Skip to main content

File Upload

4034 CVEs technique

Monthly

CVE-2023-1970 PHP HIGH POC This Week

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as problematic, has been found in yuan1994 tpAdmin 1.3.12.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Tpadmin
NVD VulDB
CVSS 3.1
7.2
EPSS
1.0%
CVE-2023-29375 CRITICAL Act Now

An issue was discovered in Progress Sitefinity 13.3 before 13.3.7647, 14.0 before 14.0.7736, 14.1 before 14.1.7826, 14.2 before 14.2.7930, and 14.3 before 14.3.8025. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Microsoft Sitefinity
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-1406 HIGH POC This Week

The JetEngine WordPress plugin before 3.1.3.1 includes uploaded files without adequately ensuring that they are not executable, leading to a remote code execution vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload WordPress Jetengine For Elementor
NVD WPScan
CVSS 3.1
8.8
EPSS
1.5%
CVE-2023-27602 Maven CRITICAL PATCH Act Now

In Apache Linkis <=1.3.1, The PublicService module uploads files without restrictions on the path to the uploaded files, and file types. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache File Upload Linkis
NVD
CVSS 3.1
9.8
EPSS
2.0%
CVE-2023-27033 CRITICAL POC Act Now

Prestashop cdesigner v3.1.3 to v3.1.8 was discovered to contain a code injection vulnerability via the component CdesignerSaverotateModuleFrontController::initContent(). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Cdesigner
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-1942 CRITICAL POC Act Now

A vulnerability has been found in SourceCodester Online Computer and Laptop Store 1.0 and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Online Computer And Laptop Store
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-24720 CRITICAL POC Act Now

An arbitrary file upload vulnerability in readium-js v0.32.0 allows attackers to execute arbitrary code via uploading a crafted EPUB file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Readium Js
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-0670 HIGH This Week

Ulearn version a5a7ca20de859051ea0470542844980a66dfc05d allows an attacker with administrator permissions to obtain remote code execution on the server through the image upload functionality. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE File Upload Ulearn
NVD
CVSS 3.1
7.2
EPSS
1.0%
CVE-2023-20073 CRITICAL POC THREAT Act Now

A vulnerability in the web-based management interface of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an unauthenticated, remote attacker to upload arbitrary files. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Cisco Rv340 Firmware Rv340W Firmware Rv345 Firmware +1
NVD
CVSS 3.1
9.8
EPSS
88.9%
CVE-2023-26857 HIGH POC This Week

An arbitrary file upload vulnerability in /admin/ajax.php?action=save_uploads of Dynamic Transaction Queuing System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload PHP Dynamic Transaction Queuing System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2023-0265 PHP HIGH POC This Week

Uvdesk version 1.1.1 allows an authenticated remote attacker to execute commands on the server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Community Skeleton
NVD GitHub
CVSS 3.1
8.8
EPSS
1.6%
CVE-2023-26775 HIGH This Week

File Upload vulnerability found in Monitorr v.1.7.6 allows a remote attacker t oexecute arbitrary code via a crafted file upload to the assets/php/upload.php endpoint. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE File Upload PHP Monitorr
NVD GitHub
CVSS 3.1
7.8
EPSS
49.4%
CVE-2023-1826 CRITICAL POC Act Now

A vulnerability, which was classified as critical, was found in SourceCodester Online Computer and Laptop Store 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Online Computer And Laptop Store
NVD VulDB Exploit-DB
CVSS 3.1
9.8
EPSS
4.4%
CVE-2023-1728 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in Fernus Informatics LMS allows OS Command Injection, Server Side Include (SSI) Injection.04.03. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Command Injection Learning Management Systems
NVD VulDB
CVSS 3.1
9.8
EPSS
1.5%
CVE-2023-1800 Go CRITICAL POC PATCH Act Now

A vulnerability, which was classified as critical, has been found in sjqzhang go-fastdfs up to 1.4.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal File Upload Go Fastdfs
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
3.5%
CVE-2023-1797 CRITICAL POC Act Now

A vulnerability classified as critical was found in OTCMS 6.0.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Otcms
NVD VulDB
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-26830 HIGH POC This Week

An unrestricted file upload vulnerability in the administrative portal branding component of Gladinet CentreStack before 13.5.9808 allows authenticated attackers to execute arbitrary code by. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Centrestack
NVD
CVSS 3.1
7.2
EPSS
1.1%
CVE-2023-1746 MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in Dreamer CMS up to 3.5.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload XSS Dreamer Cms
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-1744 HIGH POC This Week

A vulnerability classified as critical was found in IBOS 4.5.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Ibos
NVD VulDB
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-1739 CRITICAL Act Now

A vulnerability was found in SourceCodester Simple and Beautiful Shopping Cart System 1.0 and classified as critical.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload PHP Simple And Beautiful Shopping Cart System
NVD VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-1734 CRITICAL Act Now

A vulnerability classified as critical has been found in SourceCodester Young Entrepreneur E-Negosyo System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload PHP Young Entrepreneur E Negosyo System
NVD VulDB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-28731 CRITICAL POC Act Now

AnyMailing Joomla Plugin is vulnerable to unauthenticated remote code execution, when being granted access to the campaign's creation on front-office due to unrestricted file upload allowing PHP code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload PHP Microsoft Acymailing
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2023-26968 CRITICAL POC Act Now

In Atrocore 1.5.25, the Create Import Feed option with glyphicon-glyphicon-paperclip function is vulnerable to Unauthenticated File upload. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Atrocore
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-28158 Maven MEDIUM PATCH This Month

Privilege escalation via stored XSS using the file upload service to upload malicious content. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation File Upload XSS Archiva
NVD
CVSS 3.1
5.4
EPSS
1.2%
CVE-2023-1684 CRITICAL POC Act Now

A vulnerability was found in HadSky 7.7.16. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Hadsky
NVD VulDB
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-27246 HIGH This Week

An arbitrary file upload vulnerability in the Virtual Disk of MK-Auth 23.01K4.9 allows attackers to execute arbitrary code via uploading a crafted .htaccess file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE File Upload Mk Auth
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-28652 MEDIUM This Month

An authenticated malicious user could successfully upload a malicious image could lead to a denial-of-service condition. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Ey As525F001 Firmware
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-25828 HIGH PATCH This Week

Pluck CMS is vulnerable to an authenticated remote code execution (RCE) vulnerability through its “albums” module. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

RCE File Upload PHP Pluck
NVD
CVSS 3.1
7.2
EPSS
1.6%
CVE-2023-25909 CRITICAL Act Now

HGiga OAKlouds file uploading function does not restrict upload of file with dangerous type. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Oaklouds Portal
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-28435 MEDIUM POC This Month

Dataease is an open source data visualization and analysis tool. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload XSS Dataease
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-25655 PHP CRITICAL PATCH Act Now

baserCMS is a Content Management system. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload Basercms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-25654 PHP CRITICAL PATCH Act Now

baserCMS is a Content Management system. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

RCE File Upload Basercms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2023-23707 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'), Unrestricted Upload of File with Dangerous Type vulnerability in Awsm Innovations Embed Any Document - Embed PDF,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload XSS Embed Any Document
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-1561 CRITICAL Act Now

A vulnerability, which was classified as critical, was found in code-projects Simple Online Hotel Reservation System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload PHP Simple Online Hotel Reservation System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-1559 HIGH POC This Week

A vulnerability classified as problematic was found in SourceCodester Storage Unit Rental Management System 1.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Storage Unit Rental Management System
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
0.9%
CVE-2023-1558 CRITICAL Act Now

A vulnerability classified as critical has been found in Simple and Beautiful Shopping Cart System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload PHP Simple And Beautiful Shopping Cart System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-28725 CRITICAL POC THREAT Act Now

General Bytes Crypto Application Server (CAS) 20230120, as distributed with General Bytes BATM devices, allows remote attackers to execute arbitrary Java code by uploading a Java application to the. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java File Upload Crypto Application Server
NVD
CVSS 3.1
9.1
EPSS
20.6%
CVE-2023-1501 HIGH POC This Week

A vulnerability, which was classified as critical, was found in RockOA 2.3.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Rockoa
NVD VulDB
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-1497 CRITICAL Act Now

A vulnerability was found in SourceCodester Simple and Nice Shopping Cart Script 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload PHP Simple And Nice Shopping Cart Script
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-1484 CRITICAL POC Act Now

A vulnerability was found in xzjie cms up to 1.0.3 and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Xzjie Cms
NVD VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-1479 CRITICAL POC Act Now

A vulnerability classified as critical has been found in SourceCodester Simple Music Player 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Simple Music Player
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-1442 HIGH POC This Week

A vulnerability was found in Meizhou Qingyunke QYKCMS 4.3.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Qykcms
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
0.9%
CVE-2023-1433 HIGH POC This Week

A vulnerability was found in SourceCodester Gadget Works Online Ordering System 1.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Gadget Works Online Ordering System
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
0.9%
CVE-2023-28337 HIGH This Week

When uploading a firmware image to a Netgear Nighthawk Wifi6 Router (RAX30), a hidden “forceFWUpdate” parameter may be provided to force the upgrade to complete and bypass certain validation checks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Netgear File Upload Rax30 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-1415 HIGH POC This Week

A vulnerability was found in Simple Art Gallery 1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Simple Art Gallery
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-27235 HIGH POC This Week

An arbitrary file upload vulnerability in the \admin\c\CommonController.php component of Jizhicms v2.4.5 allows attackers to execute arbitrary code via a crafted phtml file. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload PHP Jizhicms
NVD GitHub
CVSS 3.1
7.2
EPSS
1.0%
CVE-2023-27757 CRITICAL POC Act Now

An arbitrary file upload vulnerability in the /admin/user/uploadImg component of PerfreeBlog v3.1.1 allows attackers to execute arbitrary code via a crafted JPG file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Perfreeblog
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-26262 HIGH POC This Week

An issue was discovered in Sitecore XP/XM 10.3. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Experience Manager Experience Platform
NVD GitHub
CVSS 3.1
7.2
EPSS
1.7%
CVE-2023-1392 CRITICAL POC Act Now

A vulnerability has been found in SourceCodester Online Pizza Ordering System 1.0 and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Online Pizza Ordering System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-1391 CRITICAL Act Now

A vulnerability, which was classified as problematic, was found in SourceCodester Online Tours & Travels Management System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload PHP Online Tours Travels Management System
NVD VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-0477 HIGH POC This Week

The Auto Featured Image (Auto Post Thumbnail) WordPress plugin before 3.9.16 includes an AJAX endpoint that allows any user with at least Author privileges to upload arbitrary files, such as PHP. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload WordPress PHP Auto Featured Image
NVD WPScan
CVSS 3.1
8.8
EPSS
1.6%
CVE-2023-23328 HIGH POC This Week

A File Upload vulnerability exists in AvantFAX 3.3.7. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Avantfax
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.1%
CVE-2023-1328 HIGH POC This Week

A vulnerability was found in Guizhou 115cms 4.2. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload 115Cms
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
0.9%
CVE-2023-27164 MEDIUM POC This Month

An arbitrary file upload vulnerability in Halo up to v1.6.1 allows attackers to execute arbitrary code via a crafted .md file. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Halo
NVD GitHub
CVSS 3.1
4.8
EPSS
0.7%
CVE-2023-1313 PHP HIGH POC PATCH This Week

Unrestricted Upload of File with Dangerous Type in GitHub repository cockpit-hq/cockpit prior to 2.4.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

File Upload Cockpit
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-1303 CRITICAL Act Now

A vulnerability was found in UCMS 1.6 and classified as critical.php of the component System File Management Module. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload PHP Ucms
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-24282 MEDIUM POC This Month

An arbitrary file upload vulnerability in Poly Trio 8800 7.2.2.1094 allows attackers to execute arbitrary code via a crafted ringtone file. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS RCE File Upload Trio 8800 Firmware
NVD VulDB
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-22890 HIGH This Week

SmartBear Zephyr Enterprise through 7.15.0 allows unauthenticated users to upload large files, which could exhaust the local drive space, causing a denial of service condition. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Denial Of Service Zephyr Enterprise
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2021-4330 HIGH PATCH This Week

The Envato Elements & Download and Template Kit - Import plugins for WordPress are vulnerable to arbitrary file uploads due to insufficient validation of file type upon extracting uploaded Zip files. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

WordPress File Upload RCE Envato Elements Template Kit Import
NVD VulDB
CVSS 3.1
8.8
EPSS
9.1%
CVE-2023-26949 CRITICAL POC Act Now

An arbitrary file upload vulnerability in the component /admin1/config/update of onekeyadmin v1.3.9 allows attackers to execute arbitrary code via a crafted PHP file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload PHP Onekeyadmin
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-24734 CRITICAL POC THREAT Act Now

An arbitrary file upload vulnerability in the camera_upload.php component of PMB v7.4.6 allows attackers to execute arbitrary code via a crafted image file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free File Upload RCE Memory Corruption PHP +1
NVD GitHub
CVSS 3.1
9.8
EPSS
20.7%
CVE-2023-1185 HIGH This Week

A vulnerability, which was classified as problematic, was found in ECshop up to 4.1.8. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Ecshop
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-1184 HIGH This Week

A vulnerability, which was classified as problematic, has been found in ECshop up to 4.1.8. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload PHP Ecshop
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-25402 HIGH POC This Week

CleverStupidDog yf-exam 1.8.0 is vulnerable to File Upload. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Yf Exam
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-20104 MEDIUM This Month

A vulnerability in the file upload functionality of Cisco Webex App for Web could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco XSS File Upload Webex Teams
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-1112 CRITICAL POC Act Now

A vulnerability was found in Drag and Drop Multiple File Upload Contact Form 7 5.0.6.1 on WordPress. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal WordPress PHP File Upload Drag And Drop Multiple File Upload Contact Form 7
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
3.0%
CVE-2023-24045 MEDIUM POC This Month

In Dataiku DSS 11.2.1, an attacker can download other Dataiku files that were uploaded to the myfiles section by specifying the target username in a download request. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Data Science Studio
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-24249 PHP HIGH POC This Week

An arbitrary file upload vulnerability in laravel-admin v1.8.19 allows attackers to execute arbitrary code via a crafted PHP file. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload PHP Laravel Admin
NVD GitHub
CVSS 3.1
7.2
EPSS
2.4%
CVE-2023-26762 HIGH POC This Week

Sme.UP ERP TOKYO V6R1M220406 was discovered to contain an arbitrary file upload vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Erp
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2021-33224 CRITICAL Act Now

File upload vulnerability in Umbraco Forms v.8.7.0 allows unauthenticated attackers to execute arbitrary code via a crafted web.config and asp file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload RCE Umbraco Forms
NVD VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-24317 HIGH This Week

Judging Management System 1.0 was discovered to contain an arbitrary file upload vulnerability via the component edit_organizer.php. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload PHP Judging Management System
NVD
CVSS 3.1
8.1
EPSS
1.7%
CVE-2023-0943 HIGH POC This Week

A vulnerability, which was classified as problematic, has been found in SourceCodester Best POS Management System 1.0.php?page=site_settings of the component Image Handler. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Best Pos Management System
NVD VulDB Exploit-DB
CVSS 3.1
8.8
EPSS
2.3%
CVE-2023-24998 Maven HIGH PATCH This Week

Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache File Upload Denial Of Service Commons Fileupload Debian Linux
NVD
CVSS 3.1
7.5
EPSS
46.8%
CVE-2023-0918 CRITICAL Act Now

A vulnerability has been found in codeprojects Pharmacy Management System 1.0 and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload PHP Pharmacy Management System
NVD VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-24530 CRITICAL Act Now

SAP BusinessObjects Business Intelligence Platform (CMC) - versions 420, 430, allows an authenticated admin user to upload malicious code that can be executed by the application over the network. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP File Upload Businessobjects Business Intelligence Platform
NVD
CVSS 3.1
9.1
EPSS
0.6%
CVE-2023-23851 MEDIUM This Month

SAP Business Planning and Consolidation - versions 200, 300, allows an attacker with business authorization to upload any files (including web pages) without the proper file format validation. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP File Upload Business Planning And Consolidation
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-24646 CRITICAL POC Act Now

An arbitrary file upload vulnerability in the component /fos/admin/ajax.php of Food Ordering System v2.0 allows attackers to execute arbitrary code via a crafted PHP file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload PHP Online Food Ordering System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-0255 HIGH POC This Week

The Enable Media Replace WordPress plugin before 4.0.2 does not prevent authors from uploading arbitrary files to the site, which may allow them to upload PHP shells on affected sites. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload WordPress PHP Enable Media Replace
NVD WPScan
CVSS 3.1
8.8
EPSS
1.1%
CVE-2023-0783 CRITICAL POC Act Now

A vulnerability was found in EcShop 4.1.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Ecshop
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-24202 CRITICAL POC Act Now

Raffle Draw System v1.0 was discovered to contain a local file inclusion vulnerability via the page parameter in index.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Raffle Draw System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-23937 PHP MEDIUM PATCH This Month

Pimcore is an Open Source Data & Experience Management Platform: PIM, MDM, CDP, DAM, DXP/CMS & Digital Commerce. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload Pimcore
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-0651 MEDIUM This Month

A vulnerability was found in FastCMS 0.1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Fastcms
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.8%
CVE-2023-23135 HIGH POC This Week

An arbitrary file upload vulnerability in Ftdms v3.1.6 allows attackers to execute arbitrary code via uploading a crafted JPG file. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Ftdms
NVD
CVSS 3.1
7.2
EPSS
1.0%
CVE-2023-24610 HIGH This Week

NOSH 4a5cfdb allows remote authenticated users to execute PHP arbitrary code via the "practice logo" upload feature. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE File Upload PHP Nosh Chartingsystem
NVD GitHub
CVSS 3.1
8.8
EPSS
2.1%
CVE-2023-0587 CRITICAL Act Now

A file upload vulnerability in exists in Trend Micro Apex One server build 11110. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Trend Micro Apex One
NVD
CVSS 3.1
9.1
EPSS
59.6%
CVE-2022-47769 CRITICAL POC Act Now

An arbitrary file write vulnerability in Serenissima Informatica Fast Checkin v1.0 allows unauthenticated attackers to upload malicious files in the web root of the application to gain access to the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Fast Checkin
NVD VulDB
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-0455 HIGH POC PATCH This Week

Unrestricted Upload of File with Dangerous Type in GitHub repository unilogies/bumsys prior to v1.0.3-beta. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

File Upload Bumsys
NVD GitHub Exploit-DB
CVSS 3.1
8.8
EPSS
5.7%
CVE-2023-23314 HIGH POC This Week

An arbitrary file upload vulnerability in the /api/upload component of zdir v3.2.0 allows attackers to execute arbitrary code via a crafted .ssh file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Path Traversal File Upload Zdir
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2023-22726 Go HIGH POC PATCH This Week

act is a project which allows for local running of github actions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Path Traversal File Upload Privilege Escalation Act
NVD GitHub
CVSS 3.1
8.8
EPSS
1.3%
CVE-2023-23607 CRITICAL POC PATCH Act Now

erohtar/Dasherr is a dashboard for self-hosted services. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE File Upload PHP Dasherr
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
EPSS 1% CVSS 7.2
HIGH POC This Week

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as problematic, has been found in yuan1994 tpAdmin 1.3.12.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Tpadmin
NVD VulDB
EPSS 1% CVSS 9.8
CRITICAL Act Now

An issue was discovered in Progress Sitefinity 13.3 before 13.3.7647, 14.0 before 14.0.7736, 14.1 before 14.1.7826, 14.2 before 14.2.7930, and 14.3 before 14.3.8025. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Microsoft Sitefinity
NVD
EPSS 2% CVSS 8.8
HIGH POC This Week

The JetEngine WordPress plugin before 3.1.3.1 includes uploaded files without adequately ensuring that they are not executable, leading to a remote code execution vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload WordPress +1
NVD WPScan
EPSS 2% CVSS 9.8
CRITICAL PATCH Act Now

In Apache Linkis <=1.3.1, The PublicService module uploads files without restrictions on the path to the uploaded files, and file types. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache File Upload Linkis
NVD
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

Prestashop cdesigner v3.1.3 to v3.1.8 was discovered to contain a code injection vulnerability via the component CdesignerSaverotateModuleFrontController::initContent(). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Cdesigner
NVD
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

A vulnerability has been found in SourceCodester Online Computer and Laptop Store 1.0 and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Online Computer And Laptop Store
NVD GitHub VulDB
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

An arbitrary file upload vulnerability in readium-js v0.32.0 allows attackers to execute arbitrary code via uploading a crafted EPUB file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Readium Js
NVD
EPSS 1% CVSS 7.2
HIGH This Week

Ulearn version a5a7ca20de859051ea0470542844980a66dfc05d allows an attacker with administrator permissions to obtain remote code execution on the server through the image upload functionality. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE File Upload Ulearn
NVD
EPSS 89% CVSS 9.8
CRITICAL POC THREAT Act Now

A vulnerability in the web-based management interface of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an unauthenticated, remote attacker to upload arbitrary files. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Cisco Rv340 Firmware +3
NVD
EPSS 1% CVSS 7.2
HIGH POC This Week

An arbitrary file upload vulnerability in /admin/ajax.php?action=save_uploads of Dynamic Transaction Queuing System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload PHP +1
NVD GitHub
EPSS 2% CVSS 8.8
HIGH POC This Week

Uvdesk version 1.1.1 allows an authenticated remote attacker to execute commands on the server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Community Skeleton
NVD GitHub
EPSS 49% CVSS 7.8
HIGH This Week

File Upload vulnerability found in Monitorr v.1.7.6 allows a remote attacker t oexecute arbitrary code via a crafted file upload to the assets/php/upload.php endpoint. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE File Upload PHP +1
NVD GitHub
EPSS 4% CVSS 9.8
CRITICAL POC Act Now

A vulnerability, which was classified as critical, was found in SourceCodester Online Computer and Laptop Store 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Online Computer And Laptop Store
NVD VulDB Exploit-DB
EPSS 2% CVSS 9.8
CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in Fernus Informatics LMS allows OS Command Injection, Server Side Include (SSI) Injection.04.03. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Command Injection Learning Management Systems
NVD VulDB
EPSS 4% CVSS 9.8
CRITICAL POC PATCH Act Now

A vulnerability, which was classified as critical, has been found in sjqzhang go-fastdfs up to 1.4.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal File Upload Go Fastdfs
NVD GitHub VulDB
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

A vulnerability classified as critical was found in OTCMS 6.0.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Otcms
NVD VulDB
EPSS 1% CVSS 7.2
HIGH POC This Week

An unrestricted file upload vulnerability in the administrative portal branding component of Gladinet CentreStack before 13.5.9808 allows authenticated attackers to execute arbitrary code by. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Centrestack
NVD
EPSS 1% CVSS 5.4
MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in Dreamer CMS up to 3.5.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload XSS Dreamer Cms
NVD GitHub VulDB
EPSS 1% CVSS 8.8
HIGH POC This Week

A vulnerability classified as critical was found in IBOS 4.5.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Ibos
NVD VulDB
EPSS 1% CVSS 9.8
CRITICAL Act Now

A vulnerability was found in SourceCodester Simple and Beautiful Shopping Cart System 1.0 and classified as critical.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload PHP Simple And Beautiful Shopping Cart System
NVD VulDB
EPSS 1% CVSS 9.8
CRITICAL Act Now

A vulnerability classified as critical has been found in SourceCodester Young Entrepreneur E-Negosyo System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload PHP Young Entrepreneur E Negosyo System
NVD VulDB
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

AnyMailing Joomla Plugin is vulnerable to unauthenticated remote code execution, when being granted access to the campaign's creation on front-office due to unrestricted file upload allowing PHP code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload PHP +2
NVD
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

In Atrocore 1.5.25, the Create Import Feed option with glyphicon-glyphicon-paperclip function is vulnerable to Unauthenticated File upload. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Atrocore
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

Privilege escalation via stored XSS using the file upload service to upload malicious content. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation File Upload XSS +1
NVD
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

A vulnerability was found in HadSky 7.7.16. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Hadsky
NVD VulDB
EPSS 1% CVSS 8.8
HIGH This Week

An arbitrary file upload vulnerability in the Virtual Disk of MK-Auth 23.01K4.9 allows attackers to execute arbitrary code via uploading a crafted .htaccess file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE File Upload Mk Auth
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM This Month

An authenticated malicious user could successfully upload a malicious image could lead to a denial-of-service condition. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Ey As525F001 Firmware
NVD
EPSS 2% CVSS 7.2
HIGH PATCH This Week

Pluck CMS is vulnerable to an authenticated remote code execution (RCE) vulnerability through its “albums” module. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

RCE File Upload PHP +1
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

HGiga OAKlouds file uploading function does not restrict upload of file with dangerous type. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Oaklouds Portal
NVD
EPSS 0% CVSS 6.1
MEDIUM POC This Month

Dataease is an open source data visualization and analysis tool. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload XSS Dataease
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

baserCMS is a Content Management system. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload Basercms
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL PATCH Act Now

baserCMS is a Content Management system. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

RCE File Upload Basercms
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'), Unrestricted Upload of File with Dangerous Type vulnerability in Awsm Innovations Embed Any Document - Embed PDF,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload XSS Embed Any Document
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

A vulnerability, which was classified as critical, was found in code-projects Simple Online Hotel Reservation System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload PHP Simple Online Hotel Reservation System
NVD GitHub VulDB
EPSS 1% CVSS 7.2
HIGH POC This Week

A vulnerability classified as problematic was found in SourceCodester Storage Unit Rental Management System 1.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Storage Unit Rental Management System
NVD GitHub VulDB
EPSS 1% CVSS 9.8
CRITICAL Act Now

A vulnerability classified as critical has been found in Simple and Beautiful Shopping Cart System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload PHP Simple And Beautiful Shopping Cart System
NVD GitHub VulDB
EPSS 21% CVSS 9.1
CRITICAL POC THREAT Act Now

General Bytes Crypto Application Server (CAS) 20230120, as distributed with General Bytes BATM devices, allows remote attackers to execute arbitrary Java code by uploading a Java application to the. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java File Upload Crypto Application Server
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

A vulnerability, which was classified as critical, was found in RockOA 2.3.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Rockoa
NVD VulDB
EPSS 1% CVSS 9.8
CRITICAL Act Now

A vulnerability was found in SourceCodester Simple and Nice Shopping Cart Script 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload PHP Simple And Nice Shopping Cart Script
NVD GitHub VulDB
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

A vulnerability was found in xzjie cms up to 1.0.3 and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Xzjie Cms
NVD VulDB
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

A vulnerability classified as critical has been found in SourceCodester Simple Music Player 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Simple Music Player
NVD GitHub VulDB
EPSS 1% CVSS 7.2
HIGH POC This Week

A vulnerability was found in Meizhou Qingyunke QYKCMS 4.3.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Qykcms
NVD GitHub VulDB
EPSS 1% CVSS 7.2
HIGH POC This Week

A vulnerability was found in SourceCodester Gadget Works Online Ordering System 1.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Gadget Works Online Ordering System
NVD GitHub VulDB
EPSS 1% CVSS 8.8
HIGH This Week

When uploading a firmware image to a Netgear Nighthawk Wifi6 Router (RAX30), a hidden “forceFWUpdate” parameter may be provided to force the upgrade to complete and bypass certain validation checks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Netgear File Upload Rax30 Firmware
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

A vulnerability was found in Simple Art Gallery 1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Simple Art Gallery
NVD GitHub VulDB
EPSS 1% CVSS 7.2
HIGH POC This Week

An arbitrary file upload vulnerability in the \admin\c\CommonController.php component of Jizhicms v2.4.5 allows attackers to execute arbitrary code via a crafted phtml file. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload PHP +1
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

An arbitrary file upload vulnerability in the /admin/user/uploadImg component of PerfreeBlog v3.1.1 allows attackers to execute arbitrary code via a crafted JPG file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Perfreeblog
NVD GitHub
EPSS 2% CVSS 7.2
HIGH POC This Week

An issue was discovered in Sitecore XP/XM 10.3. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Experience Manager +1
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

A vulnerability has been found in SourceCodester Online Pizza Ordering System 1.0 and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Online Pizza Ordering System
NVD GitHub VulDB
EPSS 1% CVSS 9.8
CRITICAL Act Now

A vulnerability, which was classified as problematic, was found in SourceCodester Online Tours & Travels Management System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload PHP Online Tours Travels Management System
NVD VulDB
EPSS 2% CVSS 8.8
HIGH POC This Week

The Auto Featured Image (Auto Post Thumbnail) WordPress plugin before 3.9.16 includes an AJAX endpoint that allows any user with at least Author privileges to upload arbitrary files, such as PHP. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload WordPress PHP +1
NVD WPScan
EPSS 1% CVSS 8.8
HIGH POC This Week

A File Upload vulnerability exists in AvantFAX 3.3.7. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Avantfax
NVD GitHub VulDB
EPSS 1% CVSS 7.2
HIGH POC This Week

A vulnerability was found in Guizhou 115cms 4.2. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload 115Cms
NVD GitHub VulDB
EPSS 1% CVSS 4.8
MEDIUM POC This Month

An arbitrary file upload vulnerability in Halo up to v1.6.1 allows attackers to execute arbitrary code via a crafted .md file. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Halo
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC PATCH This Week

Unrestricted Upload of File with Dangerous Type in GitHub repository cockpit-hq/cockpit prior to 2.4.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

File Upload Cockpit
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

A vulnerability was found in UCMS 1.6 and classified as critical.php of the component System File Management Module. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload PHP Ucms
NVD GitHub VulDB
EPSS 0% CVSS 5.4
MEDIUM POC This Month

An arbitrary file upload vulnerability in Poly Trio 8800 7.2.2.1094 allows attackers to execute arbitrary code via a crafted ringtone file. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS RCE File Upload +1
NVD VulDB
EPSS 1% CVSS 7.5
HIGH This Week

SmartBear Zephyr Enterprise through 7.15.0 allows unauthenticated users to upload large files, which could exhaust the local drive space, causing a denial of service condition. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Denial Of Service Zephyr Enterprise
NVD
EPSS 9% CVSS 8.8
HIGH PATCH This Week

The Envato Elements & Download and Template Kit - Import plugins for WordPress are vulnerable to arbitrary file uploads due to insufficient validation of file type upon extracting uploaded Zip files. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

WordPress File Upload RCE +2
NVD VulDB
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

An arbitrary file upload vulnerability in the component /admin1/config/update of onekeyadmin v1.3.9 allows attackers to execute arbitrary code via a crafted PHP file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload PHP +1
NVD GitHub
EPSS 21% CVSS 9.8
CRITICAL POC THREAT Act Now

An arbitrary file upload vulnerability in the camera_upload.php component of PMB v7.4.6 allows attackers to execute arbitrary code via a crafted image file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free File Upload RCE +3
NVD GitHub
EPSS 1% CVSS 8.8
HIGH This Week

A vulnerability, which was classified as problematic, was found in ECshop up to 4.1.8. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Ecshop
NVD GitHub VulDB
EPSS 1% CVSS 8.8
HIGH This Week

A vulnerability, which was classified as problematic, has been found in ECshop up to 4.1.8. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload PHP Ecshop
NVD GitHub VulDB
EPSS 1% CVSS 7.5
HIGH POC This Week

CleverStupidDog yf-exam 1.8.0 is vulnerable to File Upload. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Yf Exam
NVD GitHub
EPSS 0% CVSS 6.1
MEDIUM This Month

A vulnerability in the file upload functionality of Cisco Webex App for Web could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco XSS File Upload +1
NVD
EPSS 3% CVSS 9.8
CRITICAL POC Act Now

A vulnerability was found in Drag and Drop Multiple File Upload Contact Form 7 5.0.6.1 on WordPress. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal WordPress PHP +2
NVD GitHub VulDB
EPSS 1% CVSS 6.5
MEDIUM POC This Month

In Dataiku DSS 11.2.1, an attacker can download other Dataiku files that were uploaded to the myfiles section by specifying the target username in a download request. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Data Science Studio
NVD GitHub
EPSS 2% CVSS 7.2
HIGH POC This Week

An arbitrary file upload vulnerability in laravel-admin v1.8.19 allows attackers to execute arbitrary code via a crafted PHP file. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload PHP +1
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

Sme.UP ERP TOKYO V6R1M220406 was discovered to contain an arbitrary file upload vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Erp
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

File upload vulnerability in Umbraco Forms v.8.7.0 allows unauthenticated attackers to execute arbitrary code via a crafted web.config and asp file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload RCE Umbraco Forms
NVD VulDB
EPSS 2% CVSS 8.1
HIGH This Week

Judging Management System 1.0 was discovered to contain an arbitrary file upload vulnerability via the component edit_organizer.php. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload PHP Judging Management System
NVD
EPSS 2% CVSS 8.8
HIGH POC This Week

A vulnerability, which was classified as problematic, has been found in SourceCodester Best POS Management System 1.0.php?page=site_settings of the component Image Handler. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Best Pos Management System
NVD VulDB Exploit-DB
EPSS 47% CVSS 7.5
HIGH PATCH This Week

Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache File Upload Denial Of Service +2
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

A vulnerability has been found in codeprojects Pharmacy Management System 1.0 and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload PHP Pharmacy Management System
NVD VulDB
EPSS 1% CVSS 9.1
CRITICAL Act Now

SAP BusinessObjects Business Intelligence Platform (CMC) - versions 420, 430, allows an authenticated admin user to upload malicious code that can be executed by the application over the network. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP File Upload Businessobjects Business Intelligence Platform
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

SAP Business Planning and Consolidation - versions 200, 300, allows an attacker with business authorization to upload any files (including web pages) without the proper file format validation. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP File Upload Business Planning And Consolidation
NVD
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

An arbitrary file upload vulnerability in the component /fos/admin/ajax.php of Food Ordering System v2.0 allows attackers to execute arbitrary code via a crafted PHP file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload PHP +1
NVD GitHub VulDB
EPSS 1% CVSS 8.8
HIGH POC This Week

The Enable Media Replace WordPress plugin before 4.0.2 does not prevent authors from uploading arbitrary files to the site, which may allow them to upload PHP shells on affected sites. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload WordPress PHP +1
NVD WPScan
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

A vulnerability was found in EcShop 4.1.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Ecshop
NVD GitHub VulDB
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

Raffle Draw System v1.0 was discovered to contain a local file inclusion vulnerability via the page parameter in index.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Raffle Draw System
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Pimcore is an Open Source Data & Experience Management Platform: PIM, MDM, CDP, DAM, DXP/CMS & Digital Commerce. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload Pimcore
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM This Month

A vulnerability was found in FastCMS 0.1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Fastcms
NVD GitHub VulDB
EPSS 1% CVSS 7.2
HIGH POC This Week

An arbitrary file upload vulnerability in Ftdms v3.1.6 allows attackers to execute arbitrary code via uploading a crafted JPG file. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Ftdms
NVD
EPSS 2% CVSS 8.8
HIGH This Week

NOSH 4a5cfdb allows remote authenticated users to execute PHP arbitrary code via the "practice logo" upload feature. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE File Upload PHP +1
NVD GitHub
EPSS 60% CVSS 9.1
CRITICAL Act Now

A file upload vulnerability in exists in Trend Micro Apex One server build 11110. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Trend Micro Apex One
NVD
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

An arbitrary file write vulnerability in Serenissima Informatica Fast Checkin v1.0 allows unauthenticated attackers to upload malicious files in the web root of the application to gain access to the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Fast Checkin
NVD VulDB
EPSS 6% CVSS 8.8
HIGH POC PATCH This Week

Unrestricted Upload of File with Dangerous Type in GitHub repository unilogies/bumsys prior to v1.0.3-beta. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

File Upload Bumsys
NVD GitHub Exploit-DB
EPSS 1% CVSS 8.8
HIGH POC This Week

An arbitrary file upload vulnerability in the /api/upload component of zdir v3.2.0 allows attackers to execute arbitrary code via a crafted .ssh file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Path Traversal File Upload +1
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC PATCH This Week

act is a project which allows for local running of github actions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Path Traversal File Upload Privilege Escalation +1
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL POC PATCH Act Now

erohtar/Dasherr is a dashboard for self-hosted services. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE File Upload PHP +1
NVD GitHub
Prev Page 29 of 45 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy