Skip to main content

File Upload

4034 CVEs technique

Monthly

CVE-2023-34660 Maven MEDIUM POC This Month

jjeecg-boot V3.5.0 has an unauthorized arbitrary file upload in /jeecg-boot/jmreport/upload interface. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Jeecg Boot
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-34845 MEDIUM POC This Month

Bludit v3.14.1 was discovered to contain an arbitrary file upload vulnerability in the component /admin/new-content. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Bludit
NVD GitHub
CVSS 3.1
5.4
EPSS
0.8%
CVE-2023-32753 CRITICAL Act Now

OMICARD EDM’s file uploading function does not restrict upload of file with dangerous type. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Omicard Edm
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-32752 CRITICAL Act Now

L7 Networks InstantScan IS-8000 & InstantQoS IQ-8000’s file uploading function does not restrict upload of file with dangerous type. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Instantqos Instantscan
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-34833 MEDIUM POC This Month

An arbitrary file upload vulnerability in the component /api/upload.php of ThinkAdmin v6 allows attackers to execute arbitrary code via a crafted file. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload PHP Thinkadmin
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-27634 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability allows arbitrary file upload in Shingo Intrepidity plugin <= 1.5.1 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload CSRF Intrepidity
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-3274 HIGH POC This Week

A vulnerability classified as critical has been found in code-projects Supplier Management System 1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Supplier Management System
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-34747 CRITICAL POC THREAT Act Now

File upload vulnerability in ujcms 6.0.2 via /api/backend/core/web-file-upload/upload. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Ujcms
NVD GitHub
CVSS 3.1
9.8
EPSS
20.0%
CVE-2023-34944 CRITICAL PATCH Act Now

An arbitrary file upload vulnerability in the /fileUpload.lib.php component of Chamilo 1.11.* up to v1.11.18 allows attackers to execute arbitrary code via uploading a crafted SVG file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload RCE PHP Chamilo Lms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-31541 CRITICAL POC Act Now

A unrestricted file upload vulnerability was discovered in the ‘Browse and upload images’ feature of the CKEditor v1.2.3 plugin for Redmine, which allows arbitrary files to be uploaded to the server. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Ckeditor
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
1.8%
CVE-2023-3049 CRITICAL POC Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in TMT Lockcell allows Command Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Command Injection
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2023-33253 HIGH POC This Week

LabCollector 6.0 though 6.15 allows remote code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload PHP Labcollector
NVD GitHub
CVSS 3.1
8.8
EPSS
2.5%
CVE-2023-3187 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in PHPGurukul Teachers Record Management System 1.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Teachers Record Management System
NVD GitHub VulDB Exploit-DB
CVSS 3.1
5.4
EPSS
2.6%
CVE-2023-2767 MEDIUM PATCH This Month

The WordPress File Upload and WordPress File Upload Pro plugins for WordPress are vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 4.19.1 due to. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

File Upload WordPress XSS Wordpress File Upload Wordpress File Upload Pro
NVD VulDB
CVSS 3.1
4.4
EPSS
0.1%
CVE-2023-2688 MEDIUM PATCH This Month

The WordPress File Upload and WordPress File Upload Pro plugins for WordPress are vulnerable to Path Traversal in versions up to, and including, 4.19.1 via the vulnerable parameter wfu_newpath. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

WordPress File Upload Path Traversal Wordpress File Upload Wordpress File Upload Pro
NVD VulDB
CVSS 3.1
4.9
EPSS
0.2%
CVE-2023-27881 CRITICAL Act Now

A user could use the “Upload Resource” functionality to upload files to any location on the disk. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Vuforia Studio
NVD
CVSS 3.1
9.9
EPSS
0.7%
CVE-2023-33498 Go HIGH This Week

alist <=3.16.3 is vulnerable to Incorrect Access Control. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Alist
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2020-36705 CRITICAL POC THREAT Emergency

The Adning Advertising plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the _ning_upload_image function in versions up to, and including, 1.5.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 89.5%.

WordPress File Upload RCE Adning Advertising
NVD WPScan VulDB
CVSS 3.1
9.8
EPSS
89.5%
Threat
6.1
CVE-2023-33601 HIGH POC This Week

An arbitrary file upload vulnerability in /admin.php?c=upload of phpok v6.4.100 allows attackers to execute arbitrary code via a crafted PHP file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload PHP Phpok
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-4949 HIGH POC PATCH This Week

The AdSanity plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'ajax_upload' function in versions up to, and including, 1.8.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE WordPress File Upload Adsanity Xen
NVD VulDB
CVSS 3.1
8.8
EPSS
8.6%
CVE-2021-4382 HIGH Act Now

The Recently plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the fetch_external_image() function in versions up to, and including, 3.0.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 10.6% and no vendor patch available.

RCE WordPress File Upload Recently
NVD WPScan VulDB
CVSS 3.1
8.8
EPSS
10.6%
CVE-2021-4354 HIGH POC This Week

The PWA for WP & AMP for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the pwaforwp_splashscreen_uploader function in versions up to, and including, 1.7.32. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress File Upload RCE Pwa For Wp Amp
NVD VulDB
CVSS 3.1
8.8
EPSS
7.8%
CVE-2020-36701 HIGH POC PATCH This Week

The Page Builder: KingComposer plugin for WordPress is vulnerable to Arbitrary File Uploads in versions up to, and including, 2.9.3 via the 'process_bulk_action' function in the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

WordPress PHP File Upload Page Builder King Composer
NVD VulDB
CVSS 3.1
8.8
EPSS
1.7%
CVE-2019-25138 CRITICAL POC Act Now

The User Submitted Posts plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the usp_check_images function in versions up to, and including, 20190312. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress File Upload RCE User Submitted Posts
NVD VulDB
CVSS 3.1
9.8
EPSS
5.5%
CVE-2016-15033 CRITICAL POC Act Now

The Delete All Comments plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the via the delete-all-comments.php file in versions up to, and including,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE WordPress File Upload Delete All Comments
NVD VulDB
CVSS 3.1
9.8
EPSS
5.5%
CVE-2023-33569 HIGH POC This Week

Sourcecodester Faculty Evaluation System v1.0 is vulnerable to arbitrary code execution via ip/eval/ajax.php?action=update_user. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload PHP Faculty Evaluation System
NVD GitHub
CVSS 3.1
7.2
EPSS
1.1%
CVE-2023-32628 CRITICAL Act Now

In Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary file upload vulnerability that could allow an attacker to modify the file extension of a certificate file to ASP when uploading it,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE File Upload Webaccess Scada
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-22450 HIGH This Week

In Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary file upload vulnerability that could allow an attacker to upload an ASP script file to a webserver when logged in as manager user,. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE File Upload Webaccess Scada
NVD
CVSS 3.1
7.2
EPSS
0.8%
CVE-2023-29631 CRITICAL Act Now

PrestaShop jmsslider 1.6.0 is vulnerable to Incorrect Access Control via ajax_jmsslider.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload PHP Jms Slider
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-33386 CRITICAL POC Act Now

MarsCTF 1.2.1 has an arbitrary file upload vulnerability in the interface for uploading attachments in the background. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Marsctf
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-3061 CRITICAL POC Act Now

A vulnerability was found in code-projects Agro-School Management System 1.0 and classified as critical.php of the component Attachment Image Handler. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Agro School Management System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-3032 HIGH POC This Week

Unrestricted Upload of File with Dangerous Type vulnerability in Mobatime web application (Documentary proof upload modules) allows a malicious user to Upload a Web Shell to a Web Server.7.22. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Mobatime Web Application
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-28700 MEDIUM This Month

OMICARD EDM backend system’s file uploading function does not restrict upload of file with dangerous type. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

File Upload Omicard Edm
NVD
CVSS 3.1
6.8
EPSS
0.3%
CVE-2023-28699 HIGH This Week

Wade Graphic Design FANTSY has a vulnerability of insufficient filtering for file type in its file update function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload PHP Fantasy
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-2063 HIGH This Week

Unrestricted Upload of File with Dangerous Type vulnerability in FTP function on Mitsubishi Electric Corporation MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series EtherNet/IP. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Information Disclosure Fx5 Enet Ip Firmware Sw1Dnn Eipct Bd Firmware Rj71Eip91 Firmware +1
NVD
CVSS 3.1
7.3
EPSS
0.6%
CVE-2023-33508 CRITICAL POC Act Now

KramerAV VIA GO² < 4.0.1.1326 is vulnerable to unauthenticated file upload resulting in Remote Code Execution (RCE). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Via Go2 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2023-28353 HIGH POC This Week

An issue was discovered in Faronics Insight 10.0.19045 on Windows. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Microsoft Insight
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2023-32689 npm MEDIUM PATCH This Month

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

Node.js File Upload Parse Server
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-2924 CRITICAL POC THREAT Act Now

A vulnerability, which was classified as critical, has been found in Supcon SimField up to 1.80.00.00. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Simfield Firmware
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
24.3%
CVE-2023-22504 MEDIUM This Month

Affected versions of Atlassian Confluence Server allow remote attackers who have read permissions to a page, but not write permissions, to upload attachments via a Broken Access Control vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Atlassian Confluence Server
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-2888 HIGH POC This Week

A vulnerability, which was classified as problematic, was found in PHPOK 6.4.100. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Phpok
NVD VulDB
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-29721 CRITICAL POC Act Now

SofaWiki <= 3.8.9 has a file upload vulnerability that leads to command execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Sofawiki
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-28409 CRITICAL Act Now

Unrestricted upload of file with dangerous type exists in MW WP Form versions v4.4.2 and earlier, which may allow a remote unauthenticated attacker to upload an arbitrary file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Mw Wp Form
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-27507 CRITICAL Act Now

MicroEngine Mailform version 1.1.0 to 1.1.8 contains a path traversal vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal File Upload Mailform
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2023-27397 CRITICAL Act Now

Unrestricted upload of file with dangerous type exists in MicroEngine Mailform version 1.1.0 to 1.1.8. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Mailform
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-31689 CRITICAL POC THREAT Act Now

In Wcms 0.3.2, an attacker can send a crafted request from a vulnerable web application backend server /wcms/wex/html.php via the finish parameter and the textAreaCode parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Wcms
NVD GitHub
CVSS 3.1
9.8
EPSS
20.2%
CVE-2023-2712 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in "Rental Module" developed by third-party for Ideasoft's E-commerce Platform allows Command Injection, Using Malicious Files, Upload a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Command Injection Rental Module
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2023-30333 CRITICAL POC Act Now

An arbitrary file upload vulnerability in the component /admin/ThemeController.java of PerfreeBlog v3.1.2 allows attackers to execute arbitrary code via a crafted file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java RCE File Upload Perfreeblog
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-2776 CRITICAL Act Now

A vulnerability was found in code-projects Simple Photo Gallery 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Simple Photo Gallery
NVD VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-31903 CRITICAL POC Act Now

GuppY CMS 6.00.10 is vulnerable to Unrestricted File Upload which allows remote attackers to execute arbitrary code by uploading a php file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload PHP Guppy
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
2.1%
CVE-2023-31857 CRITICAL POC Act Now

Sourcecodester Online Computer and Laptop Store 1.0 allows unrestricted file upload and can lead to remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload PHP Online Computer And Laptop Store
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2023-2738 CRITICAL POC Act Now

A vulnerability classified as critical has been found in Tongda OA 11.10. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Tongda Office Anywhere
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-31576 HIGH POC This Week

An arbitrary file upload vulnerability in Serendipity 2.4-beta1 allows attackers to execute arbitrary code via a crafted HTML or Javascript file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Serendipity
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2023-30247 CRITICAL POC Act Now

File Upload vulnerability found in Oretnom23 Storage Unit Rental Management System v.1.0 allows a remote attacker to execute arbitrary code via the update_settings parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Storage Unit Rental Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2023-29657 HIGH POC This Week

eXtplorer 2.1.15 is vulnerable to Insecure Permissions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload PHP Extplorer
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2023-2648 CRITICAL POC THREAT Act Now

A vulnerability was found in Weaver E-Office 9.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Microsoft E Office
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
28.5%
CVE-2023-2647 HIGH POC This Week

A vulnerability was found in Weaver E-Office 9.5 and classified as critical. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Command Injection Microsoft E Office
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
7.0%
CVE-2023-29930 HIGH This Week

An issue was found in Genesys CIC Polycom phone provisioning TFTP Server all version allows a remote attacker to execute arbitrary code via the login crednetials to the TFTP server configuration page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE File Upload Tftp Server
NVD GitHub
CVSS 3.1
8.8
EPSS
2.0%
CVE-2023-28128 HIGH POC THREAT Act Now

An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.3.x and below that could allow an attacker to achieve a remove code execution. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Avalanche
NVD GitHub
CVSS 3.1
7.2
EPSS
84.7%
CVE-2023-24507 CRITICAL Act Now

AgilePoint NX v8.0 SU2.2 & SU2.3 - Insecure File Upload - Vulnerability allows insecure file upload, by an unspecified request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Agilepoint Nx
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-30185 CRITICAL Act Now

CRMEB v4.4 to v4.6 was discovered to contain an arbitrary file upload vulnerability via the component \attachment\SystemAttachmentServices.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload PHP Crmeb
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
1.3%
CVE-2023-30090 CRITICAL Act Now

Semcms Shop v4.2 was discovered to contain an arbitrary file uplaod vulnerability via the component SEMCMS_Upfile.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE File Upload PHP Semcms
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-30122 CRITICAL POC Act Now

An arbitrary file upload vulnerability in the component /admin/ajax.php?action=save_menu of Online Food Ordering System v2.0 allows attackers to execute arbitrary code via uploading a crafted PHP. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload PHP Online Food Ordering System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.2%
CVE-2023-30264 CRITICAL Act Now

CLTPHP <=6.0 is vulnerable to Unrestricted Upload of File with Dangerous Type via application/admin/controller/Template.php:update. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload PHP Cltphp
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-2523 CRITICAL POC THREAT Act Now

A vulnerability was found in Weaver E-Office 9.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Microsoft E Office
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
32.9%
CVE-2023-0924 HIGH POC This Week

The ZYREX POPUP WordPress plugin through 1.0 does not validate the type of files uploaded when creating a popup, allowing a high privileged user (such as an Administrator) to upload arbitrary files,. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload WordPress Popup
NVD WPScan
CVSS 3.1
7.2
EPSS
1.0%
CVE-2023-29635 CRITICAL PATCH Act Now

File upload vulnerability in Antabot White-Jotter v0.2.2, allows remote attackers to execute malicious code via the file parameter to function coversUpload. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload Antabot White Jotter
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-2424 HIGH POC This Week

A vulnerability was found in DedeCMS 5.7.106 and classified as critical. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Dedecms
NVD VulDB
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-2420 CRITICAL POC Act Now

A vulnerability was found in MLECMS 3.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP SQLi Mlecms
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-2419 HIGH POC This Week

A vulnerability was found in Zhong Bang CRMEB 4.6.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Crmeb
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
0.8%
CVE-2023-24269 HIGH POC This Week

An arbitrary file upload vulnerability in the plugin upload function of Textpattern v4.8.8 allows attackers to execute arbitrary code via a crafted Zip file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Textpattern
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2023-29268 CRITICAL Act Now

The Splus Server component of TIBCO Software Inc.'s TIBCO Spotfire Statistics Services contains a vulnerability that allows an unauthenticated remote attacker to upload or modify arbitrary files. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Spotfire Statistics Services
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-30266 HIGH This Week

CLTPHP <=6.0 is vulnerable to Unrestricted Upload of File with Dangerous Type. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Cltphp
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-26098 HIGH This Week

An issue was discovered in the Open Document feature in Telindus Apsal 3.14.2022.235 b. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE File Upload Apsal
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-30613 PyPI CRITICAL POC PATCH Act Now

Kiwi TCMS, an open source test management system, allows users to upload attachments to test plans, test cases, etc. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload XSS Kiwi Tcms
NVD GitHub
CVSS 3.1
9.0
EPSS
1.0%
CVE-2023-1731 HIGH This Week

In Meinbergs LTOS versions prior to V7.06.013, the configuration file upload function would not correctly validate the input, which would allow an remote authenticated attacker with high privileges. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Lantime Firmware
NVD
CVSS 3.1
7.2
EPSS
1.0%
CVE-2023-25132 CRITICAL Act Now

Unrestricted upload of file with dangerous type vulnerability in default.cmd file in PowerPanel Business Local/Remote for Windows v4.8.6 and earlier, PowerPanel Business Management for Windows v4.8.6. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Apple Microsoft Powerpanel
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-2246 CRITICAL POC Act Now

A vulnerability has been found in SourceCodester Online Pizza Ordering System 1.0 and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Online Pizza Ordering System
NVD VulDB Exploit-DB
CVSS 3.1
9.8
EPSS
3.6%
CVE-2023-2245 MEDIUM POC This Month

A vulnerability was found in hansunCMS 1.4.3. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Hansuncms
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
1.3%
CVE-2023-25551 MEDIUM This Month

A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists on a DCE file upload endpoint when tampering with parameters over HTTP. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload XSS Struxureware Data Center Expert
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-27755 HIGH POC This Week

go-bbs v1 was discovered to contain an arbitrary file download vulnerability via the component /api/v1/download. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Go Bbs
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-1282 MEDIUM POC This Month

The Drag and Drop Multiple File Upload PRO - Contact Form 7 Standard WordPress plugin before 2.11.1 and Drag and Drop Multiple File Upload PRO - Contact Form 7 with Remote Storage Integrations. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload WordPress XSS Drag And Drop Multiple File Upload Contact Form 7
NVD WPScan
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-2036 HIGH POC This Week

A vulnerability was found in Campcodes Video Sharing Website 1.0 and classified as critical. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP SQLi Campcodes Video Sharing Website
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-29627 HIGH POC This Week

Online Pizza Ordering v1.0 was discovered to contain an arbitrary file upload vulnerability which allows attackers to execute arbitrary code via a crafted file uploaded to the server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Online Pizza Ordering
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-29625 HIGH POC This Week

Employee Performance Evaluation System v1.0 was discovered to contain an arbitrary file upload vulnerability which allows attackers to execute arbitrary code via a crafted file uploaded to the server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Employee Performance Evaluation System
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-29621 HIGH POC This Week

Purchase Order Management v1.0 was discovered to contain an arbitrary file upload vulnerability which allows attackers to execute arbitrary code via a crafted file uploaded to the server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Purchase Order Management
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-2034 PHP HIGH POC PATCH THREAT This Week

Unrestricted Upload of File with Dangerous Type in GitHub repository froxlor/froxlor prior to 2.0.14. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

File Upload Froxlor
NVD GitHub
CVSS 3.1
8.8
EPSS
73.2%
CVE-2023-26852 HIGH POC This Week

An arbitrary file upload vulnerability in the upload plugin of Textpattern v4.8.8 and below allows attackers to execute arbitrary code by uploading a crafted PHP file. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload PHP Textpattern
NVD GitHub
CVSS 3.1
7.2
EPSS
2.0%
CVE-2023-27179 HIGH POC THREAT This Week

GDidees CMS v3.9.1 and lower was discovered to contain an arbitrary file download vulenrability via the filename parameter at /_admin/imgdownload.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Gdidees Cms
NVD GitHub Exploit-DB
CVSS 3.1
7.5
EPSS
60.8%
CVE-2023-27178 CRITICAL Act Now

An arbitrary file upload vulnerability in the upload function of GDidees CMS 3.9.1 allows attackers to execute arbitrary code via a crafted file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE File Upload Gdidees Cms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
EPSS 1% CVSS 6.5
MEDIUM POC This Month

jjeecg-boot V3.5.0 has an unauthorized arbitrary file upload in /jeecg-boot/jmreport/upload interface. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Jeecg Boot
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC This Month

Bludit v3.14.1 was discovered to contain an arbitrary file upload vulnerability in the component /admin/new-content. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Bludit
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

OMICARD EDM’s file uploading function does not restrict upload of file with dangerous type. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Omicard Edm
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

L7 Networks InstantScan IS-8000 & InstantQoS IQ-8000’s file uploading function does not restrict upload of file with dangerous type. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Instantqos Instantscan
NVD
EPSS 1% CVSS 6.1
MEDIUM POC This Month

An arbitrary file upload vulnerability in the component /api/upload.php of ThinkAdmin v6 allows attackers to execute arbitrary code via a crafted file. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload PHP +1
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability allows arbitrary file upload in Shingo Intrepidity plugin <= 1.5.1 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload CSRF Intrepidity
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

A vulnerability classified as critical has been found in code-projects Supplier Management System 1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Supplier Management System
NVD GitHub VulDB
EPSS 20% CVSS 9.8
CRITICAL POC THREAT Act Now

File upload vulnerability in ujcms 6.0.2 via /api/backend/core/web-file-upload/upload. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Ujcms
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

An arbitrary file upload vulnerability in the /fileUpload.lib.php component of Chamilo 1.11.* up to v1.11.18 allows attackers to execute arbitrary code via uploading a crafted SVG file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload RCE PHP +1
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

A unrestricted file upload vulnerability was discovered in the ‘Browse and upload images’ feature of the CKEditor v1.2.3 plugin for Redmine, which allows arbitrary files to be uploaded to the server. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Ckeditor
NVD GitHub VulDB
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in TMT Lockcell allows Command Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Command Injection
NVD
EPSS 3% CVSS 8.8
HIGH POC This Week

LabCollector 6.0 though 6.15 allows remote code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload PHP +1
NVD GitHub
EPSS 3% CVSS 5.4
MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in PHPGurukul Teachers Record Management System 1.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Teachers Record Management System
NVD GitHub VulDB Exploit-DB
EPSS 0% CVSS 4.4
MEDIUM PATCH This Month

The WordPress File Upload and WordPress File Upload Pro plugins for WordPress are vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 4.19.1 due to. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

File Upload WordPress XSS +2
NVD VulDB
EPSS 0% CVSS 4.9
MEDIUM PATCH This Month

The WordPress File Upload and WordPress File Upload Pro plugins for WordPress are vulnerable to Path Traversal in versions up to, and including, 4.19.1 via the vulnerable parameter wfu_newpath. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

WordPress File Upload Path Traversal +2
NVD VulDB
EPSS 1% CVSS 9.9
CRITICAL Act Now

A user could use the “Upload Resource” functionality to upload files to any location on the disk. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Vuforia Studio
NVD
EPSS 1% CVSS 8.8
HIGH This Week

alist <=3.16.3 is vulnerable to Incorrect Access Control. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Alist
NVD GitHub
EPSS 90% 6.1 CVSS 9.8
CRITICAL POC THREAT Emergency

The Adning Advertising plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the _ning_upload_image function in versions up to, and including, 1.5.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 89.5%.

WordPress File Upload RCE +1
NVD WPScan VulDB
EPSS 1% CVSS 8.8
HIGH POC This Week

An arbitrary file upload vulnerability in /admin.php?c=upload of phpok v6.4.100 allows attackers to execute arbitrary code via a crafted PHP file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload PHP +1
NVD
EPSS 9% CVSS 8.8
HIGH POC PATCH This Week

The AdSanity plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'ajax_upload' function in versions up to, and including, 1.8.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE WordPress File Upload +2
NVD VulDB
EPSS 11% CVSS 8.8
HIGH Act Now

The Recently plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the fetch_external_image() function in versions up to, and including, 3.0.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 10.6% and no vendor patch available.

RCE WordPress File Upload +1
NVD WPScan VulDB
EPSS 8% CVSS 8.8
HIGH POC This Week

The PWA for WP & AMP for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the pwaforwp_splashscreen_uploader function in versions up to, and including, 1.7.32. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress File Upload RCE +1
NVD VulDB
EPSS 2% CVSS 8.8
HIGH POC PATCH This Week

The Page Builder: KingComposer plugin for WordPress is vulnerable to Arbitrary File Uploads in versions up to, and including, 2.9.3 via the 'process_bulk_action' function in the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

WordPress PHP File Upload +1
NVD VulDB
EPSS 5% CVSS 9.8
CRITICAL POC Act Now

The User Submitted Posts plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the usp_check_images function in versions up to, and including, 20190312. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress File Upload RCE +1
NVD VulDB
EPSS 5% CVSS 9.8
CRITICAL POC Act Now

The Delete All Comments plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the via the delete-all-comments.php file in versions up to, and including,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE WordPress +2
NVD VulDB
EPSS 1% CVSS 7.2
HIGH POC This Week

Sourcecodester Faculty Evaluation System v1.0 is vulnerable to arbitrary code execution via ip/eval/ajax.php?action=update_user. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload PHP +1
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

In Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary file upload vulnerability that could allow an attacker to modify the file extension of a certificate file to ASP when uploading it,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE File Upload Webaccess Scada
NVD
EPSS 1% CVSS 7.2
HIGH This Week

In Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary file upload vulnerability that could allow an attacker to upload an ASP script file to a webserver when logged in as manager user,. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE File Upload Webaccess Scada
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

PrestaShop jmsslider 1.6.0 is vulnerable to Incorrect Access Control via ajax_jmsslider.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload PHP Jms Slider
NVD
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

MarsCTF 1.2.1 has an arbitrary file upload vulnerability in the interface for uploading attachments in the background. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Marsctf
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

A vulnerability was found in code-projects Agro-School Management System 1.0 and classified as critical.php of the component Attachment Image Handler. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Agro School Management System
NVD GitHub VulDB
EPSS 1% CVSS 8.8
HIGH POC This Week

Unrestricted Upload of File with Dangerous Type vulnerability in Mobatime web application (Documentary proof upload modules) allows a malicious user to Upload a Web Shell to a Web Server.7.22. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Mobatime Web Application
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

OMICARD EDM backend system’s file uploading function does not restrict upload of file with dangerous type. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

File Upload Omicard Edm
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Wade Graphic Design FANTSY has a vulnerability of insufficient filtering for file type in its file update function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload PHP Fantasy
NVD
EPSS 1% CVSS 7.3
HIGH This Week

Unrestricted Upload of File with Dangerous Type vulnerability in FTP function on Mitsubishi Electric Corporation MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series EtherNet/IP. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Information Disclosure Fx5 Enet Ip Firmware +3
NVD
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

KramerAV VIA GO² < 4.0.1.1326 is vulnerable to unauthenticated file upload resulting in Remote Code Execution (RCE). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Via Go2 Firmware
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

An issue was discovered in Faronics Insight 10.0.19045 on Windows. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Microsoft +1
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

Node.js File Upload Parse Server
NVD GitHub
EPSS 24% CVSS 9.8
CRITICAL POC THREAT Act Now

A vulnerability, which was classified as critical, has been found in Supcon SimField up to 1.80.00.00. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Simfield Firmware
NVD GitHub VulDB
EPSS 1% CVSS 6.5
MEDIUM This Month

Affected versions of Atlassian Confluence Server allow remote attackers who have read permissions to a page, but not write permissions, to upload attachments via a Broken Access Control vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Atlassian Confluence Server
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

A vulnerability, which was classified as problematic, was found in PHPOK 6.4.100. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Phpok
NVD VulDB
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

SofaWiki <= 3.8.9 has a file upload vulnerability that leads to command execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Sofawiki
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

Unrestricted upload of file with dangerous type exists in MW WP Form versions v4.4.2 and earlier, which may allow a remote unauthenticated attacker to upload an arbitrary file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Mw Wp Form
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

MicroEngine Mailform version 1.1.0 to 1.1.8 contains a path traversal vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal File Upload Mailform
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Unrestricted upload of file with dangerous type exists in MicroEngine Mailform version 1.1.0 to 1.1.8. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Mailform
NVD
EPSS 20% CVSS 9.8
CRITICAL POC THREAT Act Now

In Wcms 0.3.2, an attacker can send a crafted request from a vulnerable web application backend server /wcms/wex/html.php via the finish parameter and the textAreaCode parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Wcms
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in "Rental Module" developed by third-party for Ideasoft's E-commerce Platform allows Command Injection, Using Malicious Files, Upload a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Command Injection Rental Module
NVD
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

An arbitrary file upload vulnerability in the component /admin/ThemeController.java of PerfreeBlog v3.1.2 allows attackers to execute arbitrary code via a crafted file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java RCE File Upload +1
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

A vulnerability was found in code-projects Simple Photo Gallery 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Simple Photo Gallery
NVD VulDB
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

GuppY CMS 6.00.10 is vulnerable to Unrestricted File Upload which allows remote attackers to execute arbitrary code by uploading a php file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload PHP +1
NVD GitHub Exploit-DB
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

Sourcecodester Online Computer and Laptop Store 1.0 allows unrestricted file upload and can lead to remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload PHP +1
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

A vulnerability classified as critical has been found in Tongda OA 11.10. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Tongda Office Anywhere
NVD GitHub VulDB
EPSS 1% CVSS 8.8
HIGH POC This Week

An arbitrary file upload vulnerability in Serendipity 2.4-beta1 allows attackers to execute arbitrary code via a crafted HTML or Javascript file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Serendipity
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

File Upload vulnerability found in Oretnom23 Storage Unit Rental Management System v.1.0 allows a remote attacker to execute arbitrary code via the update_settings parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Storage Unit Rental Management System
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

eXtplorer 2.1.15 is vulnerable to Insecure Permissions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload PHP +1
NVD
EPSS 28% CVSS 9.8
CRITICAL POC THREAT Act Now

A vulnerability was found in Weaver E-Office 9.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Microsoft +1
NVD GitHub VulDB
EPSS 7% CVSS 8.8
HIGH POC This Week

A vulnerability was found in Weaver E-Office 9.5 and classified as critical. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Command Injection +2
NVD GitHub VulDB
EPSS 2% CVSS 8.8
HIGH This Week

An issue was found in Genesys CIC Polycom phone provisioning TFTP Server all version allows a remote attacker to execute arbitrary code via the login crednetials to the TFTP server configuration page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE File Upload Tftp Server
NVD GitHub
EPSS 85% CVSS 7.2
HIGH POC THREAT Act Now

An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.3.x and below that could allow an attacker to achieve a remove code execution. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Avalanche
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

AgilePoint NX v8.0 SU2.2 & SU2.3 - Insecure File Upload - Vulnerability allows insecure file upload, by an unspecified request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Agilepoint Nx
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

CRMEB v4.4 to v4.6 was discovered to contain an arbitrary file upload vulnerability via the component \attachment\SystemAttachmentServices.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload PHP Crmeb
NVD GitHub VulDB
EPSS 1% CVSS 9.8
CRITICAL Act Now

Semcms Shop v4.2 was discovered to contain an arbitrary file uplaod vulnerability via the component SEMCMS_Upfile.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE File Upload PHP +1
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

An arbitrary file upload vulnerability in the component /admin/ajax.php?action=save_menu of Online Food Ordering System v2.0 allows attackers to execute arbitrary code via uploading a crafted PHP. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload PHP +1
NVD GitHub VulDB
EPSS 1% CVSS 9.8
CRITICAL Act Now

CLTPHP <=6.0 is vulnerable to Unrestricted Upload of File with Dangerous Type via application/admin/controller/Template.php:update. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload PHP Cltphp
NVD GitHub
EPSS 33% CVSS 9.8
CRITICAL POC THREAT Act Now

A vulnerability was found in Weaver E-Office 9.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Microsoft +1
NVD GitHub VulDB
EPSS 1% CVSS 7.2
HIGH POC This Week

The ZYREX POPUP WordPress plugin through 1.0 does not validate the type of files uploaded when creating a popup, allowing a high privileged user (such as an Administrator) to upload arbitrary files,. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload WordPress Popup
NVD WPScan
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

File upload vulnerability in Antabot White-Jotter v0.2.2, allows remote attackers to execute malicious code via the file parameter to function coversUpload. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload Antabot White Jotter
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

A vulnerability was found in DedeCMS 5.7.106 and classified as critical. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Dedecms
NVD VulDB
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

A vulnerability was found in MLECMS 3.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP SQLi +1
NVD GitHub VulDB
EPSS 1% CVSS 7.2
HIGH POC This Week

A vulnerability was found in Zhong Bang CRMEB 4.6.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Crmeb
NVD GitHub VulDB
EPSS 1% CVSS 8.8
HIGH POC This Week

An arbitrary file upload vulnerability in the plugin upload function of Textpattern v4.8.8 allows attackers to execute arbitrary code via a crafted Zip file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Textpattern
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

The Splus Server component of TIBCO Software Inc.'s TIBCO Spotfire Statistics Services contains a vulnerability that allows an unauthenticated remote attacker to upload or modify arbitrary files. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Spotfire Statistics Services
NVD
EPSS 1% CVSS 8.8
HIGH This Week

CLTPHP <=6.0 is vulnerable to Unrestricted Upload of File with Dangerous Type. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Cltphp
NVD GitHub
EPSS 0% CVSS 7.8
HIGH This Week

An issue was discovered in the Open Document feature in Telindus Apsal 3.14.2022.235 b. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE File Upload Apsal
NVD
EPSS 1% CVSS 9.0
CRITICAL POC PATCH Act Now

Kiwi TCMS, an open source test management system, allows users to upload attachments to test plans, test cases, etc. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload XSS Kiwi Tcms
NVD GitHub
EPSS 1% CVSS 7.2
HIGH This Week

In Meinbergs LTOS versions prior to V7.06.013, the configuration file upload function would not correctly validate the input, which would allow an remote authenticated attacker with high privileges. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Lantime Firmware
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Unrestricted upload of file with dangerous type vulnerability in default.cmd file in PowerPanel Business Local/Remote for Windows v4.8.6 and earlier, PowerPanel Business Management for Windows v4.8.6. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Apple Microsoft +1
NVD
EPSS 4% CVSS 9.8
CRITICAL POC Act Now

A vulnerability has been found in SourceCodester Online Pizza Ordering System 1.0 and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Online Pizza Ordering System
NVD VulDB Exploit-DB
EPSS 1% CVSS 6.3
MEDIUM POC This Month

A vulnerability was found in hansunCMS 1.4.3. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Hansuncms
NVD GitHub VulDB
EPSS 0% CVSS 6.1
MEDIUM This Month

A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists on a DCE file upload endpoint when tampering with parameters over HTTP. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload XSS Struxureware Data Center Expert
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

go-bbs v1 was discovered to contain an arbitrary file download vulnerability via the component /api/v1/download. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Go Bbs
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM POC This Month

The Drag and Drop Multiple File Upload PRO - Contact Form 7 Standard WordPress plugin before 2.11.1 and Drag and Drop Multiple File Upload PRO - Contact Form 7 with Remote Storage Integrations. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload WordPress XSS +1
NVD WPScan
EPSS 1% CVSS 7.5
HIGH POC This Week

A vulnerability was found in Campcodes Video Sharing Website 1.0 and classified as critical. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP SQLi +1
NVD GitHub VulDB
EPSS 1% CVSS 8.8
HIGH POC This Week

Online Pizza Ordering v1.0 was discovered to contain an arbitrary file upload vulnerability which allows attackers to execute arbitrary code via a crafted file uploaded to the server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Online Pizza Ordering
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

Employee Performance Evaluation System v1.0 was discovered to contain an arbitrary file upload vulnerability which allows attackers to execute arbitrary code via a crafted file uploaded to the server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Employee Performance Evaluation System
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

Purchase Order Management v1.0 was discovered to contain an arbitrary file upload vulnerability which allows attackers to execute arbitrary code via a crafted file uploaded to the server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Purchase Order Management
NVD GitHub
EPSS 73% CVSS 8.8
HIGH POC PATCH THREAT This Week

Unrestricted Upload of File with Dangerous Type in GitHub repository froxlor/froxlor prior to 2.0.14. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

File Upload Froxlor
NVD GitHub
EPSS 2% CVSS 7.2
HIGH POC This Week

An arbitrary file upload vulnerability in the upload plugin of Textpattern v4.8.8 and below allows attackers to execute arbitrary code by uploading a crafted PHP file. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload PHP +1
NVD GitHub
EPSS 61% CVSS 7.5
HIGH POC THREAT This Week

GDidees CMS v3.9.1 and lower was discovered to contain an arbitrary file download vulenrability via the filename parameter at /_admin/imgdownload.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Gdidees Cms
NVD GitHub Exploit-DB
EPSS 1% CVSS 9.8
CRITICAL Act Now

An arbitrary file upload vulnerability in the upload function of GDidees CMS 3.9.1 allows attackers to execute arbitrary code via a crafted file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE File Upload Gdidees Cms
NVD GitHub
Prev Page 28 of 45 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy