Skip to main content

File Upload

4034 CVEs technique

Monthly

CVE-2023-22851 HIGH POC This Week

Tiki before 24.2 allows lib/importer/tikiimporter_blog_wordpress.php PHP Object Injection by an admin because of an unserialize call. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Deserialization Tiki
NVD
CVSS 3.1
7.2
EPSS
1.0%
CVE-2023-0257 MEDIUM This Month

A vulnerability was found in SourceCodester Online Food Ordering System 2.0. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload PHP Online Food Ordering System
NVD VulDB
CVSS 3.1
4.7
EPSS
0.4%
CVE-2022-48194 HIGH POC THREAT This Week

TP-Link TL-WR902AC devices through V3 0.9.1 allow remote authenticated attackers to execute arbitrary code or cause a Denial of Service (DoS) by uploading a crafted firmware update because the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service RCE TP-Link File Upload Tl Wr902Ac Firmware
NVD GitHub Exploit-DB
CVSS 3.1
8.8
EPSS
33.5%
CVE-2022-45427 HIGH PATCH This Week

Some Dahua software products have a vulnerability of unrestricted upload of file. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

Dahua File Upload Dss Express Dss Professional Dhi Dss7016D S2 Firmware +2
NVD
CVSS 3.1
7.2
EPSS
0.7%
CVE-2022-4732 PHP HIGH POC PATCH THREAT This Week

Unrestricted Upload of File with Dangerous Type in GitHub repository microweber/microweber prior to 1.3.2. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Microweber
NVD GitHub
CVSS 3.1
7.2
EPSS
38.2%
CVE-2022-45896 CRITICAL Act Now

Planet eStream before 6.72.10.07 allows unauthenticated upload of arbitrary files: Choose a Video / Related Media or Upload Document. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE File Upload Planet Estream
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-4665 HIGH POC PATCH This Week

Unrestricted Upload of File with Dangerous Type in GitHub repository ampache/ampache prior to 5.5.6. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

File Upload Ampache
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2022-46493 CRITICAL POC Act Now

Default version of nbnbk was discovered to contain an arbitrary file upload vulnerability via the component /api/User/download_img. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Nbnbk
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-45415 HIGH This Week

When downloading an HTML file, if the title of the page was formatted as a filename with a malicious extension, Firefox may have saved the file with that extension, leading to possible system. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Mozilla File Upload Firefox
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-34483 HIGH This Week

An attacker who could have convinced a user to drag and drop an image to a filesystem could have manipulated the resulting filename to contain an executable extension, and by extension potentially. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla File Upload Firefox
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-34482 HIGH This Week

An attacker who could have convinced a user to drag and drop an image to a filesystem could have manipulated the resulting filename to contain an executable extension, and by extension potentially. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla File Upload Firefox
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-0517 HIGH This Week

Mozilla VPN can load an OpenSSL configuration file from an unsecured directory. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Mozilla File Upload OpenSSL Vpn
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-46102 CRITICAL POC Act Now

AyaCMS 3.1.2 is vulnerable to Arbitrary file upload via /aya/module/admin/fst_down.inc.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Ayacms
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-45966 CRITICAL POC Act Now

here is an arbitrary file upload vulnerability in the file management function module of Classcms3.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Classcms
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-46020 CRITICAL POC THREAT Act Now

WBCE CMS v1.5.4 can implement getshell by modifying the upload file type. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Wbce Cms
NVD GitHub
CVSS 3.1
9.8
EPSS
39.0%
CVE-2022-4061 HIGH POC This Week

The JobBoardWP WordPress plugin before 1.2.2 does not properly validate file names and types in its file upload functionalities, allowing unauthenticated users to upload arbitrary files such as PHP. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload WordPress Jobboardwp
NVD WPScan
CVSS 3.1
7.5
EPSS
1.4%
CVE-2022-46135 HIGH POC This Week

In AeroCms v0.0.1, there is an arbitrary file upload vulnerability at /admin/posts.php?source=edit_post , through which we can upload webshell and control the web server. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Aerocms
NVD GitHub
CVSS 3.1
7.2
EPSS
1.2%
CVE-2022-45338 HIGH This Week

An arbitrary file upload vulnerability in the profile picture upload function of Exact Synergy Enterprise 267 before 267SP13 and Exact Synergy Enterprise 500 before 500SP6 allows attackers to execute. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE File Upload Exact Synergy
NVD GitHub
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-32573 HIGH POC This Week

A directory traversal vulnerability exists in the AssetActions.aspx addDoc functionality of Lansweeper lansweeper 10.1.1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal File Upload Lansweeper
NVD
CVSS 3.1
8.8
EPSS
3.7%
CVE-2022-29517 HIGH POC THREAT This Week

A directory traversal vulnerability exists in the HelpdeskActions.aspx edittemplate functionality of Lansweeper lansweeper 10.1.1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal File Upload Lansweeper
NVD
CVSS 3.1
8.8
EPSS
60.2%
CVE-2022-4506 HIGH POC PATCH This Week

Unrestricted Upload of File with Dangerous Type in GitHub repository openemr/openemr prior to 7.0.0.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

File Upload Openemr
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2022-41267 HIGH This Week

SAP Business Objects Platform - versions 420, and 430, allows an attacker with normal BI user privileges to upload/replace any file on Business Objects server at the operating system level, enabling. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP File Upload Business Objects Business Intelligence Platform
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2022-45275 HIGH POC THREAT This Week

An arbitrary file upload vulnerability in /queuing/admin/ajax.php?action=save_settings of Dynamic Transaction Queuing System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Dynamic Transaction Queuing System
NVD GitHub
CVSS 3.1
7.2
EPSS
15.3%
CVE-2022-3912 HIGH POC This Week

The User Registration WordPress plugin before 2.2.4.1 does not properly restrict the files to be uploaded via an AJAX action available to both unauthenticated and authenticated users, which could. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress PHP File Upload User Registration
NVD WPScan
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-45968 Go HIGH POC PATCH This Week

Alist v3.4.0 is vulnerable to File Upload. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Alist
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2022-45759 HIGH POC This Week

SENS v1.0 has a file upload vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Sens
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2022-45009 HIGH POC This Week

Online Leave Management System v1.0 was discovered to contain an arbitrary file upload vulnerability at /leave_system/classes/SystemSettings.php?f=update_settings. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Online Leave Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
1.0%
CVE-2022-45359 CRITICAL Act Now

Unauth. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress File Upload Yith Woocommerce Gift Cards
NVD
CVSS 3.1
9.8
EPSS
13.5%
CVE-2022-45548 HIGH POC This Week

AyaCMS v3.1.2 has an Arbitrary File Upload vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Ayacms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2022-44289 PHP HIGH POC This Week

Thinkphp 5.1.41 and 5.0.24 has a code logic error which causes file upload getshell. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Thinkphp
NVD GitHub
CVSS 3.1
8.8
EPSS
2.9%
CVE-2022-45912 HIGH This Week

An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE File Upload Collaboration
NVD GitHub
CVSS 3.1
7.2
EPSS
1.1%
CVE-2022-45771 HIGH POC This Week

An issue in the /api/audits component of Pwndoc v0.5.3 allows attackers to escalate privileges and execute arbitrary code via uploading a crafted audit file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Pwndoc
NVD GitHub
CVSS 3.1
8.8
EPSS
1.8%
CVE-2022-4276 CRITICAL POC Act Now

A vulnerability was found in House Rental System and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload House Rental System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2022-4273 CRITICAL POC Act Now

A vulnerability, which was classified as critical, has been found in SourceCodester Human Resource Management System 1.0.php of the component Content-Type Handler. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Human Resource Management System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-4272 CRITICAL POC Act Now

A vulnerability, which was classified as critical, has been found in FeMiner wms. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Warehouse Management System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-36431 CRITICAL POC Act Now

An arbitrary file upload vulnerability in Rocket TRUfusion Enterprise before 7.9.6.1 allows unauthenticated attackers to execute arbitrary code via a crafted JSP file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Trufusion
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-4232 CRITICAL Act Now

A vulnerability, which was classified as critical, was found in SourceCodester Event Registration System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Event Registration System
NVD VulDB
CVSS 3.1
9.8
EPSS
0.4%
CVE-2022-44354 CRITICAL POC Act Now

SolarView Compact 4.0 and 5.0 is vulnerable to Unrestricted File Upload via a crafted php file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Solarview Compact Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.1%
CVE-2022-44635 HIGH This Week

Apache Fineract allowed an authenticated user to perform remote code execution due to a path traversal vulnerability in a file upload component of Apache Fineract, allowing an attacker to run remote. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal RCE Apache File Upload Fineract
NVD
CVSS 3.1
8.8
EPSS
68.8%
CVE-2022-38140 HIGH This Week

Auth. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress File Upload Seo Plugin By Squirrly Seo
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-44401 CRITICAL POC Act Now

Online Tours & Travels Management System v1.0 contains an arbitrary file upload vulnerability via /tour/admin/file.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Online Tours Travels Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-44400 CRITICAL POC Act Now

Purchase Order Management System v1.0 contains a file upload vulnerability via /purchase_order/admin/?page=system_info. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Purchase Order Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-45476 CRITICAL POC Act Now

Tiny File Manager version 2.4.8 executes the code of files uploaded by users of the application, instead of just returning them for download. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Tiny File Manager
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-41705 PHP CRITICAL POC PATCH Act Now

Badaso version 2.6.3 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Badaso
NVD GitHub
CVSS 3.1
9.8
EPSS
1.8%
CVE-2022-45039 HIGH POC This Week

An arbitrary file upload vulnerability in the Server Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary code via a crafted PHP file. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Wbce Cms
NVD
CVSS 3.1
7.2
EPSS
1.0%
CVE-2022-2791 HIGH This Week

Emerson Electric's Proficy Machine Edition Version 9.00 and prior is vulnerable to CWE-434 Unrestricted Upload of File with Dangerous Type, and will upload any file written into the PLC logic folder. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

File Upload Proficy
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-30529 HIGH POC This Week

File upload vulnerability in asith-eranga ISIC tour booking through version published on Feb 13th 2018, allows attackers to upload arbitrary files via. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Isic Lk
NVD GitHub
CVSS 3.1
7.2
EPSS
1.0%
CVE-2022-42698 CRITICAL Act Now

Unauth. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress File Upload Api2Cart Bridge Connector
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-40200 HIGH This Week

Auth. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress File Upload Wpforo Forum
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-43192 MEDIUM POC This Month

An arbitrary file upload vulnerability in the component /dede/file_manage_control.php of Dedecms v5.7.101 allows attackers to execute arbitrary code via a crafted PHP file. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Dedecms
NVD GitHub
CVSS 3.1
6.7
EPSS
0.3%
CVE-2022-44384 HIGH POC Act Now

An arbitrary file upload vulnerability in rconfig v3.9.6 allows attackers to execute arbitrary code via a crafted PHP file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Rconfig
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
5.0%
CVE-2022-43234 CRITICAL POC Act Now

An arbitrary file upload vulnerability in the /attachments component of Hoosk v1.8 allows attackers to execute arbitrary code via a crafted PHP file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Hoosk
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-43265 CRITICAL Act Now

An arbitrary file upload vulnerability in the component /pages/save_user.php of Canteen Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE PHP File Upload Canteen Management System
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-43146 HIGH This Week

An arbitrary file upload vulnerability in the image upload function of Canteen Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE PHP File Upload Canteen Management System
NVD
CVSS 3.1
7.2
EPSS
1.0%
CVE-2022-3944 HIGH POC This Week

A vulnerability was found in jerryhanjj ERP. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Erp
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.5%
CVE-2022-40981 CRITICAL PATCH Act Now

All versions of ETIC Telecom Remote Access Server (RAS) 4.5.0 and prior is vulnerable to malicious file upload. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload Remote Access Server Firmware
NVD
CVSS 3.1
10.0
EPSS
0.5%
CVE-2022-43074 CRITICAL POC Act Now

AyaCMS v3.1.2 was discovered to contain an arbitrary file upload vulnerability via the component /admin/fst_upload.inc.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Ayacms
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-39036 CRITICAL Act Now

The file upload function of Agentflow BPM has insufficient filtering for special characters in URLs. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE File Upload Agentflow
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-43277 HIGH POC This Week

Canteen Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via ip/youthappam/php_action/editFile.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Canteen Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-40797 CRITICAL POC Act Now

Roxy Fileman 1.4.6 allows Remote Code Execution via a .phar upload, because the default FORBIDDEN_UPLOADS value in conf.json only blocks .php, .php4, and .php5 files. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Roxy Fileman
NVD GitHub
CVSS 3.1
9.8
EPSS
2.6%
CVE-2022-43050 HIGH POC This Week

Online Tours & Travels Management System v1.0 was discovered to contain an arbitrary file upload vulnerability in the component update_profile.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Online Tours And Travels Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-44054 CRITICAL Act Now

The d8s-xml for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python RCE File Upload D8S Xml
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-44053 CRITICAL Act Now

The d8s-networking for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python RCE File Upload D8S Networking
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-44052 CRITICAL Act Now

The d8s-dates for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python RCE File Upload D8S Dates
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-44051 CRITICAL Act Now

The d8s-stats for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python RCE File Upload D8S Stats
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-44050 CRITICAL Act Now

The d8s-networking for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python RCE File Upload D8S Networking
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-44049 CRITICAL Act Now

The d8s-python for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python RCE File Upload D8S Python
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-44048 CRITICAL Act Now

The d8s-urls for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python RCE File Upload D8S Urls
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-43306 HIGH This Week

The d8s-timer for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Python RCE File Upload D8S Timer
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2022-43305 CRITICAL Act Now

The d8s-python for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python RCE File Upload D8S Python
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-43304 CRITICAL Act Now

The d8s-timer for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python RCE File Upload D8S Timer
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-43303 CRITICAL Act Now

The d8s-strings for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python RCE File Upload D8S Strings
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-43061 HIGH POC This Week

Online Tours & Travels Management System v1.0 was discovered to contain an arbitrary file upload vulnerability in the component /operations/travellers.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Online Tours Travels Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-3575 CRITICAL Act Now

Frauscher Sensortechnik GmbH FDS102 for FAdC R2 and FAdCi R2 v2.8.0 to v2.9.1 are vulnerable to malicious code upload without authentication by using the configuration upload function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Frauscher Diagnostic System 102
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-43085 HIGH POC This Week

An arbitrary file upload vulnerability in add_product.php of Restaurant POS System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Restaurant Pos System
NVD GitHub
CVSS 3.1
7.2
EPSS
1.1%
CVE-2022-43083 HIGH POC This Week

An arbitrary file upload vulnerability in admin-add-vehicle.php of Vehicle Booking System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Vehicle Booking System
NVD GitHub
CVSS 3.1
7.2
EPSS
1.1%
CVE-2022-39020 MEDIUM This Month

Multiple instances of XSS (stored and reflected) was found in the application. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS File Upload Schoolbox
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-42925 HIGH PATCH This Week

There is a vulnerability on Forma LMS version 3.1.0 and earlier that could allow an authenticated attacker (with the role of student) to privilege escalate in order to upload a Zip file through the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload Formalms
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-41681 HIGH PATCH This Week

There is a vulnerability on Forma LMS version 3.1.0 and earlier that could allow an authenticated attacker (with the role of student) to privilege escalate in order to upload a Zip file through the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload Formalms
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-40471 CRITICAL POC THREAT Emergency

Remote Code Execution in Clinic's Patient Management System v 1.0 allows Attacker to Upload arbitrary php webshell via profile picture upload functionality in users.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Clinic S Patient Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
19.4%
CVE-2022-3771 PHP CRITICAL Act Now

A vulnerability, which was classified as critical, has been found in easyii CMS.php of the component File Upload Management. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP File Upload Easyiicms
NVD VulDB
CVSS 3.1
9.8
EPSS
0.5%
CVE-2022-3770 HIGH POC This Week

A vulnerability classified as critical was found in Yunjing CMS. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Yunjing Content Management System
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.5%
CVE-2022-43283 MEDIUM POC This Month

wasm2c v1.0.29 was discovered to contain an abort in CWriter::Write. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Wabt
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-43231 HIGH POC This Week

Canteen Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via /youthappam/manage_website.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Canteen Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
1.1%
CVE-2022-37426 HIGH This Week

Unrestricted Upload of File with Dangerous Type vulnerability in OpenNebula OpenNebula core on Linux allows File Content Injection. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Opennebula
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2022-43275 HIGH POC This Week

Canteen Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via /youthappam/php_action/editProductImage.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Canteen Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-33859 CRITICAL Act Now

A security vulnerability was discovered in the Eaton Foreseer EPMS software. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Foreseer Electrical Power Monitoring System
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2022-39978 HIGH POC This Week

Online Pet Shop We App v1.0 was discovered to contain an arbitrary file upload vulnerability via the Editing function in the Product List module. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Online Pet Shop We App
NVD GitHub
CVSS 3.1
7.2
EPSS
1.1%
CVE-2022-39977 HIGH POC This Week

Online Pet Shop We App v1.0 was discovered to contain an arbitrary file upload vulnerability via the Editing function in the User module. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Online Pet Shop We App
NVD GitHub
CVSS 3.1
7.2
EPSS
1.1%
CVE-2022-41711 PHP CRITICAL POC PATCH Act Now

Badaso version 2.6.0 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Badaso
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
EPSS 1% CVSS 7.2
HIGH POC This Week

Tiki before 24.2 allows lib/importer/tikiimporter_blog_wordpress.php PHP Object Injection by an admin because of an unserialize call. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Deserialization +1
NVD
EPSS 0% CVSS 4.7
MEDIUM This Month

A vulnerability was found in SourceCodester Online Food Ordering System 2.0. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload PHP Online Food Ordering System
NVD VulDB
EPSS 33% CVSS 8.8
HIGH POC THREAT This Week

TP-Link TL-WR902AC devices through V3 0.9.1 allow remote authenticated attackers to execute arbitrary code or cause a Denial of Service (DoS) by uploading a crafted firmware update because the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service RCE TP-Link +2
NVD GitHub Exploit-DB
EPSS 1% CVSS 7.2
HIGH PATCH This Week

Some Dahua software products have a vulnerability of unrestricted upload of file. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

Dahua File Upload Dss Express +4
NVD
EPSS 38% CVSS 7.2
HIGH POC PATCH THREAT This Week

Unrestricted Upload of File with Dangerous Type in GitHub repository microweber/microweber prior to 1.3.2. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Microweber
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

Planet eStream before 6.72.10.07 allows unauthenticated upload of arbitrary files: Choose a Video / Related Media or Upload Document. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE File Upload Planet Estream
NVD
EPSS 1% CVSS 8.8
HIGH POC PATCH This Week

Unrestricted Upload of File with Dangerous Type in GitHub repository ampache/ampache prior to 5.5.6. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

File Upload Ampache
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

Default version of nbnbk was discovered to contain an arbitrary file upload vulnerability via the component /api/User/download_img. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Nbnbk
NVD GitHub
EPSS 0% CVSS 7.8
HIGH This Week

When downloading an HTML file, if the title of the page was formatted as a filename with a malicious extension, Firefox may have saved the file with that extension, leading to possible system. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Mozilla File Upload Firefox
NVD
EPSS 1% CVSS 8.8
HIGH This Week

An attacker who could have convinced a user to drag and drop an image to a filesystem could have manipulated the resulting filename to contain an executable extension, and by extension potentially. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla File Upload Firefox
NVD
EPSS 1% CVSS 8.8
HIGH This Week

An attacker who could have convinced a user to drag and drop an image to a filesystem could have manipulated the resulting filename to contain an executable extension, and by extension potentially. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla File Upload Firefox
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Mozilla VPN can load an OpenSSL configuration file from an unsecured directory. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Mozilla File Upload +2
NVD
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

AyaCMS 3.1.2 is vulnerable to Arbitrary file upload via /aya/module/admin/fst_down.inc.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Ayacms
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

here is an arbitrary file upload vulnerability in the file management function module of Classcms3.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Classcms
NVD GitHub
EPSS 39% CVSS 9.8
CRITICAL POC THREAT Act Now

WBCE CMS v1.5.4 can implement getshell by modifying the upload file type. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Wbce Cms
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC This Week

The JobBoardWP WordPress plugin before 1.2.2 does not properly validate file names and types in its file upload functionalities, allowing unauthenticated users to upload arbitrary files such as PHP. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload WordPress Jobboardwp
NVD WPScan
EPSS 1% CVSS 7.2
HIGH POC This Week

In AeroCms v0.0.1, there is an arbitrary file upload vulnerability at /admin/posts.php?source=edit_post , through which we can upload webshell and control the web server. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Aerocms
NVD GitHub
EPSS 0% CVSS 7.8
HIGH This Week

An arbitrary file upload vulnerability in the profile picture upload function of Exact Synergy Enterprise 267 before 267SP13 and Exact Synergy Enterprise 500 before 500SP6 allows attackers to execute. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE File Upload Exact Synergy
NVD GitHub
EPSS 4% CVSS 8.8
HIGH POC This Week

A directory traversal vulnerability exists in the AssetActions.aspx addDoc functionality of Lansweeper lansweeper 10.1.1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal File Upload Lansweeper
NVD
EPSS 60% CVSS 8.8
HIGH POC THREAT This Week

A directory traversal vulnerability exists in the HelpdeskActions.aspx edittemplate functionality of Lansweeper lansweeper 10.1.1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal File Upload Lansweeper
NVD
EPSS 1% CVSS 8.8
HIGH POC PATCH This Week

Unrestricted Upload of File with Dangerous Type in GitHub repository openemr/openemr prior to 7.0.0.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

File Upload Openemr
NVD GitHub
EPSS 1% CVSS 8.8
HIGH This Week

SAP Business Objects Platform - versions 420, and 430, allows an attacker with normal BI user privileges to upload/replace any file on Business Objects server at the operating system level, enabling. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP File Upload Business Objects Business Intelligence Platform
NVD
EPSS 15% CVSS 7.2
HIGH POC THREAT This Week

An arbitrary file upload vulnerability in /queuing/admin/ajax.php?action=save_settings of Dynamic Transaction Queuing System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload +1
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC This Week

The User Registration WordPress plugin before 2.2.4.1 does not properly restrict the files to be uploaded via an AJAX action available to both unauthenticated and authenticated users, which could. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress PHP File Upload +1
NVD WPScan
EPSS 1% CVSS 8.8
HIGH POC PATCH This Week

Alist v3.4.0 is vulnerable to File Upload. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Alist
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

SENS v1.0 has a file upload vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Sens
NVD GitHub
EPSS 1% CVSS 7.2
HIGH POC This Week

Online Leave Management System v1.0 was discovered to contain an arbitrary file upload vulnerability at /leave_system/classes/SystemSettings.php?f=update_settings. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload +1
NVD GitHub
EPSS 14% CVSS 9.8
CRITICAL Act Now

Unauth. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress File Upload Yith Woocommerce Gift Cards
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

AyaCMS v3.1.2 has an Arbitrary File Upload vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Ayacms
NVD GitHub
EPSS 3% CVSS 8.8
HIGH POC This Week

Thinkphp 5.1.41 and 5.0.24 has a code logic error which causes file upload getshell. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Thinkphp
NVD GitHub
EPSS 1% CVSS 7.2
HIGH This Week

An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE File Upload Collaboration
NVD GitHub
EPSS 2% CVSS 8.8
HIGH POC This Week

An issue in the /api/audits component of Pwndoc v0.5.3 allows attackers to escalate privileges and execute arbitrary code via uploading a crafted audit file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Pwndoc
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

A vulnerability was found in House Rental System and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload House Rental System
NVD GitHub VulDB
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

A vulnerability, which was classified as critical, has been found in SourceCodester Human Resource Management System 1.0.php of the component Content-Type Handler. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Human Resource Management System
NVD GitHub VulDB
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

A vulnerability, which was classified as critical, has been found in FeMiner wms. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Warehouse Management System
NVD GitHub VulDB
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

An arbitrary file upload vulnerability in Rocket TRUfusion Enterprise before 7.9.6.1 allows unauthenticated attackers to execute arbitrary code via a crafted JSP file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Trufusion
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

A vulnerability, which was classified as critical, was found in SourceCodester Event Registration System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Event Registration System
NVD VulDB
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

SolarView Compact 4.0 and 5.0 is vulnerable to Unrestricted File Upload via a crafted php file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Solarview Compact Firmware
NVD GitHub
EPSS 69% CVSS 8.8
HIGH This Week

Apache Fineract allowed an authenticated user to perform remote code execution due to a path traversal vulnerability in a file upload component of Apache Fineract, allowing an attacker to run remote. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal RCE Apache +2
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Auth. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress File Upload Seo Plugin By Squirrly Seo
NVD
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

Online Tours & Travels Management System v1.0 contains an arbitrary file upload vulnerability via /tour/admin/file.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Online Tours Travels Management System
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

Purchase Order Management System v1.0 contains a file upload vulnerability via /purchase_order/admin/?page=system_info. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Purchase Order Management System
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

Tiny File Manager version 2.4.8 executes the code of files uploaded by users of the application, instead of just returning them for download. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Tiny File Manager
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL POC PATCH Act Now

Badaso version 2.6.3 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Badaso
NVD GitHub
EPSS 1% CVSS 7.2
HIGH POC This Week

An arbitrary file upload vulnerability in the Server Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary code via a crafted PHP file. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Emerson Electric's Proficy Machine Edition Version 9.00 and prior is vulnerable to CWE-434 Unrestricted Upload of File with Dangerous Type, and will upload any file written into the PLC logic folder. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

File Upload Proficy
NVD
EPSS 1% CVSS 7.2
HIGH POC This Week

File upload vulnerability in asith-eranga ISIC tour booking through version published on Feb 13th 2018, allows attackers to upload arbitrary files via. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Isic Lk
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

Unauth. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress File Upload Api2Cart Bridge Connector
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Auth. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress File Upload Wpforo Forum
NVD
EPSS 0% CVSS 6.7
MEDIUM POC This Month

An arbitrary file upload vulnerability in the component /dede/file_manage_control.php of Dedecms v5.7.101 allows attackers to execute arbitrary code via a crafted PHP file. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload +1
NVD GitHub
EPSS 5% CVSS 8.8
HIGH POC Act Now

An arbitrary file upload vulnerability in rconfig v3.9.6 allows attackers to execute arbitrary code via a crafted PHP file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload +1
NVD Exploit-DB
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

An arbitrary file upload vulnerability in the /attachments component of Hoosk v1.8 allows attackers to execute arbitrary code via a crafted PHP file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload +1
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

An arbitrary file upload vulnerability in the component /pages/save_user.php of Canteen Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE PHP File Upload +1
NVD
EPSS 1% CVSS 7.2
HIGH This Week

An arbitrary file upload vulnerability in the image upload function of Canteen Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE PHP File Upload +1
NVD
EPSS 0% CVSS 8.8
HIGH POC This Week

A vulnerability was found in jerryhanjj ERP. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Erp
NVD GitHub VulDB
EPSS 1% CVSS 10.0
CRITICAL PATCH Act Now

All versions of ETIC Telecom Remote Access Server (RAS) 4.5.0 and prior is vulnerable to malicious file upload. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload Remote Access Server Firmware
NVD
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

AyaCMS v3.1.2 was discovered to contain an arbitrary file upload vulnerability via the component /admin/fst_upload.inc.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload +1
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

The file upload function of Agentflow BPM has insufficient filtering for special characters in URLs. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE File Upload Agentflow
NVD
EPSS 1% CVSS 7.2
HIGH POC This Week

Canteen Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via ip/youthappam/php_action/editFile.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload +1
NVD GitHub
EPSS 3% CVSS 9.8
CRITICAL POC Act Now

Roxy Fileman 1.4.6 allows Remote Code Execution via a .phar upload, because the default FORBIDDEN_UPLOADS value in conf.json only blocks .php, .php4, and .php5 files. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload +1
NVD GitHub
EPSS 1% CVSS 7.2
HIGH POC This Week

Online Tours & Travels Management System v1.0 was discovered to contain an arbitrary file upload vulnerability in the component update_profile.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload +1
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

The d8s-xml for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python RCE File Upload +1
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

The d8s-networking for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python RCE File Upload +1
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

The d8s-dates for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python RCE File Upload +1
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

The d8s-stats for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python RCE File Upload +1
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

The d8s-networking for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python RCE File Upload +1
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

The d8s-python for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python RCE File Upload +1
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

The d8s-urls for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python RCE File Upload +1
NVD GitHub
EPSS 1% CVSS 8.8
HIGH This Week

The d8s-timer for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Python RCE File Upload +1
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

The d8s-python for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python RCE File Upload +1
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

The d8s-timer for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python RCE File Upload +1
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

The d8s-strings for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python RCE File Upload +1
NVD GitHub
EPSS 1% CVSS 7.2
HIGH POC This Week

Online Tours & Travels Management System v1.0 was discovered to contain an arbitrary file upload vulnerability in the component /operations/travellers.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload +1
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

Frauscher Sensortechnik GmbH FDS102 for FAdC R2 and FAdCi R2 v2.8.0 to v2.9.1 are vulnerable to malicious code upload without authentication by using the configuration upload function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Frauscher Diagnostic System 102
NVD
EPSS 1% CVSS 7.2
HIGH POC This Week

An arbitrary file upload vulnerability in add_product.php of Restaurant POS System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload +1
NVD GitHub
EPSS 1% CVSS 7.2
HIGH POC This Week

An arbitrary file upload vulnerability in admin-add-vehicle.php of Vehicle Booking System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload +1
NVD GitHub
EPSS 0% CVSS 6.1
MEDIUM This Month

Multiple instances of XSS (stored and reflected) was found in the application. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS File Upload Schoolbox
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

There is a vulnerability on Forma LMS version 3.1.0 and earlier that could allow an authenticated attacker (with the role of student) to privilege escalate in order to upload a Zip file through the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload Formalms
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

There is a vulnerability on Forma LMS version 3.1.0 and earlier that could allow an authenticated attacker (with the role of student) to privilege escalate in order to upload a Zip file through the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload Formalms
NVD
EPSS 19% CVSS 9.8
CRITICAL POC THREAT Emergency

Remote Code Execution in Clinic's Patient Management System v 1.0 allows Attacker to Upload arbitrary php webshell via profile picture upload functionality in users.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload +1
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL Act Now

A vulnerability, which was classified as critical, has been found in easyii CMS.php of the component File Upload Management. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP File Upload Easyiicms
NVD VulDB
EPSS 1% CVSS 8.8
HIGH POC This Week

A vulnerability classified as critical was found in Yunjing CMS. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Yunjing Content Management System
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

wasm2c v1.0.29 was discovered to contain an abort in CWriter::Write. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Wabt
NVD GitHub
EPSS 1% CVSS 7.2
HIGH POC This Week

Canteen Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via /youthappam/manage_website.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload +1
NVD GitHub
EPSS 1% CVSS 7.5
HIGH This Week

Unrestricted Upload of File with Dangerous Type vulnerability in OpenNebula OpenNebula core on Linux allows File Content Injection. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Opennebula
NVD
EPSS 1% CVSS 7.2
HIGH POC This Week

Canteen Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via /youthappam/php_action/editProductImage.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload +1
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL Act Now

A security vulnerability was discovered in the Eaton Foreseer EPMS software. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Foreseer Electrical Power Monitoring System
NVD
EPSS 1% CVSS 7.2
HIGH POC This Week

Online Pet Shop We App v1.0 was discovered to contain an arbitrary file upload vulnerability via the Editing function in the Product List module. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload +1
NVD GitHub
EPSS 1% CVSS 7.2
HIGH POC This Week

Online Pet Shop We App v1.0 was discovered to contain an arbitrary file upload vulnerability via the Editing function in the User module. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload +1
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL POC PATCH Act Now

Badaso version 2.6.0 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Badaso
NVD GitHub
Prev Page 30 of 45 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy