Pligg Cms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-34798 CRITICAL Act Now

An arbitrary file upload vulnerability in eoffice before v9.5 allows attackers to execute arbitrary code via uploading a crafted file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE File Upload E Office
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-3486 HIGH This Week

An authentication bypass exists in PaperCut NG versions 22.0.12 and prior that could allow a remote, unauthenticated attacker to upload arbitrary files to the PaperCut NG host’s file storage. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Authentication Bypass Papercut Mf Papercut Ng
NVD
CVSS 3.1
7.5
EPSS
75.8%
CVE-2023-32637 CRITICAL Act Now

GBrowse accepts files with any formats uploaded and places them in the area accessible through unauthenticated web requests. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE File Upload Gbrowse
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-3852 HIGH POC PATCH THREAT This Week

A vulnerability was found in OpenRapid RapidCMS up to 1.3.1. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

File Upload PHP Rapidcms
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
23.2%
CVE-2023-3836 CRITICAL POC THREAT Act Now

A vulnerability classified as critical was found in Dahua Smart Park Management up to 20230713. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Dahua File Upload Smart Parking Management
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
73.5%
CVE-2023-3815 Maven MEDIUM POC This Month

A vulnerability, which was classified as problematic, has been found in y_project RuoYi up to 4.7.7. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload XSS Ruoyi
NVD VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-3806 CRITICAL POC Act Now

A vulnerability, which was classified as critical, was found in SourceCodester House Rental and Property Listing System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP House Rental And Property Listing Php
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-3804 CRITICAL POC Act Now

A vulnerability classified as problematic was found in Chengdu Flash Flood Disaster Monitoring and Warning System 2.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Flash Flood Disaster Monitoring And Warning System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-3802 CRITICAL POC Act Now

A vulnerability was found in Chengdu Flash Flood Disaster Monitoring and Warning System 2.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Flash Flood Disaster Monitoring And Warning System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-3800 MEDIUM This Month

A vulnerability was found in EasyAdmin8 2.0.2.2. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.

File Upload Easyadmin8
NVD GitHub VulDB
CVSS 3.1
6.6
EPSS
0.6%
CVE-2023-3798 CRITICAL POC Act Now

A vulnerability has been found in Chengdu Flash Flood Disaster Monitoring and Warning System 2.0 and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Flash Flood Disaster Monitoring And Warning System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-3797 HIGH POC This Week

A vulnerability, which was classified as critical, was found in Gen Technology Four Mountain Torrent Disaster Prevention and Control of Monitoring and Early Warning System up to 20230712. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Four Mountain Torrent Disaster Prevention Control Monitoring And Early Warning System
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-3796 HIGH This Week

A vulnerability, which was classified as problematic, has been found in Bug Finder Foody Friend 1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Foody Friend
NVD VulDB
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-37602 Maven MEDIUM POC This Month

An arbitrary file upload vulnerability in the component /workplace#!explorer of Alkacon OpenCMS v15.0 allows attackers to execute arbitrary code via uploading a crafted PNG file. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload XSS Opencms
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-37289 CRITICAL Act Now

It is identified a vulnerability of Unrestricted Upload of File with Dangerous Type in the file uploading function in InfoDoc Document On-line Submission and Approval System, which allows an. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Document On Line Submission And Approval System
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-3722 CRITICAL POC Act Now

An OS command injection vulnerability was found in the Avaya Aura Device Services Web application which could allow remote code execution as the Web server user via a malicious uploaded file.1.4.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE File Upload Command Injection Aura Device Services
NVD
CVSS 3.1
9.8
EPSS
3.3%
CVE-2023-37733 MEDIUM POC This Month

An arbitrary file upload vulnerability in tduck-platform v4.0 allows attackers to execute arbitrary code via a crafted HTML file. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS RCE File Upload Tduck Platform
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-35189 CRITICAL Act Now

Iagona ScrutisWeb versions 2.1.37 and prior are vulnerable to a remote code execution vulnerability that could allow an unauthenticated user to upload a malicious payload and execute it. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE File Upload Scrutisweb
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-38404 HIGH This Week

The XPRTLD web application in Veritas InfoScale Operations Manager (VIOM) before 8.0.0.410 allows an authenticated attacker to upload all types of files to the server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Infoscale Operations Manager
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-3692 PHP HIGH POC PATCH This Week

Unrestricted Upload of File with Dangerous Type in GitHub repository admidio/admidio prior to 4.2.10. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

File Upload Admidio
NVD GitHub
CVSS 3.1
7.2
EPSS
0.8%
CVE-2023-30791 MEDIUM POC This Month

Plane version 0.7.1-dev allows an attacker to change the avatar of his profile, which allows uploading files with HTML extension that interprets both HTML and JavaScript. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Plane
NVD GitHub
CVSS 3.1
4.6
EPSS
0.5%
CVE-2023-37839 CRITICAL POC Act Now

An arbitrary file upload vulnerability in /dede/file_manage_control.php of DedeCMS v5.7.109 allows attackers to execute arbitrary code via uploading a crafted PHP file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload PHP Dedecms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-3342 CRITICAL POC PATCH Act Now

The User Registration plugin for WordPress is vulnerable to arbitrary file uploads due to a hardcoded encryption key and missing file type validation on the 'ur_upload_profile_pic' function in. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE WordPress File Upload User Registration
NVD VulDB
CVSS 3.1
9.9
EPSS
6.4%
CVE-2023-34136 CRITICAL Act Now

Vulnerability in SonicWall GMS and Analytics allows unauthenticated attacker to upload files to a restricted location not controlled by the attacker.3.2-SP1 and earlier versions; Analytics:. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Sonicwall Analytics Global Management System
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-34126 HIGH This Week

Vulnerability in SonicWall GMS and Analytics allows an authenticated attacker to upload files on the underlying filesystem with root privileges.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Sonicwall Analytics Global Management System
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-37629 CRITICAL POC THREAT Act Now

Online Piggery Management System 1.0 is vulnerable to File Upload. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Simple Online Piggery Management System
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
23.3%
CVE-2023-3626 CRITICAL POC Act Now

A vulnerability, which was classified as critical, has been found in Suncreate Mountain Flood Disaster Prevention Monitoring and Early Warning System up to 20230706.ashx of the component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Mountain Flood Disaster Prevention Monitoring And Early Warning System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-3625 CRITICAL POC Act Now

A vulnerability classified as critical was found in Suncreate Mountain Flood Disaster Prevention Monitoring and Early Warning System up to 20230706. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Mountain Flood Disaster Prevention Monitoring And Early Warning System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-3623 CRITICAL POC Act Now

A vulnerability was found in Suncreate Mountain Flood Disaster Prevention Monitoring and Early Warning System up to 20230704. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Mountain Flood Disaster Prevention Monitoring And Early Warning System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-37658 MEDIUM POC This Month

fast-poster v2.15.0 is vulnerable to Cross Site Scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload XSS Fast Poster
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-37656 CRITICAL POC Act Now

WebsiteGuide v0.2 is vulnerable to Remote Command Execution (RCE) via image upload. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Websiteguide
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2023-37152 CRITICAL POC Act Now

Projectworlds Online Art Gallery Project 1.0 allows unauthenticated users to perform arbitrary file uploads via the adminHome.php page. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Online Art Gallery
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
2.0%
CVE-2023-34193 HIGH This Week

File Upload vulnerability in Zimbra ZCS 8.8.15 allows an authenticated privileged user to execute arbitrary code and obtain sensitive information via the ClientUploader function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE File Upload Collaboration
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2023-36970 MEDIUM POC This Month

A Cross-site scripting (XSS) vulnerability in CMS Made Simple v2.2.17 allows remote attackers to inject arbitrary web script or HTML via the File Upload function. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload XSS Cms Made Simple
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-36969 HIGH POC THREAT Act Now

CMS Made Simple v2.2.17 is vulnerable to Remote Command Execution via the File Upload Function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Cms Made Simple
NVD
CVSS 3.1
8.8
EPSS
49.3%
CVE-2023-36809 PyPI MEDIUM POC PATCH This Month

Kiwi TCMS, an open source test management system allows users to upload attachments to test plans, test cases, etc. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Mozilla XSS Nginx File Upload Kiwi Tcms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2023-37208 HIGH This Week

When opening Diagcab files, Firefox did not warn the user that these files may contain malicious code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

File Upload Mozilla Firefox Firefox Esr Thunderbird +1
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-3504 CRITICAL Act Now

A vulnerability was found in SmartWeb Infotech Job Board 1.0 and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Smartweb Infotech Job Board
NVD VulDB
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-3503 HIGH POC This Week

A vulnerability has been found in SourceCodester Shopping Website 1.0 and classified as critical. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Shopping Website
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-21640 HIGH This Week

Memory corruption in Linux when the file upload API is called with parameters having large buffer. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow File Upload Fastconnect 6900 Firmware Fastconnect 7800 Firmware Snapdragon 8 Gen 1 Firmware +3
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-3491 HIGH POC PATCH This Week

Unrestricted Upload of File with Dangerous Type in GitHub repository fossbilling/fossbilling prior to 0.5.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

File Upload Fossbilling
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-32621 HIGH PATCH This Week

WL-WN531AX2 firmware versions prior to 2023526 allows an attacker with an administrative privilege to upload arbitrary files and execute OS commands with the root privilege. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload Wl Wn531Ax2 Firmware
NVD
CVSS 3.1
7.2
EPSS
0.7%
CVE-2023-34738 CRITICAL POC Act Now

Chemex through 3.7.1 is vulnerable to arbitrary file upload. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Chemex
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-34736 HIGH POC This Week

Guantang Equipment Management System version 4.12 is vulnerable to Arbitrary File Upload. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Guantang Equipment Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.8%
CVE-2023-32526 MEDIUM PATCH This Month

Trend Micro Mobile Security (Enterprise) 9.8 SP5 contains widget vulnerabilities that could allow a remote attacker to create arbitrary files on affected installations. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload Trend Micro Mobile Security
NVD
CVSS 3.1
6.5
EPSS
2.0%
CVE-2023-32525 MEDIUM PATCH This Month

Trend Micro Mobile Security (Enterprise) 9.8 SP5 contains widget vulnerabilities that could allow a remote attacker to create arbitrary files on affected installations. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload Trend Micro Mobile Security
NVD
CVSS 3.1
6.5
EPSS
2.0%
CVE-2023-33404 CRITICAL POC THREAT Act Now

An Unrestricted Upload vulnerability, due to insufficient validation on UploadControlled.cs file, in BlogEngine.Net version 3.3.8.0 and earlier allows remote attackers to execute remote code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Blogengine Net
NVD GitHub
CVSS 3.1
9.8
EPSS
25.8%
CVE-2023-36630 HIGH POC This Week

In CloudPanel before 2.3.1, insecure file upload leads to privilege escalation and authentication bypass. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation File Upload Authentication Bypass Cloudpanel
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-1721 HIGH POC This Week

Yoga Class Registration System version 1.0 allows an administrator to execute commands on the server. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Yoga Class Registration System
NVD
CVSS 3.1
7.2
EPSS
1.0%
CVE-2023-27083 HIGH This Week

An issue discovered in /admin.php in Pluck CMS 4.7.15 through 4.7.16-dev5 allows remote attackers to run arbitrary code via manage file functionality. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE File Upload PHP Pluck
NVD
CVSS 3.1
7.2
EPSS
1.2%
CVE-2023-36097 PHP CRITICAL POC Act Now

funadmin v3.3.2 and v3.3.3 are vulnerable to Insecure file upload via the plugins install. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Funadmin
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-2359 HIGH POC This Week

The Slider Revolution WordPress plugin through 6.6.12 does not check for valid image files upon import, leading to an arbitrary file upload which may be escalated to Remote Code Execution in some. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Code Injection WordPress Slider Revolution
NVD WPScan
CVSS 3.1
8.8
EPSS
2.5%
CVE-2023-35808 HIGH This Week

An issue was discovered in SugarCRM Enterprise before 11.0.6 and 12.x before 12.0.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload PHP Sugarcrm
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2023-3295 HIGH This Week

The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) for WordPress is vulnerable to arbitrary file uploads due to missing file type validation of files in the file manager. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE File Upload WordPress Unlimited Elements For Elementor
NVD
CVSS 3.1
8.8
EPSS
1.3%
EPSS 92% 6.2 CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

The Forminator plugin for WordPress is vulnerable to arbitrary file uploads due to file type validation occurring after a file has been uploaded to the server in the upload_post_image() function in. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 92.1%.

WordPress File Upload RCE +1
NVD Exploit-DB VulDB
EPSS 1% CVSS 7.2
HIGH POC This Week

An issue in Perfree PerfreeBlog v.3.1.2 allows a remote attacker to execute arbitrary code via crafted plugin listed in admin/plugin/access/list. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Perfreeblog
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

Saho’s attendance devices ADM100 and ADM-100FP has insufficient filtering for special characters and file type within their file uploading function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Adm 100 Firmware Adm 100Fp Firmware
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

A vulnerability, which was classified as critical, has been found in Bettershop LaikeTui. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload PHP Laiketui
NVD VulDB
EPSS 1% CVSS 9.8
CRITICAL Act Now

e-Excellence U-Office Force file uploading function does not restrict upload of file with dangerous type. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Microsoft U Office Force
NVD
EPSS 1% CVSS 7.2
HIGH POC This Week

Unrestricted Upload of File with Dangerous Type vulnerability in the Pandora FMS File Manager component, allows an attacker to make make use of this issue ( unrestricted file upload ) to execute. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Pandora Fms
NVD GitHub
EPSS 73% 5.5 CVSS 8.8
HIGH POC THREAT Act Now

File Upload vulnerability in BoidCMS v.2.0.0 allows a remote attacker to execute arbitrary code by adding a GIF header to bypass MIME type checks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 73.0%.

File Upload RCE Boidcms
NVD GitHub Exploit-DB VulDB
EPSS 1% CVSS 8.8
HIGH POC This Week

A vulnerability, which was classified as critical, has been found in NBS&HappySoftWeChat 1.1.6. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Nbs Happysoftwechat
NVD GitHub VulDB
EPSS 1% CVSS 9.8
CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in AcyMailing component for Joomla. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE File Upload Acymailing Starter
NVD
EPSS 1% CVSS 7.2
HIGH POC This Week

File Upload vulnerability found in Online Travel Agency System v.1.0 allows a remote attacker to execute arbitrary code via a crafted PHP file to the artical.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload PHP +1
NVD GitHub
EPSS 1% CVSS 7.2
HIGH POC This Week

File Upload vulnerability found in Online Travel Agency System v.1.0 allows a remote attacker to execute arbitrary code via a crafted PHP file to the employee_insert.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload PHP +1
NVD GitHub
EPSS 5% CVSS 9.8
CRITICAL POC Act Now

install/aiz-uploader/upload in Campcodes Online Matrimonial Website System Script 3.3 allows XSS via a crafted SVG document. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload XSS Complete Online Matrimonial Website System Script
NVD GitHub Exploit-DB
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

File Upload vulnerability in Wolf-leo EasyAdmin8 v.1.0 allows a remote attacker to execute arbtirary code via the upload type function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Easyadmin8
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC This Month

An issue was discovered in Tigergraph Enterprise 3.7.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Tigergraph
NVD
EPSS 1% CVSS 6.5
MEDIUM POC This Month

An issue was discovered in Tigergraph Enterprise 3.7.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Tigergraph
NVD
EPSS 37% CVSS 9.8
CRITICAL Act Now

An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.4.1 and below that could allow an attacker to achieve a remove code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE File Upload Avalanche
NVD
EPSS 38% CVSS 9.8
CRITICAL Act Now

An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.3.x and below that could allow an attacker to achieve a remove code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE File Upload Avalanche
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

A File Upload vulnerability in PHPJabbers Ticket Support Script v3.2 allows attackers to execute arbitrary code via uploading a crafted file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE File Upload Ticket Support Script
NVD
EPSS 1% CVSS 8.8
HIGH This Week

The FULL - Customer plugin for WordPress is vulnerable to Arbitrary File Upload via the /install-plugin REST route in versions up to, and including, 2.2.3 due to improper authorization. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress File Upload +1
NVD
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

A vulnerability was found in SourceCodester Pharmacy Management System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Pharmacy Management System
NVD GitHub VulDB
EPSS 1% CVSS 5.4
MEDIUM This Month

Insufficient input validation and sanitation in Weblog Category name, Website About and File Upload features in all versions of Apache Roller on all platforms allows an authenticated user to perform. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache File Upload XSS +1
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

LinuxASMCallGraph is software for drawing the call graph of the programming code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

RCE File Upload Linuxasmcallgraph
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC PATCH This Week

Unrestricted Upload of File with Dangerous Type in GitHub repository omeka/omeka-s prior to 4.0.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

File Upload Omeka S
NVD GitHub
EPSS 0% CVSS 7.2
HIGH POC This Week

An arbitrary file upload vulnerability in the /languages/install.php component of WBCE CMS v1.6.1 allows attackers to execute arbitrary code via a crafted PHP file. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload PHP +1
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC PATCH This Week

A File Upload vulnerability in typecho v.1.2.1 allows a remote attacker to execute arbitrary code via the upload and options-general parameters in index.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE File Upload PHP +1
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

DedeCMS v5.7.109 has a File Upload vulnerability, leading to remote code execution (RCE). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Dedecms
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

A vulnerability was found in Byzoro Smart S85F Management Platform up to 20230722. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Smart S85F
NVD GitHub VulDB
EPSS 24% CVSS 8.8
HIGH POC THREAT This Week

File Upload vulnerability in Total CMS v.1.7.4 allows a remote attacker to execute arbitrary code via a crafted PHP file to the edit page function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload PHP +1
NVD GitHub Exploit-DB
EPSS 0% CVSS 5.3
MEDIUM This Month

OXID eShop Enterprise Edition 6.5.0 - 6.5.2 before 6.5.3 allows uploading files with modified headers in the administration area. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Eshop
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Brocade Fabric OS before Brocade Fabric OS v9.1.1c, v9.2.0 contains a vulnerability in the command line that could allow a local user to dump files under user's home directory using grep. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

File Upload Brocade Fabric Operating System
NVD
EPSS 1% CVSS 7.8
HIGH POC This Week

An arbitrary file upload vulnerability in Uvdesk 1.1.3 allows attackers to execute arbitrary code via uploading a crafted image file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Uvdesk
NVD Exploit-DB
EPSS 1% CVSS 9.8
CRITICAL Act Now

An Unrestricted Upload of File with Dangerous Type vulnerability in the Ajaxmanager File and Database explorer (ajaxmanager) module for PrestaShop through 2.3.0, allows remote attackers to upload. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Ajaxmanager
NVD
EPSS 1% CVSS 6.1
MEDIUM POC This Month

An issue was discovered in Webmin 2.021. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload XSS +1
NVD GitHub
EPSS 1% CVSS 7.2
HIGH This Week

Sysaid - CWE-434: Unrestricted Upload of File with Dangerous Type - A malicious user with administrative privileges may be able to upload a dangerous filetype via an unspecified method. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Sysaid On Premises
NVD
EPSS 0% CVSS 5.4
MEDIUM POC This Month

An arbitrary file upload vulnerability in October CMS v3.4.4 allows attackers to execute arbitrary code via a crafted file. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload XSS +1
NVD
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

Pligg CMS v2.0.2 (also known as Kliqqi) was discovered to contain a remote code execution (RCE) vulnerability in the component admin_editor.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload PHP +1
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

An arbitrary file upload vulnerability in eoffice before v9.5 allows attackers to execute arbitrary code via uploading a crafted file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE File Upload E Office
NVD GitHub
EPSS 76% CVSS 7.5
HIGH This Week

An authentication bypass exists in PaperCut NG versions 22.0.12 and prior that could allow a remote, unauthenticated attacker to upload arbitrary files to the PaperCut NG host’s file storage. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Authentication Bypass Papercut Mf +1
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

GBrowse accepts files with any formats uploaded and places them in the area accessible through unauthenticated web requests. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE File Upload Gbrowse
NVD
EPSS 23% CVSS 7.2
HIGH POC PATCH THREAT This Week

A vulnerability was found in OpenRapid RapidCMS up to 1.3.1. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

File Upload PHP Rapidcms
NVD GitHub VulDB
EPSS 74% CVSS 9.8
CRITICAL POC THREAT Act Now

A vulnerability classified as critical was found in Dahua Smart Park Management up to 20230713. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Dahua File Upload Smart Parking Management
NVD GitHub VulDB
EPSS 1% CVSS 6.1
MEDIUM POC This Month

A vulnerability, which was classified as problematic, has been found in y_project RuoYi up to 4.7.7. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload XSS Ruoyi
NVD VulDB
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

A vulnerability, which was classified as critical, was found in SourceCodester House Rental and Property Listing System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP House Rental And Property Listing Php
NVD GitHub VulDB
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

A vulnerability classified as problematic was found in Chengdu Flash Flood Disaster Monitoring and Warning System 2.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Flash Flood Disaster Monitoring And Warning System
NVD GitHub VulDB
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

A vulnerability was found in Chengdu Flash Flood Disaster Monitoring and Warning System 2.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Flash Flood Disaster Monitoring And Warning System
NVD GitHub VulDB
EPSS 1% CVSS 6.6
MEDIUM This Month

A vulnerability was found in EasyAdmin8 2.0.2.2. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.

File Upload Easyadmin8
NVD GitHub VulDB
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

A vulnerability has been found in Chengdu Flash Flood Disaster Monitoring and Warning System 2.0 and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Flash Flood Disaster Monitoring And Warning System
NVD GitHub VulDB
EPSS 1% CVSS 8.8
HIGH POC This Week

A vulnerability, which was classified as critical, was found in Gen Technology Four Mountain Torrent Disaster Prevention and Control of Monitoring and Early Warning System up to 20230712. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Four Mountain Torrent Disaster Prevention Control Monitoring And Early Warning System
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH This Week

A vulnerability, which was classified as problematic, has been found in Bug Finder Foody Friend 1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Foody Friend
NVD VulDB
EPSS 1% CVSS 6.1
MEDIUM POC This Month

An arbitrary file upload vulnerability in the component /workplace#!explorer of Alkacon OpenCMS v15.0 allows attackers to execute arbitrary code via uploading a crafted PNG file. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload XSS +1
NVD Exploit-DB
EPSS 1% CVSS 9.8
CRITICAL Act Now

It is identified a vulnerability of Unrestricted Upload of File with Dangerous Type in the file uploading function in InfoDoc Document On-line Submission and Approval System, which allows an. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Document On Line Submission And Approval System
NVD
EPSS 3% CVSS 9.8
CRITICAL POC Act Now

An OS command injection vulnerability was found in the Avaya Aura Device Services Web application which could allow remote code execution as the Web server user via a malicious uploaded file.1.4.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE File Upload Command Injection +1
NVD
EPSS 1% CVSS 6.1
MEDIUM POC This Month

An arbitrary file upload vulnerability in tduck-platform v4.0 allows attackers to execute arbitrary code via a crafted HTML file. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS RCE File Upload +1
NVD GitHub VulDB
EPSS 1% CVSS 9.8
CRITICAL Act Now

Iagona ScrutisWeb versions 2.1.37 and prior are vulnerable to a remote code execution vulnerability that could allow an unauthenticated user to upload a malicious payload and execute it. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE File Upload Scrutisweb
NVD
EPSS 1% CVSS 8.8
HIGH This Week

The XPRTLD web application in Veritas InfoScale Operations Manager (VIOM) before 8.0.0.410 allows an authenticated attacker to upload all types of files to the server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Infoscale Operations Manager
NVD
EPSS 1% CVSS 7.2
HIGH POC PATCH This Week

Unrestricted Upload of File with Dangerous Type in GitHub repository admidio/admidio prior to 4.2.10. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

File Upload Admidio
NVD GitHub
EPSS 0% CVSS 4.6
MEDIUM POC This Month

Plane version 0.7.1-dev allows an attacker to change the avatar of his profile, which allows uploading files with HTML extension that interprets both HTML and JavaScript. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Plane
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

An arbitrary file upload vulnerability in /dede/file_manage_control.php of DedeCMS v5.7.109 allows attackers to execute arbitrary code via uploading a crafted PHP file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload PHP +1
NVD GitHub
EPSS 6% CVSS 9.9
CRITICAL POC PATCH Act Now

The User Registration plugin for WordPress is vulnerable to arbitrary file uploads due to a hardcoded encryption key and missing file type validation on the 'ur_upload_profile_pic' function in. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE WordPress File Upload +1
NVD VulDB
EPSS 1% CVSS 9.8
CRITICAL Act Now

Vulnerability in SonicWall GMS and Analytics allows unauthenticated attacker to upload files to a restricted location not controlled by the attacker.3.2-SP1 and earlier versions; Analytics:. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Sonicwall Analytics +1
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Vulnerability in SonicWall GMS and Analytics allows an authenticated attacker to upload files on the underlying filesystem with root privileges.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Sonicwall Analytics +1
NVD
EPSS 23% CVSS 9.8
CRITICAL POC THREAT Act Now

Online Piggery Management System 1.0 is vulnerable to File Upload. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Simple Online Piggery Management System
NVD GitHub Exploit-DB
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

A vulnerability, which was classified as critical, has been found in Suncreate Mountain Flood Disaster Prevention Monitoring and Early Warning System up to 20230706.ashx of the component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Mountain Flood Disaster Prevention Monitoring And Early Warning System
NVD GitHub VulDB
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

A vulnerability classified as critical was found in Suncreate Mountain Flood Disaster Prevention Monitoring and Early Warning System up to 20230706. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Mountain Flood Disaster Prevention Monitoring And Early Warning System
NVD GitHub VulDB
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

A vulnerability was found in Suncreate Mountain Flood Disaster Prevention Monitoring and Early Warning System up to 20230704. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Mountain Flood Disaster Prevention Monitoring And Early Warning System
NVD GitHub VulDB
EPSS 0% CVSS 5.4
MEDIUM POC This Month

fast-poster v2.15.0 is vulnerable to Cross Site Scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload XSS Fast Poster
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

WebsiteGuide v0.2 is vulnerable to Remote Command Execution (RCE) via image upload. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Websiteguide
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

Projectworlds Online Art Gallery Project 1.0 allows unauthenticated users to perform arbitrary file uploads via the adminHome.php page. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Online Art Gallery
NVD GitHub Exploit-DB
EPSS 1% CVSS 8.8
HIGH This Week

File Upload vulnerability in Zimbra ZCS 8.8.15 allows an authenticated privileged user to execute arbitrary code and obtain sensitive information via the ClientUploader function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE File Upload Collaboration
NVD
EPSS 1% CVSS 5.4
MEDIUM POC This Month

A Cross-site scripting (XSS) vulnerability in CMS Made Simple v2.2.17 allows remote attackers to inject arbitrary web script or HTML via the File Upload function. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload XSS Cms Made Simple
NVD
EPSS 49% CVSS 8.8
HIGH POC THREAT Act Now

CMS Made Simple v2.2.17 is vulnerable to Remote Command Execution via the File Upload Function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Cms Made Simple
NVD
EPSS 1% CVSS 5.4
MEDIUM POC PATCH This Month

Kiwi TCMS, an open source test management system allows users to upload attachments to test plans, test cases, etc. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Mozilla XSS Nginx +2
NVD GitHub
EPSS 0% CVSS 7.8
HIGH This Week

When opening Diagcab files, Firefox did not warn the user that these files may contain malicious code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

File Upload Mozilla Firefox +3
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

A vulnerability was found in SmartWeb Infotech Job Board 1.0 and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Smartweb Infotech Job Board
NVD VulDB
EPSS 1% CVSS 8.8
HIGH POC This Week

A vulnerability has been found in SourceCodester Shopping Website 1.0 and classified as critical. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Shopping Website
NVD GitHub VulDB
EPSS 0% CVSS 7.8
HIGH This Week

Memory corruption in Linux when the file upload API is called with parameters having large buffer. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow File Upload Fastconnect 6900 Firmware +5
NVD
EPSS 1% CVSS 8.8
HIGH POC PATCH This Week

Unrestricted Upload of File with Dangerous Type in GitHub repository fossbilling/fossbilling prior to 0.5.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

File Upload Fossbilling
NVD GitHub
EPSS 1% CVSS 7.2
HIGH PATCH This Week

WL-WN531AX2 firmware versions prior to 2023526 allows an attacker with an administrative privilege to upload arbitrary files and execute OS commands with the root privilege. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload Wl Wn531Ax2 Firmware
NVD
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

Chemex through 3.7.1 is vulnerable to arbitrary file upload. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Chemex
NVD GitHub
EPSS 1% CVSS 7.2
HIGH POC This Week

Guantang Equipment Management System version 4.12 is vulnerable to Arbitrary File Upload. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Guantang Equipment Management System
NVD GitHub
EPSS 2% CVSS 6.5
MEDIUM PATCH This Month

Trend Micro Mobile Security (Enterprise) 9.8 SP5 contains widget vulnerabilities that could allow a remote attacker to create arbitrary files on affected installations. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload Trend Micro Mobile Security
NVD
EPSS 2% CVSS 6.5
MEDIUM PATCH This Month

Trend Micro Mobile Security (Enterprise) 9.8 SP5 contains widget vulnerabilities that could allow a remote attacker to create arbitrary files on affected installations. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload Trend Micro Mobile Security
NVD
EPSS 26% CVSS 9.8
CRITICAL POC THREAT Act Now

An Unrestricted Upload vulnerability, due to insufficient validation on UploadControlled.cs file, in BlogEngine.Net version 3.3.8.0 and earlier allows remote attackers to execute remote code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Blogengine Net
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

In CloudPanel before 2.3.1, insecure file upload leads to privilege escalation and authentication bypass. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation File Upload Authentication Bypass +1
NVD GitHub
EPSS 1% CVSS 7.2
HIGH POC This Week

Yoga Class Registration System version 1.0 allows an administrator to execute commands on the server. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Yoga Class Registration System
NVD
EPSS 1% CVSS 7.2
HIGH This Week

An issue discovered in /admin.php in Pluck CMS 4.7.15 through 4.7.16-dev5 allows remote attackers to run arbitrary code via manage file functionality. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE File Upload PHP +1
NVD
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

funadmin v3.3.2 and v3.3.3 are vulnerable to Insecure file upload via the plugins install. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Funadmin
NVD GitHub
EPSS 3% CVSS 8.8
HIGH POC This Week

The Slider Revolution WordPress plugin through 6.6.12 does not check for valid image files upon import, leading to an arbitrary file upload which may be escalated to Remote Code Execution in some. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Code Injection +2
NVD WPScan
EPSS 1% CVSS 8.8
HIGH This Week

An issue was discovered in SugarCRM Enterprise before 11.0.6 and 12.x before 12.0.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload PHP Sugarcrm
NVD
EPSS 1% CVSS 8.8
HIGH This Week

The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) for WordPress is vulnerable to arbitrary file uploads due to missing file type validation of files in the file manager. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE File Upload WordPress +1
NVD
Prev Page 27 of 45 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy