Skip to main content

File Upload

4034 CVEs technique

Monthly

CVE-2022-36452 CRITICAL Act Now

A vulnerability in the web conferencing component of Mitel MiCollab through 9.5.0.101 could allow an unauthenticated attacker to upload malicious files. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE File Upload Micollab
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-39345 Go HIGH POC PATCH This Week

Gin-vue-admin is a backstage management system based on vue and gin, which separates the front and rear of the full stack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal File Upload Gin Vue Admin
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2022-39305 CRITICAL POC Act Now

Gin-vue-admin is a backstage management system based on vue and gin, which separates the front and rear of the full stack. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Gin Vue Admin
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-42189 HIGH POC This Week

Emlog Pro 1.6.0 plugins upload suffers from a remote code execution (RCE) vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Emlog
NVD GitHub
CVSS 3.1
7.2
EPSS
1.4%
CVE-2022-42201 HIGH POC This Week

Simple Exam Reviewer Management System v1.0 is vulnerable to Insecure file upload. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Simple Exam Reviewer Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
1.0%
CVE-2022-42198 HIGH POC This Week

In Simple Exam Reviewer Management System v1.0 the User List function suffers from insecure file upload. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Simple Exam Reviewer Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2022-31366 HIGH POC This Week

An arbitrary file upload vulnerability in the apiImportLabs function in api_labs.php of EVE-NG 2.0.3-112 Community allows attackers to execute arbitrary code via a crafted UNL file. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE PHP Eve Ng
NVD VulDB
CVSS 3.1
7.2
EPSS
1.1%
CVE-2022-38901 MEDIUM POC This Month

A Cross-site scripting (XSS) vulnerability in the Document and Media module - file upload functionality in Liferay Digital Experience Platform 7.3.10 SP3 allows remote attackers to inject arbitrary. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload XSS Dxp Liferay Portal
NVD VulDB
CVSS 3.1
5.4
EPSS
0.7%
CVE-2022-41537 HIGH POC This Week

Online Tours & Travels Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via the component /user_operations/profile.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Online Tours Travels Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
1.1%
CVE-2022-41504 HIGH POC This Week

An arbitrary file upload vulnerability in the component /php_action/editProductImage.php of Billing System Project v1.0 allows attackers to execute arbitrary code via a crafted PHP file. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Billing System
NVD GitHub
CVSS 3.1
7.2
EPSS
1.0%
CVE-2022-3552 HIGH POC THREAT This Week

Unrestricted Upload of File with Dangerous Type in GitHub repository boxbilling/boxbilling prior to 0.0.1. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Boxbilling
NVD GitHub Exploit-DB
CVSS 3.1
7.2
EPSS
44.0%
CVE-2022-32176 CRITICAL POC Act Now

In "Gin-Vue-Admin", versions v2.5.1 through v2.5.3b are vulnerable to Unrestricted File Upload that leads to execution of javascript code, through the "Compress Upload" functionality to the Media. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Gin Vue Admin
NVD GitHub
CVSS 3.1
9.0
EPSS
0.9%
CVE-2022-42029 HIGH This Week

Chamilo 1.11.16 is affected by an authenticated local file inclusion vulnerability which allows authenticated users with access to 'big file uploads' to copy/move files from anywhere in the file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Chamilo
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-42154 CRITICAL POC Act Now

An arbitrary file upload vulnerability in the component /apiadmin/upload/attach of 74cmsSE v3.13.0 allows attackers to execute arbitrary code via a crafted PHP file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload 74Cmsse
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-3549 HIGH POC This Week

A vulnerability was found in SourceCodester Simple Cold Storage Management System 1.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Simple Cold Storage Management System
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
0.5%
CVE-2022-3282 MEDIUM POC This Month

The Drag and Drop Multiple File Upload WordPress plugin before 1.3.6.5 does not properly check for the upload size limit set in forms, taking the value from user input sent when submitting the form. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress File Upload Drag And Drop Multiple File Upload Contact Form 7
NVD WPScan
CVSS 3.1
4.3
EPSS
0.5%
CVE-2022-32177 CRITICAL POC Act Now

In "Gin-Vue-Admin", versions v2.5.1 through v2.5.3beta are vulnerable to Unrestricted File Upload that leads to execution of javascript code, through the 'Normal Upload' functionality to the Media. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Gin Vue Admin
NVD GitHub
CVSS 3.1
9.0
EPSS
0.9%
CVE-2022-41539 HIGH POC This Week

Wedding Planner v1.0 was discovered to contain an arbitrary file upload vulnerability in the component /admin/users_add.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Wedding Planner
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2022-41538 HIGH POC This Week

Wedding Planner v1.0 was discovered to contain an arbitrary file upload vulnerability in the component /Wedding-Management-PHP/admin/photos_add.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Wedding Planner
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2022-41534 HIGH POC This Week

Online Diagnostic Lab Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via the component /php_action/createOrder.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Online Diagnostic Lab Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
1.1%
CVE-2022-41533 HIGH POC This Week

Online Diagnostic Lab Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via the component /php_action/editProductImage.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Online Diagnostic Lab Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-3458 CRITICAL Act Now

A vulnerability has been found in SourceCodester Human Resource Management System 1.0 and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP File Upload Human Resource Management System
NVD VulDB
CVSS 3.1
9.8
EPSS
0.4%
CVE-2022-41406 HIGH POC This Week

An arbitrary file upload vulnerability in the /admin/admin_pic.php component of Church Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Church Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
1.0%
CVE-2022-40921 HIGH POC This Week

DedeCMS V5.7.99 was discovered to contain an arbitrary file upload vulnerability via the component /dede/file_manage_control.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Dedecms
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-40777 HIGH POC This Week

Interspire Email Marketer through 6.5.0 allows arbitrary file upload via a surveys_submit.php "create survey and submit survey" operation, which can cause a .php file to be accessible under a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Email Marketer
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-42044 PyPI CRITICAL POC Act Now

The d8s-asns package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python File Upload D8S Asns
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-42043 PyPI CRITICAL POC Act Now

The d8s-xml package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python File Upload D8S Xml
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-42040 PyPI CRITICAL POC Act Now

The d8s-algorithms package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python File Upload D8S Algorithms
NVD GitHub
CVSS 3.1
9.8
EPSS
4.8%
CVE-2022-42039 PyPI CRITICAL POC Act Now

The d8s-lists package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python File Upload D8S Lists
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-42038 CRITICAL POC Act Now

The d8s-ip-addresses package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python File Upload D8S Ip Addresses
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-42037 PyPI CRITICAL POC Act Now

The d8s-asns package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python File Upload D8S Asns
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-42036 PyPI CRITICAL POC Act Now

The d8s-urls package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python File Upload D8S Urls
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-41387 PyPI CRITICAL POC Act Now

The d8s-pdfs package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python File Upload D8S Pdfs
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-41386 PyPI CRITICAL POC Act Now

The d8s-utility package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python File Upload D8S Utility
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-41385 PyPI CRITICAL POC Act Now

The d8s-html package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python File Upload D8S Html
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-41384 PyPI CRITICAL POC Act Now

The d8s-domains package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python File Upload D8S Domains
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-41383 PyPI CRITICAL POC Act Now

The d8s-archives package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python File Upload D8S Archives
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-41382 PyPI CRITICAL POC Act Now

The d8s-json package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python File Upload D8S Json
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-41381 PyPI CRITICAL POC Act Now

The d8s-utility package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python File Upload D8S Utility
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-41380 PyPI CRITICAL POC Act Now

The d8s-yaml package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python File Upload D8S Yaml
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-42229 HIGH POC This Week

Wedding Planner v1.0 is vulnerable to Arbitrary code execution via package_edit.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Wedding Planner
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2022-42034 HIGH POC This Week

Wedding Planner v1.0 is vulnerable to arbitrary code execution via users_profile.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Wedding Planner
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2022-3436 HIGH This Week

A vulnerability classified as critical was found in SourceCodester Web-Based Student Clearance System 1.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP File Upload Web Based Student Clearance System
NVD VulDB
CVSS 3.1
7.5
EPSS
0.5%
CVE-2022-41379 HIGH POC This Week

An arbitrary file upload vulnerability in the component /leave_system/classes/Users.php?f=save of Online Leave Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Online Leave Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-42092 PHP HIGH POC This Week

Backdrop CMS 1.22.0 has Unrestricted File Upload vulnerability via 'themes' that allows attackers to Remote Code Execution. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Backdrop Cms
NVD
CVSS 3.1
7.2
EPSS
1.5%
CVE-2022-41512 HIGH POC This Week

An arbitrary file upload vulnerability in the component /php_action/editFile.php of Online Diagnostic Lab Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Online Diagnostic Lab Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-40721 CRITICAL POC Act Now

Arbitrary file upload vulnerability in php uploader. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Creativedream File Uploader
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-3125 HIGH POC This Week

The Frontend File Manager Plugin WordPress plugin before 21.3 allows any authenticated users, such as subscriber, to rename a file to an arbitrary extension, like PHP, which could allow them to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress File Upload Frontend File Manager
NVD WPScan
CVSS 3.1
8.8
EPSS
1.1%
CVE-2022-40886 HIGH POC This Week

DedeCMS 5.7.98 has a file upload vulnerability in the background. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Dedecms
NVD GitHub
CVSS 3.1
7.2
EPSS
1.0%
CVE-2022-40341 HIGH POC This Week

mojoPortal v2.7 was discovered to contain an arbitrary file upload vulnerability which allows attackers to execute arbitrary code via a crafted PNG file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Mojoportal
NVD VulDB
CVSS 3.1
8.8
EPSS
1.2%
CVE-2022-41437 HIGH POC This Week

Billing System Project v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the component /php_action/createProduct.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Billing System Project
NVD GitHub
CVSS 3.1
7.2
EPSS
1.4%
CVE-2022-36066 HIGH PATCH This Week

Discourse is an open source discussion platform. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

RCE File Upload Discourse
NVD GitHub
CVSS 3.1
7.2
EPSS
1.6%
CVE-2022-40407 HIGH POC This Week

A zip slip vulnerability in the file upload function of Chamilo v1.11 allows attackers to execute arbitrary code via a crafted Zip file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Chamilo
NVD GitHub
CVSS 3.1
8.8
EPSS
1.3%
CVE-2022-40048 HIGH POC This Week

Flatpress v1.2.1 was discovered to contain a remote code execution (RCE) vulnerability in the Upload File function. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Flatpress
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
2.3%
CVE-2022-40878 HIGH POC THREAT This Week

In Exam Reviewer Management System 1.0, an authenticated attacker can upload a web-shell php file in profile page to achieve Remote Code Execution (RCE). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Exam Reviewer Management System
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
23.2%
CVE-2022-37346 CRITICAL PATCH Act Now

EC-CUBE plugin 'Product Image Bulk Upload Plugin' 1.0.0 and 4.1.0 contains an insufficient verification vulnerability when uploading files. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload Product Image Bulk Upload
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-40050 CRITICAL POC Act Now

ZFile v4.1.1 was discovered to contain an arbitrary file upload vulnerability via the component /file/upload/1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Zfile
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-40925 HIGH POC This Week

Zoo Management System v1.0 has an arbitrary file upload vulnerability in the picture upload point of the "save_event" file of the "Events" module in the background management system. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Zoo Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-40924 HIGH POC This Week

Zoo Management System v1.0 has an arbitrary file upload vulnerability in the picture upload point of the "save_animal" file of the "Animals" module in the background management system. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Zoo Management System
NVD GitHub Exploit-DB
CVSS 3.1
7.2
EPSS
1.0%
CVE-2022-3076 HIGH POC This Week

The CM Download Manager WordPress plugin before 2.8.6 allows high privilege users such as admin to upload arbitrary files by setting the any extension via the plugin's setting, which could be used by. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress PHP File Upload Cm Download Manager
NVD WPScan
CVSS 3.1
7.2
EPSS
1.1%
CVE-2022-35246 MEDIUM POC This Month

A NoSQL-Injection information disclosure vulnerability vulnerability exists in Rocket.Chat <v5, <v4.8.2 and <v4.7.5 in the getS3FileUrl Meteor server method that can disclose arbitrary file upload. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure File Upload Rocket Chat
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2022-40358 MEDIUM POC This Month

An issue was discovered in AjaXplorer 4.2.3, allows attackers to cause cross site scripting vulnerabilities via a crafted svg file upload. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS File Upload Ajaxplorer
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-40087 CRITICAL POC Act Now

Simple College Website v1.0 was discovered to contain an arbitrary file write vulnerability via the function file_put_contents(). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Simple College Website
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2022-40932 HIGH POC This Week

In Zoo Management System v1.0, there is an arbitrary file upload vulnerability in the picture upload point of the "gallery" file of the "Gallery" module in the background management system. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Zoo Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-40217 HIGH This Week

Authenticated (admin+) Arbitrary File Edit/Upload vulnerability in XplodedThemes WPide plugin <= 2.6 at WordPress. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress File Upload Wpide
NVD
CVSS 3.1
7.2
EPSS
0.8%
CVE-2022-36386 HIGH This Week

Authenticated Arbitrary Code Execution vulnerability in Soflyy Import any XML or CSV File to WordPress plugin <= 3.6.7 at WordPress. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE WordPress File Upload Wp All Import
NVD
CVSS 3.1
7.2
EPSS
1.1%
CVE-2022-2872 PyPI MEDIUM POC PATCH This Month

Unrestricted Upload of File with Dangerous Type in GitHub repository octoprint/octoprint prior to 1.8.3. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

File Upload Octoprint
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-38916 PHP CRITICAL POC THREAT Act Now

A file upload vulnerability exists in the storage feature of pagekit 1.0.18, which allows an attacker to upload malicious files. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Pagekit
NVD GitHub
CVSS 3.1
9.8
EPSS
17.6%
CVE-2022-32167 Go MEDIUM POC PATCH This Month

Cloudreve versions v1.0.0 through v3.5.3 are vulnerable to Stored Cross-Site Scripting (XSS), via the file upload functionality. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload XSS Privilege Escalation Cloudreve
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-40432 CRITICAL POC Act Now

The d8s-strings for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python File Upload D8S Strings
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-40431 CRITICAL POC Act Now

The d8s-pdfs for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python File Upload D8S Pdfs
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-38887 CRITICAL POC Act Now

The d8s-python for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python File Upload D8S Python
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-38886 CRITICAL POC Act Now

The d8s-xml for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python File Upload D8S Xml
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-38885 CRITICAL POC Act Now

The d8s-netstrings for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python File Upload D8S Netstrings
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-38884 CRITICAL POC Act Now

The d8s-grammars for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python File Upload D8S Grammars
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-38883 CRITICAL POC Act Now

The d8s-math for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python File Upload D8S Math
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-38882 CRITICAL POC Act Now

The d8s-json for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python File Upload D8S Json
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-38881 CRITICAL POC Act Now

The d8s-archives for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python File Upload D8S Archives
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-38877 HIGH POC This Week

Garage Management System v1.0 is vulnerable to Arbitrary code execution via ip/garage/php_action/editProductImage.php?id=1. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Garage Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
1.1%
CVE-2022-38843 HIGH POC This Week

EspoCRM version 7.1.8 is vulnerable to Unrestricted File Upload allowing attackers to upload malicious file with any extension to the server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Espocrm
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2022-38323 HIGH POC This Week

Event Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via the component /Royal_Event/update_image.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Event Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
1.0%
CVE-2022-37140 HIGH POC This Week

PayMoney 3.3 is vulnerable to Client Side Remote Code Execution (RCE). Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Paymoney
NVD GitHub
CVSS 3.1
8.0
EPSS
1.3%
CVE-2022-36667 HIGH POC THREAT This Week

Garage Management System 1.0 is vulnerable to the Remote Code Execution (RCE) due to the lack of filtering from the file upload function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Garage Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
24.4%
CVE-2022-38305 HIGH POC This Week

AeroCMS v0.0.1 was discovered to contain an arbitrary file upload vulnerability via the component /admin/profile.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Aerocms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-38296 CRITICAL POC Act Now

Cuppa CMS v1.0 was discovered to contain an arbitrary file upload vulnerability via the File Manager. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Cuppacms
NVD GitHub
CVSS 3.1
9.8
EPSS
3.9%
CVE-2022-3129 CRITICAL POC Act Now

A vulnerability was found in codeprojects Online Driving School. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Online Driving School Project
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-36582 HIGH POC This Week

An arbitrary file upload vulnerability in the component /php_action/createProduct.php of Garage Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Garage Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
1.1%
CVE-2022-36580 HIGH POC This Week

An arbitrary file upload vulnerability in the component /admin/products/controller.php?action=add of Online Ordering System v2.3.2 allows attackers to execute arbitrary code via a crafted PHP file. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Online Ordering System
NVD GitHub
CVSS 3.1
7.2
EPSS
1.1%
CVE-2022-37184 HIGH POC This Week

The application manage_website.php on Garage Management System 1.0 is vulnerable to Shell File Upload. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Garage Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2022-38625 HIGH This Week

Patlite NH-FB v1.46 and below was discovered to contain insufficient firmware validation during the upgrade firmware file upload process. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Nbm D88N Firmware Nhl 3Fb1 Firmware Nhl 3Fv1N Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
EPSS 1% CVSS 9.8
CRITICAL Act Now

A vulnerability in the web conferencing component of Mitel MiCollab through 9.5.0.101 could allow an unauthenticated attacker to upload malicious files. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE File Upload Micollab
NVD
EPSS 1% CVSS 7.5
HIGH POC PATCH This Week

Gin-vue-admin is a backstage management system based on vue and gin, which separates the front and rear of the full stack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal File Upload Gin Vue Admin
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

Gin-vue-admin is a backstage management system based on vue and gin, which separates the front and rear of the full stack. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Gin Vue Admin
NVD GitHub
EPSS 1% CVSS 7.2
HIGH POC This Week

Emlog Pro 1.6.0 plugins upload suffers from a remote code execution (RCE) vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Emlog
NVD GitHub
EPSS 1% CVSS 7.2
HIGH POC This Week

Simple Exam Reviewer Management System v1.0 is vulnerable to Insecure file upload. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Simple Exam Reviewer Management System
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

In Simple Exam Reviewer Management System v1.0 the User List function suffers from insecure file upload. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Simple Exam Reviewer Management System
NVD GitHub
EPSS 1% CVSS 7.2
HIGH POC This Week

An arbitrary file upload vulnerability in the apiImportLabs function in api_labs.php of EVE-NG 2.0.3-112 Community allows attackers to execute arbitrary code via a crafted UNL file. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE PHP +1
NVD VulDB
EPSS 1% CVSS 5.4
MEDIUM POC This Month

A Cross-site scripting (XSS) vulnerability in the Document and Media module - file upload functionality in Liferay Digital Experience Platform 7.3.10 SP3 allows remote attackers to inject arbitrary. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload XSS Dxp +1
NVD VulDB
EPSS 1% CVSS 7.2
HIGH POC This Week

Online Tours & Travels Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via the component /user_operations/profile.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload +1
NVD GitHub
EPSS 1% CVSS 7.2
HIGH POC This Week

An arbitrary file upload vulnerability in the component /php_action/editProductImage.php of Billing System Project v1.0 allows attackers to execute arbitrary code via a crafted PHP file. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload +1
NVD GitHub
EPSS 44% CVSS 7.2
HIGH POC THREAT This Week

Unrestricted Upload of File with Dangerous Type in GitHub repository boxbilling/boxbilling prior to 0.0.1. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Boxbilling
NVD GitHub Exploit-DB
EPSS 1% CVSS 9.0
CRITICAL POC Act Now

In "Gin-Vue-Admin", versions v2.5.1 through v2.5.3b are vulnerable to Unrestricted File Upload that leads to execution of javascript code, through the "Compress Upload" functionality to the Media. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Gin Vue Admin
NVD GitHub
EPSS 1% CVSS 8.8
HIGH This Week

Chamilo 1.11.16 is affected by an authenticated local file inclusion vulnerability which allows authenticated users with access to 'big file uploads' to copy/move files from anywhere in the file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Chamilo
NVD
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

An arbitrary file upload vulnerability in the component /apiadmin/upload/attach of 74cmsSE v3.13.0 allows attackers to execute arbitrary code via a crafted PHP file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload +1
NVD GitHub
EPSS 1% CVSS 7.2
HIGH POC This Week

A vulnerability was found in SourceCodester Simple Cold Storage Management System 1.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Simple Cold Storage Management System
NVD GitHub VulDB
EPSS 1% CVSS 4.3
MEDIUM POC This Month

The Drag and Drop Multiple File Upload WordPress plugin before 1.3.6.5 does not properly check for the upload size limit set in forms, taking the value from user input sent when submitting the form. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress File Upload +1
NVD WPScan
EPSS 1% CVSS 9.0
CRITICAL POC Act Now

In "Gin-Vue-Admin", versions v2.5.1 through v2.5.3beta are vulnerable to Unrestricted File Upload that leads to execution of javascript code, through the 'Normal Upload' functionality to the Media. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Gin Vue Admin
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

Wedding Planner v1.0 was discovered to contain an arbitrary file upload vulnerability in the component /admin/users_add.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload +1
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

Wedding Planner v1.0 was discovered to contain an arbitrary file upload vulnerability in the component /Wedding-Management-PHP/admin/photos_add.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload +1
NVD GitHub
EPSS 1% CVSS 7.2
HIGH POC This Week

Online Diagnostic Lab Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via the component /php_action/createOrder.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload +1
NVD GitHub
EPSS 1% CVSS 7.2
HIGH POC This Week

Online Diagnostic Lab Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via the component /php_action/editProductImage.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload +1
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL Act Now

A vulnerability has been found in SourceCodester Human Resource Management System 1.0 and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP File Upload Human Resource Management System
NVD VulDB
EPSS 1% CVSS 7.2
HIGH POC This Week

An arbitrary file upload vulnerability in the /admin/admin_pic.php component of Church Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload +1
NVD GitHub
EPSS 1% CVSS 7.2
HIGH POC This Week

DedeCMS V5.7.99 was discovered to contain an arbitrary file upload vulnerability via the component /dede/file_manage_control.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Dedecms
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

Interspire Email Marketer through 6.5.0 allows arbitrary file upload via a surveys_submit.php "create survey and submit survey" operation, which can cause a .php file to be accessible under a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Email Marketer
NVD
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

The d8s-asns package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python File Upload D8S Asns
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

The d8s-xml package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python File Upload D8S Xml
NVD GitHub
EPSS 5% CVSS 9.8
CRITICAL POC Act Now

The d8s-algorithms package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python File Upload D8S Algorithms
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

The d8s-lists package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python File Upload D8S Lists
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

The d8s-ip-addresses package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python File Upload D8S Ip Addresses
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

The d8s-asns package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python File Upload D8S Asns
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

The d8s-urls package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python File Upload D8S Urls
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

The d8s-pdfs package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python File Upload D8S Pdfs
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

The d8s-utility package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python File Upload D8S Utility
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

The d8s-html package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python File Upload D8S Html
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

The d8s-domains package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python File Upload D8S Domains
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

The d8s-archives package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python File Upload D8S Archives
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

The d8s-json package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python File Upload D8S Json
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

The d8s-utility package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python File Upload D8S Utility
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

The d8s-yaml package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python File Upload D8S Yaml
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

Wedding Planner v1.0 is vulnerable to Arbitrary code execution via package_edit.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload +1
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

Wedding Planner v1.0 is vulnerable to arbitrary code execution via users_profile.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload +1
NVD GitHub
EPSS 1% CVSS 7.5
HIGH This Week

A vulnerability classified as critical was found in SourceCodester Web-Based Student Clearance System 1.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP File Upload Web Based Student Clearance System
NVD VulDB
EPSS 1% CVSS 7.2
HIGH POC This Week

An arbitrary file upload vulnerability in the component /leave_system/classes/Users.php?f=save of Online Leave Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload +1
NVD GitHub
EPSS 1% CVSS 7.2
HIGH POC This Week

Backdrop CMS 1.22.0 has Unrestricted File Upload vulnerability via 'themes' that allows attackers to Remote Code Execution. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Backdrop Cms
NVD
EPSS 1% CVSS 7.2
HIGH POC This Week

An arbitrary file upload vulnerability in the component /php_action/editFile.php of Online Diagnostic Lab Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload +1
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

Arbitrary file upload vulnerability in php uploader. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Creativedream File Uploader
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

The Frontend File Manager Plugin WordPress plugin before 21.3 allows any authenticated users, such as subscriber, to rename a file to an arbitrary extension, like PHP, which could allow them to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress File Upload Frontend File Manager
NVD WPScan
EPSS 1% CVSS 7.2
HIGH POC This Week

DedeCMS 5.7.98 has a file upload vulnerability in the background. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Dedecms
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

mojoPortal v2.7 was discovered to contain an arbitrary file upload vulnerability which allows attackers to execute arbitrary code via a crafted PNG file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Mojoportal
NVD VulDB
EPSS 1% CVSS 7.2
HIGH POC This Week

Billing System Project v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the component /php_action/createProduct.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload +1
NVD GitHub
EPSS 2% CVSS 7.2
HIGH PATCH This Week

Discourse is an open source discussion platform. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

RCE File Upload Discourse
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

A zip slip vulnerability in the file upload function of Chamilo v1.11 allows attackers to execute arbitrary code via a crafted Zip file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Chamilo
NVD GitHub
EPSS 2% CVSS 7.2
HIGH POC This Week

Flatpress v1.2.1 was discovered to contain a remote code execution (RCE) vulnerability in the Upload File function. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Flatpress
NVD GitHub VulDB
EPSS 23% CVSS 8.8
HIGH POC THREAT This Week

In Exam Reviewer Management System 1.0, an authenticated attacker can upload a web-shell php file in profile page to achieve Remote Code Execution (RCE). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload +1
NVD Exploit-DB
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

EC-CUBE plugin 'Product Image Bulk Upload Plugin' 1.0.0 and 4.1.0 contains an insufficient verification vulnerability when uploading files. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload Product Image Bulk Upload
NVD
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

ZFile v4.1.1 was discovered to contain an arbitrary file upload vulnerability via the component /file/upload/1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Zfile
NVD GitHub
EPSS 1% CVSS 7.2
HIGH POC This Week

Zoo Management System v1.0 has an arbitrary file upload vulnerability in the picture upload point of the "save_event" file of the "Events" module in the background management system. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Zoo Management System
NVD GitHub
EPSS 1% CVSS 7.2
HIGH POC This Week

Zoo Management System v1.0 has an arbitrary file upload vulnerability in the picture upload point of the "save_animal" file of the "Animals" module in the background management system. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Zoo Management System
NVD GitHub Exploit-DB
EPSS 1% CVSS 7.2
HIGH POC This Week

The CM Download Manager WordPress plugin before 2.8.6 allows high privilege users such as admin to upload arbitrary files by setting the any extension via the plugin's setting, which could be used by. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress PHP File Upload +1
NVD WPScan
EPSS 1% CVSS 4.3
MEDIUM POC This Month

A NoSQL-Injection information disclosure vulnerability vulnerability exists in Rocket.Chat <v5, <v4.8.2 and <v4.7.5 in the getS3FileUrl Meteor server method that can disclose arbitrary file upload. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure File Upload Rocket Chat
NVD
EPSS 1% CVSS 5.4
MEDIUM POC This Month

An issue was discovered in AjaXplorer 4.2.3, allows attackers to cause cross site scripting vulnerabilities via a crafted svg file upload. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS File Upload Ajaxplorer
NVD
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

Simple College Website v1.0 was discovered to contain an arbitrary file write vulnerability via the function file_put_contents(). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload +1
NVD
EPSS 1% CVSS 7.2
HIGH POC This Week

In Zoo Management System v1.0, there is an arbitrary file upload vulnerability in the picture upload point of the "gallery" file of the "Gallery" module in the background management system. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Zoo Management System
NVD GitHub
EPSS 1% CVSS 7.2
HIGH This Week

Authenticated (admin+) Arbitrary File Edit/Upload vulnerability in XplodedThemes WPide plugin <= 2.6 at WordPress. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress File Upload Wpide
NVD
EPSS 1% CVSS 7.2
HIGH This Week

Authenticated Arbitrary Code Execution vulnerability in Soflyy Import any XML or CSV File to WordPress plugin <= 3.6.7 at WordPress. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE WordPress File Upload +1
NVD
EPSS 1% CVSS 5.4
MEDIUM POC PATCH This Month

Unrestricted Upload of File with Dangerous Type in GitHub repository octoprint/octoprint prior to 1.8.3. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

File Upload Octoprint
NVD GitHub
EPSS 18% CVSS 9.8
CRITICAL POC THREAT Act Now

A file upload vulnerability exists in the storage feature of pagekit 1.0.18, which allows an attacker to upload malicious files. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Pagekit
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM POC PATCH This Month

Cloudreve versions v1.0.0 through v3.5.3 are vulnerable to Stored Cross-Site Scripting (XSS), via the file upload functionality. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload XSS Privilege Escalation +1
NVD
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

The d8s-strings for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python File Upload D8S Strings
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

The d8s-pdfs for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python File Upload D8S Pdfs
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

The d8s-python for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python File Upload D8S Python
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

The d8s-xml for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python File Upload D8S Xml
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

The d8s-netstrings for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python File Upload D8S Netstrings
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

The d8s-grammars for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python File Upload D8S Grammars
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

The d8s-math for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python File Upload D8S Math
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

The d8s-json for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python File Upload D8S Json
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

The d8s-archives for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python File Upload D8S Archives
NVD GitHub
EPSS 1% CVSS 7.2
HIGH POC This Week

Garage Management System v1.0 is vulnerable to Arbitrary code execution via ip/garage/php_action/editProductImage.php?id=1. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload +1
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

EspoCRM version 7.1.8 is vulnerable to Unrestricted File Upload allowing attackers to upload malicious file with any extension to the server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Espocrm
NVD
EPSS 1% CVSS 7.2
HIGH POC This Week

Event Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via the component /Royal_Event/update_image.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload +1
NVD GitHub
EPSS 1% CVSS 8.0
HIGH POC This Week

PayMoney 3.3 is vulnerable to Client Side Remote Code Execution (RCE). Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Paymoney
NVD GitHub
EPSS 24% CVSS 8.8
HIGH POC THREAT This Week

Garage Management System 1.0 is vulnerable to the Remote Code Execution (RCE) due to the lack of filtering from the file upload function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload +1
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

AeroCMS v0.0.1 was discovered to contain an arbitrary file upload vulnerability via the component /admin/profile.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload +1
NVD GitHub
EPSS 4% CVSS 9.8
CRITICAL POC Act Now

Cuppa CMS v1.0 was discovered to contain an arbitrary file upload vulnerability via the File Manager. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Cuppacms
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

A vulnerability was found in codeprojects Online Driving School. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Online Driving School Project
NVD GitHub VulDB
EPSS 1% CVSS 7.2
HIGH POC This Week

An arbitrary file upload vulnerability in the component /php_action/createProduct.php of Garage Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload +1
NVD GitHub
EPSS 1% CVSS 7.2
HIGH POC This Week

An arbitrary file upload vulnerability in the component /admin/products/controller.php?action=add of Online Ordering System v2.3.2 allows attackers to execute arbitrary code via a crafted PHP file. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload +1
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

The application manage_website.php on Garage Management System 1.0 is vulnerable to Shell File Upload. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Garage Management System
NVD GitHub
EPSS 0% CVSS 8.8
HIGH This Week

Patlite NH-FB v1.46 and below was discovered to contain insufficient firmware validation during the upgrade firmware file upload process. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Nbm D88N Firmware Nhl 3Fb1 Firmware +1
NVD GitHub
Prev Page 31 of 45 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy