Skip to main content

File Upload

4034 CVEs technique

Monthly

CVE-2022-36557 CRITICAL Act Now

Seiko SkyBridge MB-A100/A110 v4.2.0 and below was discovered to contain an arbitrary file upload vulnerability via the restore backup function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE File Upload Skybridge Mb A100 Firmware Skybridge Mb A110 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-37161 MEDIUM POC This Month

Claroline 13.5.7 and prior is vulnerable to Cross Site Scripting (XSS) via SVG file upload. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS File Upload Claroline
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-37159 CRITICAL POC THREAT Act Now

Claroline 13.5.7 and prior is vulnerable to Remote code execution via arbitrary file upload. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Claroline
NVD GitHub
CVSS 3.1
9.8
EPSS
24.9%
CVE-2022-37181 CRITICAL POC Act Now

72crm 9.0 has an Arbitrary file upload vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Wukong Crm
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-36285 HIGH This Week

Authenticated Arbitrary File Upload vulnerability in dmitrylitvinov Uploading SVG, WEBP and ICO files plugin <= 1.0.1 at WordPress. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress File Upload Uploading Svg Webp And Ico Files
NVD
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-34919 CRITICAL POC Act Now

The file upload wizard in Zengenti Contensis Classic before 15.2.1.79 does not correctly check that a user has authenticated. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass File Upload Contensis
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2022-35150 CRITICAL POC Act Now

Baijicms v4 was discovered to contain an arbitrary file upload vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Baijiacms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-2594 HIGH POC This Week

The Advanced Custom Fields WordPress plugin before 5.12.3, Advanced Custom Fields Pro WordPress plugin before 5.12.3 allows unauthenticated users to upload files allowed in a default WP configuration. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress PHP File Upload Advanced Custom Fields
NVD WPScan
CVSS 3.1
8.8
EPSS
1.3%
CVE-2022-2909 HIGH POC This Week

A vulnerability was found in SourceCodester Simple and Nice Shopping Cart Script. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Simple And Nice Shopping Cart Script
NVD VulDB
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-2180 CRITICAL POC Act Now

The GREYD.SUITE WordPress theme does not properly validate uploaded custom font packages, and does not perform any authorization or csrf checks, allowing an unauthenticated attacker to upload. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress File Upload RCE CSRF PHP +1
NVD WPScan
CVSS 3.1
9.8
EPSS
1.9%
CVE-2022-2804 CRITICAL POC Act Now

A vulnerability was found in SourceCodester Zoo Management System. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Zoo Management System
NVD VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-2779 CRITICAL POC Act Now

A vulnerability classified as critical was found in SourceCodester Gas Agency Management System. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Gas Agency Management System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-2751 CRITICAL Act Now

A vulnerability was found in SourceCodester Company Website CMS and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP File Upload Company Website Cms
NVD VulDB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2022-2750 CRITICAL Act Now

A vulnerability, which was classified as critical, was found in SourceCodester Company Website CMS. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP File Upload Company Website Cms
NVD VulDB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2022-2749 HIGH POC This Week

A vulnerability was found in SourceCodester Gym Management System. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Gym Management System
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-2746 CRITICAL Act Now

A vulnerability has been found in SourceCodester Simple Online Book Store System and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP File Upload Simple Online Book Store System
NVD VulDB
CVSS 3.1
9.8
EPSS
0.5%
CVE-2022-2744 CRITICAL Act Now

A vulnerability, which was classified as critical, has been found in SourceCodester Gym Management System. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP File Upload Gym Management System
NVD VulDB
CVSS 3.1
9.8
EPSS
0.5%
CVE-2022-2740 CRITICAL Act Now

A vulnerability was found in SourceCodester Company Website CMS. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP File Upload Company Website Cms
NVD VulDB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2022-2736 CRITICAL Act Now

A vulnerability was found in SourceCodester Company Website CMS. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP File Upload Company Website Cms
NVD VulDB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2022-35426 CRITICAL POC Act Now

UCMS 1.6 is vulnerable to arbitrary file upload via ucms/sadmin/file PHP file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Ucms
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-36264 CRITICAL POC Act Now

In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists an Unauthenticated remote Arbitrary File Upload vulnerability which allows overwriting arbitrary files. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Airspot 5410 Firmware
NVD GitHub
CVSS 3.1
9.1
EPSS
1.2%
CVE-2022-2356 HIGH POC This Week

The Frontend File Manager & Sharing WordPress plugin before 1.1.3 does not filter file extensions when letting users upload files on the server, which may lead to malicious code being uploaded. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload WordPress User Private Files
NVD WPScan VulDB
CVSS 3.1
8.8
EPSS
1.2%
CVE-2022-2046 MEDIUM POC This Month

The Directorist WordPress plugin before 7.2.3 allows administrators to download other plugins from the same vendor directly to the site, but does not check the URL domain it gets the zip files from. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress File Upload Directorist
NVD WPScan
CVSS 3.1
4.9
EPSS
0.8%
CVE-2022-2694 HIGH POC This Week

A vulnerability was found in SourceCodester Company Website CMS and classified as critical. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Company Website Cms
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-2678 HIGH POC This Week

A vulnerability was found in SourceCodester Alphaware Simple E-Commerce System. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Alphaware E Commerce System
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-2647 CRITICAL Act Now

A vulnerability was found in jeecg-boot. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Jeecg Boot
NVD VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-36197 MEDIUM POC This Month

BigTree CMS 4.4.16 was discovered to contain an arbitrary file upload vulnerability which allows attackers to execute arbitrary code via a crafted PDF file. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS File Upload Bigtree Cms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-34613 CRITICAL POC Act Now

Mealie 1.0.0beta3 contains an arbitrary file upload vulnerability which allows attackers to execute arbitrary code via a crafted file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Mealie
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2022-34154 HIGH This Week

Authenticated (author or higher user role) Arbitrary File Upload vulnerability in ideasToCode Enable SVG, WebP & ICO Upload plugin <= 1.0.1 at WordPress. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress File Upload Enable Svg Webp Ico Upload
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2022-34496 CRITICAL POC Act Now

Hiby R3 PRO firmware v1.5 to v1.7 was discovered to contain a file upload vulnerability via the file upload feature. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Hiby R3 Pro Firmware Hiby R3 Pro Saber Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-34578 HIGH POC This Week

Open Source Point of Sale v3.3.7 was discovered to contain an arbitrary file upload vulnerability via the Update Branding Settings page. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Open Source Point Of Sale
NVD
CVSS 3.1
7.2
EPSS
1.0%
CVE-2022-34120 HIGH POC THREAT This Week

Barangay Management System v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the module editing function at /pages/activity/activity.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Barangay Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
17.5%
CVE-2022-34549 HIGH POC This Week

Sims v1.0 was discovered to contain an arbitrary file upload vulnerability via the component /uploadServlet. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Sims
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2022-34971 PHP HIGH POC This Week

An arbitrary file upload vulnerability in the Advertising Management module of Feehi CMS v2.1.1 allows attackers to execute arbitrary code via a crafted PHP file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Feehi Cms
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2022-34965 HIGH POC This Week

OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain an arbitrary file upload vulnerability via the component /ossn/administrator/com_installer. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Open Source Social Network
NVD GitHub
CVSS 3.1
7.2
EPSS
1.6%
CVE-2022-34115 Maven CRITICAL POC PATCH Act Now

DataEase v1.11.1 was discovered to contain a arbitrary file write vulnerability via the parameter dataSourceId. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Dataease
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-28700 HIGH PATCH This Week

Authenticated Arbitrary File Creation via Export function vulnerability in GiveWP's GiveWP plugin <= 2.20.2 at WordPress. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

WordPress File Upload Givewp
NVD
CVSS 3.1
7.2
EPSS
1.5%
CVE-2022-35569 MEDIUM POC This Month

Blogifier v3.0 was discovered to contain an arbitrary file upload vulnerability at /api/storage/upload/PostImage. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS File Upload Blogifier
NVD GitHub
CVSS 3.1
4.8
EPSS
0.4%
CVE-2022-1565 HIGH POC PATCH THREAT Act Now

The plugin WP All Import is vulnerable to arbitrary file uploads due to missing file type validation via the wp_all_import_get_gz.php file in versions up to, and including, 3.6.7. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 51.8%.

RCE PHP File Upload Wp All Import
NVD Exploit-DB VulDB
CVSS 3.1
7.2
EPSS
51.8%
Threat
4.5
CVE-2022-24688 HIGH POC This Week

An issue was discovered in DSK DSKNet 2.16.136.0 and 2.17.136.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE SQLi File Upload Dsknet
NVD GitHub
CVSS 3.1
8.8
EPSS
2.7%
CVE-2022-32119 HIGH POC This Week

Arox School ERP Pro v1.0 was discovered to contain multiple arbitrary file upload vulnerabilities via the Add Photo function at photogalleries.inc.php and the import staff excel function at. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP School Erp Pro
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
2.0%
CVE-2022-2420 HIGH POC This Week

A vulnerability was found in URVE Web Manager. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Urve Web Manager
NVD GitHub VulDB
CVSS 3.1
8.0
EPSS
1.1%
CVE-2022-2419 HIGH POC THREAT This Week

A vulnerability was found in URVE Web Manager. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Urve Web Manager
NVD GitHub VulDB
CVSS 3.1
8.0
EPSS
12.8%
CVE-2022-2418 HIGH POC This Week

A vulnerability was found in URVE Web Manager. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Urve Web Manager
NVD GitHub VulDB
CVSS 3.1
8.0
EPSS
1.1%
CVE-2022-22450 LOW PATCH Monitor

IBM Security Verify Identity Manager 10.0 could allow a privileged user to upload a malicious file by bypassing extension security in an HTTP request. Rated low severity (CVSS 3.8), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

IBM File Upload Security Verify Governance
NVD
CVSS 3.1
3.8
EPSS
0.6%
CVE-2022-28372 HIGH POC This Week

On Verizon 5G Home LVSKIHP InDoorUnit (IDU) 3.4.66.162 and OutDoorUnit (ODU) 3.33.101.0 devices, the CRTC and ODU RPC endpoints provide a means of provisioning a firmware update for the device via. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Lvskihp Indoorunit Firmware Lvskihp Outdoorunit Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-28369 CRITICAL POC Act Now

Verizon 5G Home LVSKIHP InDoorUnit (IDU) 3.4.66.162 does not validate the user-provided URL within the crtcmode function's enable_ssh sub-operation of the crtcrpc JSON listener (found at. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Lvskihp Indoorunit Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2022-32114 npm HIGH POC This Week

An unrestricted file upload vulnerability in the Add New Assets function of Strapi 4.1.12 allows attackers to conduct XSS attacks via a crafted PDF file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload XSS Strapi
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.6%
CVE-2022-32065 Maven MEDIUM POC PATCH This Month

An arbitrary file upload vulnerability in the background management module of RuoYi v4.7.3 and below allows attackers to execute arbitrary code via a crafted HTML file. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE XSS File Upload Ruoyi
NVD GitHub
CVSS 3.1
5.4
EPSS
0.9%
CVE-2022-30216 HIGH This Week

Windows Server Service Tampering Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft File Upload Windows 10 Windows 11 Windows Server 2016 +1
NVD
CVSS 3.1
8.8
EPSS
88.6%
CVE-2022-2297 HIGH POC Act Now

A vulnerability, which was classified as critical, was found in SourceCodester Clinics Patient Management System 2.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Clinic S Patient Management System
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
3.3%
CVE-2022-1952 CRITICAL POC THREAT Act Now

The Free Booking Plugin for Hotels, Restaurant and Car Rental WordPress plugin before 1.1.16 suffers from insufficient input validation which leads to arbitrary file upload and subsequently to remote. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE WordPress File Upload Easync
NVD WPScan
CVSS 3.1
9.8
EPSS
23.5%
CVE-2022-32061 PHP MEDIUM POC This Month

An arbitrary file upload vulnerability in the Select User function under the People Menu component of Snipe-IT v6.0.2 allows attackers to execute arbitrary code via a crafted file. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS File Upload Snipe It
NVD
CVSS 3.1
4.8
EPSS
0.6%
CVE-2022-32060 PHP MEDIUM POC This Month

An arbitrary file upload vulnerability in the Update Branding Settings component of Snipe-IT v6.0.2 allows attackers to execute arbitrary code via a crafted file. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS File Upload Snipe It
NVD GitHub
CVSS 3.1
4.8
EPSS
1.1%
CVE-2022-31854 HIGH POC THREAT This Week

Codoforum v5.1 was discovered to contain an arbitrary file upload vulnerability via the logo change option in the admin panel. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Codoforum
NVD GitHub Exploit-DB
CVSS 3.1
7.2
EPSS
32.2%
CVE-2022-32413 CRITICAL POC Act Now

An arbitrary file upload vulnerability in Dice v4.2.0 allows attackers to execute arbitrary code via a crafted file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Dice
NVD GitHub
CVSS 3.1
9.8
EPSS
1.8%
CVE-2022-2268 HIGH POC This Week

The Import any XML or CSV File to WordPress plugin before 3.6.8 accepts all zip files and automatically extracts the zip file without validating the extracted file type. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress File Upload Wp All Import
NVD WPScan
CVSS 3.1
7.2
EPSS
1.4%
CVE-2022-31943 Maven CRITICAL POC Act Now

MCMS v5.2.8 was discovered to contain an arbitrary file upload vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Mcms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2022-32994 CRITICAL POC THREAT Act Now

Halo CMS v1.5.3 was discovered to contain an arbitrary file upload vulnerability via the component /api/admin/attachments/upload. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Halo
NVD GitHub
CVSS 3.1
9.8
EPSS
16.7%
CVE-2022-2212 HIGH POC This Week

A vulnerability was found in SourceCodester Library Management System 1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Library Management System
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-2102 HIGH This Week

Controls limiting uploads to certain file extensions may be bypassed. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP File Upload Sepcos Control And Protection Relay Firmware
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-1519 CRITICAL Act Now

LRM does not restrict the types of files that can be uploaded to the affected product. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Local Run Manager
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2022-31362 HIGH POC THREAT This Week

Docebo Community Edition v4.0.5 and below was discovered to contain an arbitrary file upload vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Docebo
NVD
CVSS 3.1
8.8
EPSS
17.8%
CVE-2022-31374 CRITICAL POC Act Now

An arbitrary file upload vulnerability /images/background/1.php in of SolarView Compact 6.0 allows attackers to execute arbitrary code via a crafted php file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE File Upload Sv Cpt Mc310 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.4%
CVE-2022-2128 CRITICAL POC PATCH Act Now

Unrestricted Upload of File with Dangerous Type in GitHub repository polonel/trudesk prior to 1.2.4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

File Upload Trudesk
NVD GitHub
CVSS 3.1
9.8
EPSS
2.7%
CVE-2022-1939 HIGH POC This Week

The Allow svg files WordPress plugin before 1.1 does not properly validate uploaded files, which could allow high privilege users such as admin to upload PHP files even when they are not allowed to. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP WordPress File Upload Allow Svg Files
NVD WPScan
CVSS 3.1
7.2
EPSS
1.4%
CVE-2022-2111 PyPI HIGH POC PATCH This Week

Unrestricted Upload of File with Dangerous Type in GitHub repository inventree/inventree prior to 0.7.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

File Upload Inventree
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2022-32433 HIGH POC This Week

itsourcecode Advanced School Management System v1.0 is vulnerable to Arbitrary code execution via ip/school/view/all_teacher.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE File Upload Advanced School Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
1.3%
CVE-2021-42675 CRITICAL POC Act Now

Kreado Kreasfero 1.5 does not properly sanitize uploaded files to the media directory. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE PHP Kreasfero
NVD VulDB
CVSS 3.1
9.8
EPSS
3.1%
CVE-2022-32262 CRITICAL PATCH Act Now

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

RCE Command Injection File Upload Sinema Remote Connect Server
NVD
CVSS 3.1
9.8
EPSS
2.4%
CVE-2022-0863 HIGH POC THREAT This Week

The WP SVG Icons WordPress plugin through 3.2.3 does not properly validate uploaded custom icon packs, allowing an high privileged user like an admin to upload a zip file containing malicious php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE WordPress File Upload Wp Svg Icons
NVD WPScan
CVSS 3.1
7.2
EPSS
22.9%
CVE-2022-29894 npm MEDIUM This Month

Strapi v3.x.x versions and earlier contain a stored cross-site scripting vulnerability in file upload function. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS File Upload Strapi
NVD GitHub
CVSS 3.1
4.8
EPSS
0.7%
CVE-2022-24840 PyPI CRITICAL POC PATCH Act Now

django-s3file is a lightweight file upload input for Django and Amazon S3 . Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

File Upload Python Path Traversal Django S3File
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2022-30860 HIGH POC THREAT This Week

FUDforum 3.1.2 is vulnerable to Remote Code Execution through Upload File feature of File Administration System in Admin Control Panel. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Fudforum
NVD GitHub
CVSS 3.1
7.2
EPSS
23.0%
CVE-2022-32019 CRITICAL POC Act Now

Car Rental Management System v1.0 is vulnerable to Arbitrary code execution via car-rental-management-system/admin/ajax.php?action=save_car. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE File Upload Car Rental Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
2.4%
CVE-2022-30822 HIGH POC This Week

In Wedding Management System v1.0, there is an arbitrary file upload vulnerability in the picture upload point of "users_profile.php" file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Wedding Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2022-30821 HIGH POC This Week

In Wedding Management System v1.0, the editing function of the "Services" module in the background management system has an arbitrary file upload vulnerability in the picture upload point of. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Wedding Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2022-30820 HIGH POC This Week

In Wedding Management v1.0, there is an arbitrary file upload vulnerability in the picture upload point of "users_edit.php" file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Wedding Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2022-30819 HIGH POC This Week

In Wedding Management System v1.0, there is an arbitrary file upload vulnerability in the picture upload point of "photos_edit.php" file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Wedding Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2022-30808 CRITICAL POC THREAT Act Now

elitecms 1.0.1 is vulnerable to Arbitrary code execution via admin/manage_uploads.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE File Upload Elite Cms
NVD GitHub
CVSS 3.1
9.8
EPSS
16.1%
CVE-2022-30506 Maven CRITICAL POC Act Now

An arbitrary file upload vulnerability was discovered in MCMS 5.2.7, allowing an attacker to execute arbitrary code through a crafted ZIP file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Mcms
NVD
CVSS 3.1
9.8
EPSS
2.5%
CVE-2022-30423 CRITICAL POC Act Now

Merchandise Online Store v1.0 by oretnom23 has an arbitrary code execution (RCE) vulnerability in the user profile upload point in the system information. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Merchandise Online Store
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2022-29725 HIGH POC This Week

An arbitrary file upload in the image upload component of wityCMS v0.6.2 allows attackers to execute arbitrary code via a crafted PHP file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE File Upload Witycms
NVD GitHub
CVSS 3.1
8.8
EPSS
1.3%
CVE-2022-29624 HIGH POC This Week

An arbitrary file upload vulnerability in the Add File function of TPCMS v3.2 allows attackers to execute arbitrary code via a crafted PHP file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE File Upload Tpcms
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2022-26977 MEDIUM This Month

Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a license file upload mechanism. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS File Upload Control Room Management Suite
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-26976 MEDIUM This Month

Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a license file upload mechanism. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS File Upload Control Room Management Suite
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-26974 MEDIUM This Month

Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a file upload mechanism. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS File Upload Control Room Management Suite
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-26973 MEDIUM This Month

Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a license file upload mechanism. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Information Disclosure Control Room Management Suite
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2022-26971 MEDIUM This Month

Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a license file upload mechanism. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass File Upload Control Room Management Suite
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2022-24581 HIGH This Week

ACEweb Online Portal 3.5.065 allows unauthenticated SMB hash capture via UNC. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Aceweb Online Portal
NVD VulDB
CVSS 3.1
7.5
EPSS
1.1%
EPSS 1% CVSS 9.8
CRITICAL Act Now

Seiko SkyBridge MB-A100/A110 v4.2.0 and below was discovered to contain an arbitrary file upload vulnerability via the restore backup function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE File Upload Skybridge Mb A100 Firmware +1
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM POC This Month

Claroline 13.5.7 and prior is vulnerable to Cross Site Scripting (XSS) via SVG file upload. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS File Upload Claroline
NVD GitHub
EPSS 25% CVSS 9.8
CRITICAL POC THREAT Act Now

Claroline 13.5.7 and prior is vulnerable to Remote code execution via arbitrary file upload. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Claroline
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

72crm 9.0 has an Arbitrary file upload vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Wukong Crm
NVD GitHub
EPSS 1% CVSS 7.2
HIGH This Week

Authenticated Arbitrary File Upload vulnerability in dmitrylitvinov Uploading SVG, WEBP and ICO files plugin <= 1.0.1 at WordPress. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress File Upload Uploading Svg Webp And Ico Files
NVD
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

The file upload wizard in Zengenti Contensis Classic before 15.2.1.79 does not correctly check that a user has authenticated. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass File Upload Contensis
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

Baijicms v4 was discovered to contain an arbitrary file upload vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Baijiacms
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

The Advanced Custom Fields WordPress plugin before 5.12.3, Advanced Custom Fields Pro WordPress plugin before 5.12.3 allows unauthenticated users to upload files allowed in a default WP configuration. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress PHP File Upload +1
NVD WPScan
EPSS 1% CVSS 8.8
HIGH POC This Week

A vulnerability was found in SourceCodester Simple and Nice Shopping Cart Script. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Simple And Nice Shopping Cart Script
NVD VulDB
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

The GREYD.SUITE WordPress theme does not properly validate uploaded custom font packages, and does not perform any authorization or csrf checks, allowing an unauthenticated attacker to upload. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress File Upload RCE +3
NVD WPScan
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

A vulnerability was found in SourceCodester Zoo Management System. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Zoo Management System
NVD VulDB
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

A vulnerability classified as critical was found in SourceCodester Gas Agency Management System. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Gas Agency Management System
NVD GitHub VulDB
EPSS 1% CVSS 9.8
CRITICAL Act Now

A vulnerability was found in SourceCodester Company Website CMS and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP File Upload Company Website Cms
NVD VulDB
EPSS 1% CVSS 9.8
CRITICAL Act Now

A vulnerability, which was classified as critical, was found in SourceCodester Company Website CMS. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP File Upload Company Website Cms
NVD VulDB
EPSS 1% CVSS 8.8
HIGH POC This Week

A vulnerability was found in SourceCodester Gym Management System. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Gym Management System
NVD GitHub VulDB
EPSS 0% CVSS 9.8
CRITICAL Act Now

A vulnerability has been found in SourceCodester Simple Online Book Store System and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP File Upload Simple Online Book Store System
NVD VulDB
EPSS 1% CVSS 9.8
CRITICAL Act Now

A vulnerability, which was classified as critical, has been found in SourceCodester Gym Management System. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP File Upload Gym Management System
NVD VulDB
EPSS 1% CVSS 9.8
CRITICAL Act Now

A vulnerability was found in SourceCodester Company Website CMS. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP File Upload Company Website Cms
NVD VulDB
EPSS 1% CVSS 9.8
CRITICAL Act Now

A vulnerability was found in SourceCodester Company Website CMS. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP File Upload Company Website Cms
NVD VulDB
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

UCMS 1.6 is vulnerable to arbitrary file upload via ucms/sadmin/file PHP file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Ucms
NVD GitHub
EPSS 1% CVSS 9.1
CRITICAL POC Act Now

In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists an Unauthenticated remote Arbitrary File Upload vulnerability which allows overwriting arbitrary files. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Airspot 5410 Firmware
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

The Frontend File Manager & Sharing WordPress plugin before 1.1.3 does not filter file extensions when letting users upload files on the server, which may lead to malicious code being uploaded. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload WordPress User Private Files
NVD WPScan VulDB
EPSS 1% CVSS 4.9
MEDIUM POC This Month

The Directorist WordPress plugin before 7.2.3 allows administrators to download other plugins from the same vendor directly to the site, but does not check the URL domain it gets the zip files from. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress File Upload Directorist
NVD WPScan
EPSS 1% CVSS 8.8
HIGH POC This Week

A vulnerability was found in SourceCodester Company Website CMS and classified as critical. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Company Website Cms
NVD GitHub VulDB
EPSS 1% CVSS 8.8
HIGH POC This Week

A vulnerability was found in SourceCodester Alphaware Simple E-Commerce System. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Alphaware E Commerce System
NVD GitHub VulDB
EPSS 1% CVSS 9.8
CRITICAL Act Now

A vulnerability was found in jeecg-boot. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Jeecg Boot
NVD VulDB
EPSS 0% CVSS 5.4
MEDIUM POC This Month

BigTree CMS 4.4.16 was discovered to contain an arbitrary file upload vulnerability which allows attackers to execute arbitrary code via a crafted PDF file. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS File Upload +1
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

Mealie 1.0.0beta3 contains an arbitrary file upload vulnerability which allows attackers to execute arbitrary code via a crafted file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Mealie
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Authenticated (author or higher user role) Arbitrary File Upload vulnerability in ideasToCode Enable SVG, WebP & ICO Upload plugin <= 1.0.1 at WordPress. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress File Upload Enable Svg Webp Ico Upload
NVD
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

Hiby R3 PRO firmware v1.5 to v1.7 was discovered to contain a file upload vulnerability via the file upload feature. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Hiby R3 Pro Firmware Hiby R3 Pro Saber Firmware
NVD GitHub
EPSS 1% CVSS 7.2
HIGH POC This Week

Open Source Point of Sale v3.3.7 was discovered to contain an arbitrary file upload vulnerability via the Update Branding Settings page. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Open Source Point Of Sale
NVD
EPSS 17% CVSS 7.2
HIGH POC THREAT This Week

Barangay Management System v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the module editing function at /pages/activity/activity.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload +1
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

Sims v1.0 was discovered to contain an arbitrary file upload vulnerability via the component /uploadServlet. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Sims
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

An arbitrary file upload vulnerability in the Advertising Management module of Feehi CMS v2.1.1 allows attackers to execute arbitrary code via a crafted PHP file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload +1
NVD GitHub
EPSS 2% CVSS 7.2
HIGH POC This Week

OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain an arbitrary file upload vulnerability via the component /ossn/administrator/com_installer. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload +1
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC PATCH Act Now

DataEase v1.11.1 was discovered to contain a arbitrary file write vulnerability via the parameter dataSourceId. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Dataease
NVD GitHub
EPSS 1% CVSS 7.2
HIGH PATCH This Week

Authenticated Arbitrary File Creation via Export function vulnerability in GiveWP's GiveWP plugin <= 2.20.2 at WordPress. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

WordPress File Upload Givewp
NVD
EPSS 0% CVSS 4.8
MEDIUM POC This Month

Blogifier v3.0 was discovered to contain an arbitrary file upload vulnerability at /api/storage/upload/PostImage. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS File Upload Blogifier
NVD GitHub
EPSS 52% 4.5 CVSS 7.2
HIGH POC PATCH THREAT Act Now

The plugin WP All Import is vulnerable to arbitrary file uploads due to missing file type validation via the wp_all_import_get_gz.php file in versions up to, and including, 3.6.7. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 51.8%.

RCE PHP File Upload +1
NVD Exploit-DB VulDB
EPSS 3% CVSS 8.8
HIGH POC This Week

An issue was discovered in DSK DSKNet 2.16.136.0 and 2.17.136.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE SQLi +2
NVD GitHub
EPSS 2% CVSS 8.8
HIGH POC This Week

Arox School ERP Pro v1.0 was discovered to contain multiple arbitrary file upload vulnerabilities via the Add Photo function at photogalleries.inc.php and the import staff excel function at. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP School Erp Pro
NVD GitHub VulDB
EPSS 1% CVSS 8.0
HIGH POC This Week

A vulnerability was found in URVE Web Manager. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Urve Web Manager
NVD GitHub VulDB
EPSS 13% CVSS 8.0
HIGH POC THREAT This Week

A vulnerability was found in URVE Web Manager. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Urve Web Manager
NVD GitHub VulDB
EPSS 1% CVSS 8.0
HIGH POC This Week

A vulnerability was found in URVE Web Manager. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Urve Web Manager
NVD GitHub VulDB
EPSS 1% CVSS 3.8
LOW PATCH Monitor

IBM Security Verify Identity Manager 10.0 could allow a privileged user to upload a malicious file by bypassing extension security in an HTTP request. Rated low severity (CVSS 3.8), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

IBM File Upload Security Verify Governance
NVD
EPSS 1% CVSS 7.5
HIGH POC This Week

On Verizon 5G Home LVSKIHP InDoorUnit (IDU) 3.4.66.162 and OutDoorUnit (ODU) 3.33.101.0 devices, the CRTC and ODU RPC endpoints provide a means of provisioning a firmware update for the device via. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Lvskihp Indoorunit Firmware Lvskihp Outdoorunit Firmware
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

Verizon 5G Home LVSKIHP InDoorUnit (IDU) 3.4.66.162 does not validate the user-provided URL within the crtcmode function's enable_ssh sub-operation of the crtcrpc JSON listener (found at. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Lvskihp Indoorunit Firmware
NVD GitHub
EPSS 2% CVSS 8.8
HIGH POC This Week

An unrestricted file upload vulnerability in the Add New Assets function of Strapi 4.1.12 allows attackers to conduct XSS attacks via a crafted PDF file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload XSS Strapi
NVD GitHub VulDB
EPSS 1% CVSS 5.4
MEDIUM POC PATCH This Month

An arbitrary file upload vulnerability in the background management module of RuoYi v4.7.3 and below allows attackers to execute arbitrary code via a crafted HTML file. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE XSS File Upload +1
NVD GitHub
EPSS 89% CVSS 8.8
HIGH This Week

Windows Server Service Tampering Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft File Upload Windows 10 +3
NVD
EPSS 3% CVSS 8.8
HIGH POC Act Now

A vulnerability, which was classified as critical, was found in SourceCodester Clinics Patient Management System 2.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Clinic S Patient Management System
NVD GitHub VulDB
EPSS 23% CVSS 9.8
CRITICAL POC THREAT Act Now

The Free Booking Plugin for Hotels, Restaurant and Car Rental WordPress plugin before 1.1.16 suffers from insufficient input validation which leads to arbitrary file upload and subsequently to remote. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE WordPress File Upload +1
NVD WPScan
EPSS 1% CVSS 4.8
MEDIUM POC This Month

An arbitrary file upload vulnerability in the Select User function under the People Menu component of Snipe-IT v6.0.2 allows attackers to execute arbitrary code via a crafted file. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS File Upload +1
NVD
EPSS 1% CVSS 4.8
MEDIUM POC This Month

An arbitrary file upload vulnerability in the Update Branding Settings component of Snipe-IT v6.0.2 allows attackers to execute arbitrary code via a crafted file. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS File Upload +1
NVD GitHub
EPSS 32% CVSS 7.2
HIGH POC THREAT This Week

Codoforum v5.1 was discovered to contain an arbitrary file upload vulnerability via the logo change option in the admin panel. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Codoforum
NVD GitHub Exploit-DB
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

An arbitrary file upload vulnerability in Dice v4.2.0 allows attackers to execute arbitrary code via a crafted file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Dice
NVD GitHub
EPSS 1% CVSS 7.2
HIGH POC This Week

The Import any XML or CSV File to WordPress plugin before 3.6.8 accepts all zip files and automatically extracts the zip file without validating the extracted file type. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress File Upload Wp All Import
NVD WPScan
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

MCMS v5.2.8 was discovered to contain an arbitrary file upload vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Mcms
NVD GitHub
EPSS 17% CVSS 9.8
CRITICAL POC THREAT Act Now

Halo CMS v1.5.3 was discovered to contain an arbitrary file upload vulnerability via the component /api/admin/attachments/upload. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Halo
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

A vulnerability was found in SourceCodester Library Management System 1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Library Management System
NVD GitHub VulDB
EPSS 1% CVSS 7.5
HIGH This Week

Controls limiting uploads to certain file extensions may be bypassed. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP File Upload Sepcos Control And Protection Relay Firmware
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

LRM does not restrict the types of files that can be uploaded to the affected product. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Local Run Manager
NVD
EPSS 18% CVSS 8.8
HIGH POC THREAT This Week

Docebo Community Edition v4.0.5 and below was discovered to contain an arbitrary file upload vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Docebo
NVD
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

An arbitrary file upload vulnerability /images/background/1.php in of SolarView Compact 6.0 allows attackers to execute arbitrary code via a crafted php file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE File Upload +1
NVD GitHub
EPSS 3% CVSS 9.8
CRITICAL POC PATCH Act Now

Unrestricted Upload of File with Dangerous Type in GitHub repository polonel/trudesk prior to 1.2.4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

File Upload Trudesk
NVD GitHub
EPSS 1% CVSS 7.2
HIGH POC This Week

The Allow svg files WordPress plugin before 1.1 does not properly validate uploaded files, which could allow high privilege users such as admin to upload PHP files even when they are not allowed to. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP WordPress File Upload +1
NVD WPScan
EPSS 1% CVSS 8.8
HIGH POC PATCH This Week

Unrestricted Upload of File with Dangerous Type in GitHub repository inventree/inventree prior to 0.7.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

File Upload Inventree
NVD GitHub
EPSS 1% CVSS 7.2
HIGH POC This Week

itsourcecode Advanced School Management System v1.0 is vulnerable to Arbitrary code execution via ip/school/view/all_teacher.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE File Upload +1
NVD GitHub
EPSS 3% CVSS 9.8
CRITICAL POC Act Now

Kreado Kreasfero 1.5 does not properly sanitize uploaded files to the media directory. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE PHP +1
NVD VulDB
EPSS 2% CVSS 9.8
CRITICAL PATCH Act Now

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

RCE Command Injection File Upload +1
NVD
EPSS 23% CVSS 7.2
HIGH POC THREAT This Week

The WP SVG Icons WordPress plugin through 3.2.3 does not properly validate uploaded custom icon packs, allowing an high privileged user like an admin to upload a zip file containing malicious php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE WordPress +2
NVD WPScan
EPSS 1% CVSS 4.8
MEDIUM This Month

Strapi v3.x.x versions and earlier contain a stored cross-site scripting vulnerability in file upload function. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS File Upload Strapi
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL POC PATCH Act Now

django-s3file is a lightweight file upload input for Django and Amazon S3 . Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

File Upload Python Path Traversal +1
NVD GitHub
EPSS 23% CVSS 7.2
HIGH POC THREAT This Week

FUDforum 3.1.2 is vulnerable to Remote Code Execution through Upload File feature of File Administration System in Admin Control Panel. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Fudforum
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

Car Rental Management System v1.0 is vulnerable to Arbitrary code execution via car-rental-management-system/admin/ajax.php?action=save_car. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE File Upload +1
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

In Wedding Management System v1.0, there is an arbitrary file upload vulnerability in the picture upload point of "users_profile.php" file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Wedding Management System
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

In Wedding Management System v1.0, the editing function of the "Services" module in the background management system has an arbitrary file upload vulnerability in the picture upload point of. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Wedding Management System
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

In Wedding Management v1.0, there is an arbitrary file upload vulnerability in the picture upload point of "users_edit.php" file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Wedding Management System
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

In Wedding Management System v1.0, there is an arbitrary file upload vulnerability in the picture upload point of "photos_edit.php" file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Wedding Management System
NVD GitHub
EPSS 16% CVSS 9.8
CRITICAL POC THREAT Act Now

elitecms 1.0.1 is vulnerable to Arbitrary code execution via admin/manage_uploads.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE File Upload +1
NVD GitHub
EPSS 3% CVSS 9.8
CRITICAL POC Act Now

An arbitrary file upload vulnerability was discovered in MCMS 5.2.7, allowing an attacker to execute arbitrary code through a crafted ZIP file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Mcms
NVD
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

Merchandise Online Store v1.0 by oretnom23 has an arbitrary code execution (RCE) vulnerability in the user profile upload point in the system information. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Merchandise Online Store
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

An arbitrary file upload in the image upload component of wityCMS v0.6.2 allows attackers to execute arbitrary code via a crafted PHP file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE File Upload +1
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

An arbitrary file upload vulnerability in the Add File function of TPCMS v3.2 allows attackers to execute arbitrary code via a crafted PHP file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE File Upload +1
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a license file upload mechanism. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS File Upload Control Room Management Suite
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a license file upload mechanism. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS File Upload Control Room Management Suite
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a file upload mechanism. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS File Upload Control Room Management Suite
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a license file upload mechanism. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Information Disclosure Control Room Management Suite
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a license file upload mechanism. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass File Upload Control Room Management Suite
NVD
EPSS 1% CVSS 7.5
HIGH This Week

ACEweb Online Portal 3.5.065 allows unauthenticated SMB hash capture via UNC. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Aceweb Online Portal
NVD VulDB
Prev Page 32 of 45 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy