Skip to main content

File Upload

4034 CVEs technique

Monthly

CVE-2022-24239 CRITICAL Act Now

ACEweb Online Portal 3.5.065 was discovered to contain an unrestricted file upload vulnerability via attachments.awp. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Aceweb Online Portal
NVD VulDB
CVSS 3.1
9.8
EPSS
1.3%
CVE-2022-29637 Go HIGH POC This Week

An arbitrary file upload vulnerability in Mindoc v2.1-beta.5 allows attackers to execute arbitrary commands via a crafted Zip file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Mindoc
NVD GitHub
CVSS 3.1
7.8
EPSS
0.8%
CVE-2022-29632 CRITICAL POC THREAT Act Now

An arbitrary file upload vulnerability in the component /course/api/upload/pic of Roncoo Education v9.0.0 allows attackers to execute arbitrary code via a crafted file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Roncoo Education
NVD GitHub
CVSS 3.1
9.8
EPSS
16.1%
CVE-2022-29651 HIGH This Week

An arbitrary file upload vulnerability in the Select Image function of Online Food Ordering System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE File Upload PHP Online Food Ordering System
NVD VulDB
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-1837 HIGH POC This Week

A vulnerability was found in Home Clean Services Management System 1.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE File Upload Home Clean Services Management System
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
1.1%
CVE-2022-1811 Ruby MEDIUM POC PATCH This Month

Unrestricted Upload of File with Dangerous Type in GitHub repository publify/publify prior to 9.2.9. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

File Upload Publify
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2022-1752 HIGH POC PATCH This Week

Unrestricted Upload of File with Dangerous Type in GitHub repository polonel/trudesk prior to 1.2.2. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

File Upload Trudesk
NVD GitHub
CVSS 3.1
8.0
EPSS
2.2%
CVE-2022-30887 CRITICAL POC THREAT Act Now

Pharmacy Management System v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the component /php_action/editProductImage.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE File Upload Pharmacy Management System
NVD
CVSS 3.1
9.8
EPSS
24.8%
CVE-2022-28104 CRITICAL POC Act Now

Foxit PDF Editor v11.3.1 was discovered to contain an arbitrary file upload vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Pdf Editor
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2022-28927 CRITICAL POC PATCH THREAT Act Now

A remote code execution (RCE) vulnerability in Subconverter v0.7.2 allows attackers to execute arbitrary code via crafted config and url parameters. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE File Upload Subconverter
NVD GitHub
CVSS 3.1
9.8
EPSS
33.6%
CVE-2022-22482 MEDIUM PATCH This Month

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5 and 6.1.0.0 through 6.1.1.0 could allow an authenticated user to upload files that could fill up the filesystem and cause a denial. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

Denial Of Service IBM File Upload Sterling B2b Integrator
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2022-30007 HIGH POC This Week

GXCMS V1.5 has a file upload vulnerability in the background. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Gxcms
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-1409 HIGH POC This Week

The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.5.8 does not properly validate images, allowing high privilege users such as administrators to upload PHP files disguised as images. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP WordPress File Upload Hotel Booking Engine Pms
NVD WPScan
CVSS 3.1
7.2
EPSS
1.5%
CVE-2022-1103 HIGH POC THREAT This Week

The Advanced Uploader WordPress plugin through 4.2 allows any authenticated users like subscriber to upload arbitrary files, such as PHP, which could lead to RCE. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress File Upload Advanced Uploader
NVD WPScan Exploit-DB
CVSS 3.1
8.8
EPSS
15.9%
CVE-2022-29623 npm HIGH POC This Week

An arbitrary file upload vulnerability in the file upload module of Express Connect-Multiparty 2.2.0 allows attackers to execute arbitrary code via a crafted PDF file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Connect Multiparty
NVD GitHub
CVSS 3.1
7.8
EPSS
1.3%
CVE-2022-29622 CRITICAL POC Act Now

An arbitrary file upload vulnerability in formidable v3.1.4 allows attackers to execute arbitrary code via a crafted filename. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Formidable
NVD GitHub
CVSS 3.1
9.8
EPSS
3.4%
CVE-2022-29354 CRITICAL POC Act Now

An arbitrary file upload vulnerability in the file upload module of Keystone v4.2.1 allows attackers to execute arbitrary code via a crafted file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Keystone
NVD
CVSS 3.1
9.8
EPSS
2.5%
CVE-2022-29353 CRITICAL POC Act Now

An arbitrary file upload vulnerability in the file upload module of Graphql-upload v13.0.0 allows attackers to execute arbitrary code via a crafted filename. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Graphql Upload
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2022-29351 CRITICAL POC Act Now

An arbitrary file upload vulnerability in the file upload module of Tiddlywiki5 v5.2.2 allows attackers to execute arbitrary code via a crafted SVG file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Tiddlywiki5
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
2.4%
CVE-2022-21809 HIGH POC This Week

A file write vulnerability exists in the httpd upload.cgi functionality of InHand Networks InRouter302 V3.5.4. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Inrouter302 Firmware
NVD
CVSS 3.1
8.1
EPSS
1.7%
CVE-2022-30448 CRITICAL POC Act Now

Hospital Management System in PHP with Source Code (HMS) 1.0 was discovered to contain a File upload vulnerability in treatmentrecord.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Hospital Management System
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2022-29655 HIGH POC This Week

An arbitrary file upload vulnerability in the Upload Photos module of Wedding Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE File Upload Wedding Management System
NVD
CVSS 3.1
7.2
EPSS
1.3%
CVE-2022-29318 HIGH POC This Week

An arbitrary file upload vulnerability in the New Entry module of Car Rental Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE File Upload Car Rental Management System
NVD
CVSS 3.1
7.2
EPSS
1.3%
CVE-2020-19228 HIGH POC This Week

An issue was found in bludit v3.13.0, unsafe implementation of the backup plugin allows attackers to upload arbitrary files. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Bludit
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
1.2%
CVE-2022-28606 CRITICAL Act Now

An arbitrary file upload vulnerability exists in Wenzhou Huoyin Information Technology Co., Ltd. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Bosscms
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2022-28120 CRITICAL Act Now

Beijing Runnier Network Technology Co., Ltd Open virtual simulation experiment teaching management platform software 2.0 has a file upload vulnerability, which can be exploited by an attacker to gain. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Open Virtual Simulation Experiment Teaching Management Platform
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-1411 PHP MEDIUM POC PATCH This Month

Unrestructed file upload in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

File Upload Yetiforce Customer Relationship Management
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2022-29347 CRITICAL POC Act Now

An arbitrary file upload vulnerability in Web@rchiv 1.0 allows attackers to execute arbitrary commands via a crafted PHP file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Web Rchiv
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
2.1%
CVE-2022-28568 CRITICAL POC Act Now

Sourcecodester Doctor's Appointment System 1.0 is vulnerable to File Upload to RCE via Image upload from the administrator panel. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Simple Doctor S Appointment System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
4.1%
CVE-2022-29001 HIGH POC This Week

In SpringBootMovie <=1.2, the uploaded file suffix parameter is not filtered, resulting in arbitrary file upload vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Springbootmovie
NVD GitHub
CVSS 3.1
7.2
EPSS
1.0%
CVE-2022-20743 HIGH This Week

A vulnerability in the web management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to bypass security protections and upload malicious. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Cisco File Upload Secure Firewall Management Center
NVD
CVSS 3.1
8.8
EPSS
3.9%
CVE-2022-1273 HIGH POC This Week

The Import WP WordPress plugin before 2.4.6 does not validate the imported file in some cases, allowing high privilege users such as admin to upload arbitrary files (such as PHP), leading to RCE. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress File Upload Import Wp
NVD WPScan
CVSS 3.1
7.2
EPSS
1.5%
CVE-2022-29451 HIGH This Week

Cross-Site Request Forgery (CSRF) leading to Arbitrary File Upload vulnerability in Rara One Click Demo Import plugin <= 1.2.9 on WordPress allows attackers to trick logged-in admin users into. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF File Upload WordPress Rara One Click Demo Import
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2022-28528 HIGH POC This Week

bloofoxCMS v0.5.2.1 was discovered to contain an arbitrary file upload vulnerability via /admin/index.php?mode=content&page=media&action=edit. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Bloofoxcms
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2022-28525 HIGH This Week

ED01-CMS v20180505 was discovered to contain an arbitrary file upload vulnerability via /admin/users.php?source=edit_user&id=1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP File Upload Ed01 Cms
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2022-27468 CRITICAL POC Act Now

Monstaftp v2.10.3 was discovered to contain an arbitrary file upload which allows attackers to execute arbitrary code via a crafted file uploaded to the web server. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Monsta Ftp
NVD
CVSS 3.1
9.8
EPSS
2.0%
CVE-2022-22392 HIGH This Week

IBM Planning Analytics Local 2.0 could allow an attacker to upload arbitrary executable files which, when executed by an unsuspecting victim could result in code execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE IBM File Upload Planning Analytics Workspace
NVD
CVSS 3.1
7.8
EPSS
1.9%
CVE-2022-28053 HIGH POC This Week

Typemill v1.5.3 was discovered to contain an arbitrary file upload vulnerability via the upload function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE File Upload Typemill
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2022-28440 HIGH POC This Week

An arbitrary file upload vulnerability in UCMS v1.6 allows attackers to execute arbitrary code via a crafted PHP file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE File Upload Ucms
NVD GitHub
CVSS 3.1
8.8
EPSS
1.6%
CVE-2022-28021 CRITICAL POC THREAT Act Now

Purchase Order Management System v1.0 was discovered to contain a remote code execution (RCE) vulnerability via /purchase_order/admin/?page=user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Purchase Order Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
24.3%
CVE-2022-27478 HIGH POC THREAT This Week

Victor v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the component admin/profile.php?section=admin. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE File Upload Victor Cms
NVD GitHub
CVSS 3.1
8.8
EPSS
20.0%
CVE-2022-27862 CRITICAL Act Now

Arbitrary File Upload leading to RCE in E4J s.r.l. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP WordPress File Upload Vikbooking Hotel Booking Engine Property Management System Plugin
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2022-21477 MEDIUM This Month

Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Attachments, File Upload). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Oracle Applications Framework
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-1329 HIGH POC PATCH THREAT Act Now

The Elementor Website Builder plugin for WordPress is vulnerable to unauthorized execution of several AJAX actions due to a missing capability check in the ~/core/app/modules/onboarding/module.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP RCE WordPress File Upload Website Builder
NVD
CVSS 3.1
8.8
EPSS
92.7%
CVE-2022-29464 CRITICAL POC KEV THREAT Emergency

Certain WSO2 products allow unrestricted file upload with resultant remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Path Traversal Api Manager Enterprise Integrator +6
NVD GitHub
CVSS 3.1
9.8
EPSS
100.0%
CVE-2022-1345 CRITICAL POC PATCH Act Now

Stored XSS viva .svg file upload in GitHub repository causefx/organizr prior to 2.1.1810. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS File Upload Information Disclosure Organizr
NVD GitHub
CVSS 3.1
9.0
EPSS
1.0%
CVE-2022-28397 npm CRITICAL POC Act Now

An arbitrary file upload vulnerability in the file upload module of Ghost CMS v4.42.0 allows attackers to execute arbitrary code via a crafted file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Ghost
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
3.4%
CVE-2022-27952 npm CRITICAL POC PATCH Act Now

An arbitrary file upload vulnerability in the file upload module of PayloadCMS v0.15.0 allows attackers to execute arbitrary code via a crafted SVG file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Payload
NVD GitHub
CVSS 3.1
9.8
EPSS
2.2%
CVE-2022-27263 npm CRITICAL POC Act Now

An arbitrary file upload vulnerability in the file upload module of Strapi v4.1.5 allows attackers to execute arbitrary code via a crafted file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Strapi
NVD GitHub
CVSS 3.1
9.8
EPSS
3.0%
CVE-2022-27262 CRITICAL POC Act Now

An arbitrary file upload vulnerability in the file upload module of Skipper v0.9.1 allows attackers to execute arbitrary code via a crafted file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Skipper
NVD VulDB
CVSS 3.1
9.8
EPSS
2.1%
CVE-2022-27261 npm HIGH POC This Week

An arbitrary file write vulnerability in Express-FileUpload v1.3.1 allows attackers to upload multiple files with the same name, causing an overwrite of files in the web application server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Express Fileupload
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2022-27260 npm CRITICAL POC Act Now

An arbitrary file upload vulnerability in the file upload component of ButterCMS v1.2.8 allows attackers to execute arbitrary code via a crafted SVG file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Buttercms
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
3.0%
CVE-2022-27140 CRITICAL POC Act Now

An arbitrary file upload vulnerability in the file upload module of express-fileupload 1.3.1 allows attackers to execute arbitrary code via a crafted PHP file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE File Upload Express Fileupload
NVD GitHub
CVSS 3.1
9.8
EPSS
2.6%
CVE-2022-27139 npm CRITICAL POC Act Now

An arbitrary file upload vulnerability in the file upload module of Ghost v4.39.0 allows attackers to execute arbitrary code via a crafted SVG file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Ghost
NVD
CVSS 3.1
9.8
EPSS
3.8%
CVE-2022-27115 PHP CRITICAL POC PATCH THREAT Act Now

In Studio-42 elFinder 2.1.60, there is a vulnerability that causes remote code execution through file name bypass for file upload. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Elfinder
NVD GitHub
CVSS 3.1
9.8
EPSS
28.6%
CVE-2022-1008 HIGH POC PATCH This Week

The One Click Demo Import WordPress plugin before 3.1.0 does not validate the imported file, allowing high privilege users such as admin to upload arbitrary files (such as PHP) even when FILE_MODS. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

WordPress File Upload One Click Demo Import
NVD WPScan
CVSS 3.1
7.2
EPSS
1.7%
CVE-2022-1045 MEDIUM POC PATCH This Month

Stored XSS viva .svg file upload in GitHub repository polonel/trudesk prior to v1.2.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS File Upload Trudesk
NVD GitHub
CVSS 3.1
5.4
EPSS
1.6%
CVE-2022-27477 CRITICAL POC Act Now

Newbee-Mall v1.0.0 was discovered to contain an arbitrary file upload via the Upload function at /admin/goods/edit. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Newbee Mall
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-27131 CRITICAL Act Now

An arbitrary file upload vulnerability at /zbzedit/php/zbz.php in zbzcms v1.0 allows attackers to execute arbitrary code via a crafted PHP file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP RCE File Upload Zbzcms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2022-27129 CRITICAL Act Now

An arbitrary file upload vulnerability at /admin/ajax.php in zbzcms v1.0 allows attackers to execute arbitrary code via a crafted PHP file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP RCE File Upload Zbzcms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2022-27047 CRITICAL Act Now

mogu_blog_cms 5.2 suffers from upload arbitrary files without any limitation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Mogu Blog Cms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-27357 CRITICAL POC Act Now

Ecommerce-Website v1 was discovered to contain an arbitrary file upload vulnerability via /customer_register.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE File Upload Ecommerce Website
NVD GitHub
CVSS 3.1
9.8
EPSS
3.3%
CVE-2022-27352 HIGH POC This Week

Simple House Rental System v1 was discovered to contain an arbitrary file upload vulnerability via /app/register.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE File Upload Simple House Rental System
NVD GitHub
CVSS 3.1
8.8
EPSS
2.5%
CVE-2022-27351 CRITICAL POC Act Now

Zoo Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via /public_html/apply_vacancy. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE File Upload Zoo Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
3.2%
CVE-2022-27349 HIGH POC This Week

Social Codia SMS v1 was discovered to contain an arbitrary file upload vulnerability via addteacher.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE File Upload Social Codia Sms
NVD GitHub
CVSS 3.1
7.2
EPSS
2.4%
CVE-2022-27346 HIGH POC This Week

Ecommece-Website v1.1.0 was discovered to contain an arbitrary file upload vulnerability via /admin/index.php?slides. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE File Upload Ecommerce Website
NVD GitHub
CVSS 3.1
8.8
EPSS
2.5%
CVE-2022-27064 HIGH POC This Week

Musical World v1 was discovered to contain an arbitrary file upload vulnerability via uploaded_songs.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE File Upload Musical World
NVD GitHub
CVSS 3.1
8.8
EPSS
2.5%
CVE-2022-27061 HIGH POC This Week

AeroCMS v0.0.1 was discovered to contain an arbitrary file upload vulnerability via the Post Image function under the Admin panel. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE File Upload Aerocms
NVD GitHub
CVSS 3.1
7.2
EPSS
2.5%
CVE-2022-26627 HIGH POC This Week

Online Project Time Management System v1.0 was discovered to contain an arbitrary file write vulnerability which allows attackers to execute arbitrary code via a crafted HTML file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Online Project Time Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
1.4%
CVE-2022-26607 HIGH POC This Week

A remote code execution (RCE) vulnerability in baigo CMS v3.0-alpha-2 was discovered to allow attackers to execute arbitrary code via uploading a crafted PHP file. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE PHP Baigo Cms
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
2.4%
CVE-2022-26605 HIGH POC This Week

eZiosuite v2.0.7 contains an authenticated arbitrary file upload via the Avatar upload functionality. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Eziosuite
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2022-26630 HIGH POC This Week

Jellycms v3.8.1 and below was discovered to contain an arbitrary file upload vulnerability via \app.\admin\Controllers\db.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Jellycms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-26619 HIGH POC This Week

Halo Blog CMS v1.4.17 was discovered to allow attackers to upload arbitrary files via the Attachment Upload function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Halo
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-0537 HIGH POC This Week

The MapPress Maps for WordPress plugin before 2.73.13 allows a high privileged user to bypass the DISALLOW_FILE_EDIT and DISALLOW_FILE_MODS settings and upload arbitrary files to the site through the. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP WordPress File Upload Mappress
NVD WPScan
CVSS 3.1
7.2
EPSS
1.5%
CVE-2022-0403 HIGH POC This Week

The Library File Manager WordPress plugin before 5.2.3 is using an outdated version of the elFinder library, which is know to be affected by security issues (CVE-2021-32682), and does not have any. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress File Upload Library File Manager
NVD WPScan
CVSS 3.1
8.1
EPSS
1.2%
CVE-2022-28062 HIGH POC This Week

Car Rental System v1.0 contains an arbitrary file upload vulnerability via the Add Car component which allows attackers to upload a webshell and execute arbitrary code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Online Car Rental System
NVD GitHub
CVSS 3.1
8.8
EPSS
1.7%
CVE-2022-27435 HIGH POC This Week

An unrestricted file upload at /public/admin/index.php?add_product of Ecommerce-Website v1.1.0 allows attackers to upload a webshell via the Product Image component. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Ecommerce Website
NVD GitHub
CVSS 3.1
8.8
EPSS
1.7%
CVE-2022-27249 HIGH POC This Week

An unrestricted file upload vulnerability in IdeaRE RefTree before 2021.09.17 allows remote authenticated users to execute arbitrary code by using UploadDwg to upload a crafted aspx file to the web. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Reftree
NVD
CVSS 3.1
8.8
EPSS
4.6%
CVE-2022-23155 HIGH PATCH This Week

Dell Wyse Management Suite versions 2.0 through 3.5.2 contain an unrestricted file upload vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

RCE Dell File Upload Wyse Management Suite
NVD
CVSS 3.1
7.2
EPSS
1.3%
CVE-2022-24796 CRITICAL PATCH Act Now

RaspberryMatic is a free and open-source operating system for running a cloud-free smart-home using the homematicIP / HomeMatic hardware line of IoT devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

RCE Command Injection File Upload Raspberrymatic
NVD GitHub
CVSS 3.1
9.8
EPSS
3.5%
CVE-2022-24136 CRITICAL POC Act Now

Hospital Management System v1.0 is affected by an unrestricted upload of dangerous file type vulerability in treatmentrecord.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Hospital Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2022-26645 CRITICAL POC Act Now

A remote code execution (RCE) vulnerability in Online Banking System Protect v1.0 allows attackers to execute arbitrary code via a crafted PHP file uploaded through the Upload Image function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE PHP Banking System
NVD GitHub
CVSS 3.1
9.8
EPSS
2.6%
CVE-2022-28223 HIGH This Week

Tekon KIO devices through 2022-03-30 allow an authenticated admin user to escalate privileges to root by uploading a malicious Lua plugin. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Kio Firmware Kio 1M Firmware Kio 2Mrs Firmware Kio 2M Firmware +4
NVD
CVSS 3.1
7.2
EPSS
1.0%
CVE-2022-26871 CRITICAL KEV PATCH THREAT Act Now

An arbitrary file upload vulnerability in Trend Micro Apex Central could allow an unauthenticated remote attacker to upload an arbitrary file which could lead to remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE File Upload Trend Micro Apex Central Apex One
NVD
CVSS 3.1
9.8
EPSS
19.6%
CVE-2022-0595 MEDIUM POC PATCH THREAT This Month

The Drag and Drop Multiple File Upload WordPress plugin before 1.3.6.3 allows SVG files to be uploaded by default via the dnd_codedropz_upload AJAX action, which could lead to Stored Cross-Site. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS File Upload WordPress Drag And Drop Multiple File Upload Contact Form 7
NVD WPScan
CVSS 3.1
5.4
EPSS
13.6%
CVE-2021-40905 HIGH POC This Week

The web management console of CheckMK Enterprise Edition (versions 1.5.0 to 2.0.0p9) does not properly sanitise the uploading of ".mkp" files, which are Extension Packages, making remote code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Checkmk
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
2.8%
CVE-2022-0551 HIGH This Week

Improper Input Validation vulnerability in project file upload in Nozomi Networks Guardian and CMC allows an authenticated attacker with admin or import manager roles to execute unattended commands. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Cmc Guardian
NVD
CVSS 4.0
8.6
EPSS
0.9%
CVE-2022-23880 CRITICAL POC Act Now

An arbitrary file upload vulnerability in the File Management function module of taoCMS v3.0.2 allows attackers to execute arbitrary code via a crafted PHP file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE File Upload Taocms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2022-22952 CRITICAL PATCH Act Now

VMware Carbon Black App Control (8.5.x prior to 8.5.14, 8.6.x prior to 8.6.6, 8.7.x prior to 8.7.4 and 8.8.x prior to 8.8.2) contains a file upload vulnerability. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

VMware Microsoft File Upload Carbon Black App Control
NVD
CVSS 3.1
9.1
EPSS
1.4%
CVE-2022-0888 CRITICAL POC Act Now

The Ninja Forms - File Uploads Extension WordPress plugin is vulnerable to arbitrary file uploads due to insufficient input file type validation found in the ~/includes/ajax/controllers/uploads.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE WordPress File Upload Ninja Forms File Uploads
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
9.3%
EPSS 1% CVSS 9.8
CRITICAL Act Now

ACEweb Online Portal 3.5.065 was discovered to contain an unrestricted file upload vulnerability via attachments.awp. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Aceweb Online Portal
NVD VulDB
EPSS 1% CVSS 7.8
HIGH POC This Week

An arbitrary file upload vulnerability in Mindoc v2.1-beta.5 allows attackers to execute arbitrary commands via a crafted Zip file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Mindoc
NVD GitHub
EPSS 16% CVSS 9.8
CRITICAL POC THREAT Act Now

An arbitrary file upload vulnerability in the component /course/api/upload/pic of Roncoo Education v9.0.0 allows attackers to execute arbitrary code via a crafted file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Roncoo Education
NVD GitHub
EPSS 1% CVSS 7.2
HIGH This Week

An arbitrary file upload vulnerability in the Select Image function of Online Food Ordering System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE File Upload PHP +1
NVD VulDB
EPSS 1% CVSS 7.2
HIGH POC This Week

A vulnerability was found in Home Clean Services Management System 1.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE File Upload +1
NVD GitHub VulDB
EPSS 1% CVSS 5.4
MEDIUM POC PATCH This Month

Unrestricted Upload of File with Dangerous Type in GitHub repository publify/publify prior to 9.2.9. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

File Upload Publify
NVD GitHub
EPSS 2% CVSS 8.0
HIGH POC PATCH This Week

Unrestricted Upload of File with Dangerous Type in GitHub repository polonel/trudesk prior to 1.2.2. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

File Upload Trudesk
NVD GitHub
EPSS 25% CVSS 9.8
CRITICAL POC THREAT Act Now

Pharmacy Management System v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the component /php_action/editProductImage.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE File Upload +1
NVD
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

Foxit PDF Editor v11.3.1 was discovered to contain an arbitrary file upload vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Pdf Editor
NVD
EPSS 34% CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

A remote code execution (RCE) vulnerability in Subconverter v0.7.2 allows attackers to execute arbitrary code via crafted config and url parameters. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE File Upload Subconverter
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5 and 6.1.0.0 through 6.1.1.0 could allow an authenticated user to upload files that could fill up the filesystem and cause a denial. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

Denial Of Service IBM File Upload +1
NVD
EPSS 1% CVSS 7.2
HIGH POC This Week

GXCMS V1.5 has a file upload vulnerability in the background. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Gxcms
NVD GitHub
EPSS 1% CVSS 7.2
HIGH POC This Week

The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.5.8 does not properly validate images, allowing high privilege users such as administrators to upload PHP files disguised as images. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP WordPress File Upload +1
NVD WPScan
EPSS 16% CVSS 8.8
HIGH POC THREAT This Week

The Advanced Uploader WordPress plugin through 4.2 allows any authenticated users like subscriber to upload arbitrary files, such as PHP, which could lead to RCE. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress File Upload Advanced Uploader
NVD WPScan Exploit-DB
EPSS 1% CVSS 7.8
HIGH POC This Week

An arbitrary file upload vulnerability in the file upload module of Express Connect-Multiparty 2.2.0 allows attackers to execute arbitrary code via a crafted PDF file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Connect Multiparty
NVD GitHub
EPSS 3% CVSS 9.8
CRITICAL POC Act Now

An arbitrary file upload vulnerability in formidable v3.1.4 allows attackers to execute arbitrary code via a crafted filename. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Formidable
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

An arbitrary file upload vulnerability in the file upload module of Keystone v4.2.1 allows attackers to execute arbitrary code via a crafted file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Keystone
NVD
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

An arbitrary file upload vulnerability in the file upload module of Graphql-upload v13.0.0 allows attackers to execute arbitrary code via a crafted filename. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Graphql Upload
NVD
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

An arbitrary file upload vulnerability in the file upload module of Tiddlywiki5 v5.2.2 allows attackers to execute arbitrary code via a crafted SVG file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Tiddlywiki5
NVD GitHub VulDB
EPSS 2% CVSS 8.1
HIGH POC This Week

A file write vulnerability exists in the httpd upload.cgi functionality of InHand Networks InRouter302 V3.5.4. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Inrouter302 Firmware
NVD
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

Hospital Management System in PHP with Source Code (HMS) 1.0 was discovered to contain a File upload vulnerability in treatmentrecord.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Hospital Management System
NVD
EPSS 1% CVSS 7.2
HIGH POC This Week

An arbitrary file upload vulnerability in the Upload Photos module of Wedding Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE File Upload +1
NVD
EPSS 1% CVSS 7.2
HIGH POC This Week

An arbitrary file upload vulnerability in the New Entry module of Car Rental Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE File Upload +1
NVD
EPSS 1% CVSS 7.2
HIGH POC This Week

An issue was found in bludit v3.13.0, unsafe implementation of the backup plugin allows attackers to upload arbitrary files. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Bludit
NVD GitHub VulDB
EPSS 1% CVSS 9.8
CRITICAL Act Now

An arbitrary file upload vulnerability exists in Wenzhou Huoyin Information Technology Co., Ltd. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Bosscms
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Beijing Runnier Network Technology Co., Ltd Open virtual simulation experiment teaching management platform software 2.0 has a file upload vulnerability, which can be exploited by an attacker to gain. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Open Virtual Simulation Experiment Teaching Management Platform
NVD
EPSS 1% CVSS 6.1
MEDIUM POC PATCH This Month

Unrestructed file upload in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

File Upload Yetiforce Customer Relationship Management
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

An arbitrary file upload vulnerability in Web@rchiv 1.0 allows attackers to execute arbitrary commands via a crafted PHP file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Web Rchiv
NVD GitHub VulDB
EPSS 4% CVSS 9.8
CRITICAL POC Act Now

Sourcecodester Doctor's Appointment System 1.0 is vulnerable to File Upload to RCE via Image upload from the administrator panel. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Simple Doctor S Appointment System
NVD GitHub VulDB
EPSS 1% CVSS 7.2
HIGH POC This Week

In SpringBootMovie <=1.2, the uploaded file suffix parameter is not filtered, resulting in arbitrary file upload vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Springbootmovie
NVD GitHub
EPSS 4% CVSS 8.8
HIGH This Week

A vulnerability in the web management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to bypass security protections and upload malicious. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Cisco File Upload +1
NVD
EPSS 1% CVSS 7.2
HIGH POC This Week

The Import WP WordPress plugin before 2.4.6 does not validate the imported file in some cases, allowing high privilege users such as admin to upload arbitrary files (such as PHP), leading to RCE. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress File Upload Import Wp
NVD WPScan
EPSS 1% CVSS 8.8
HIGH This Week

Cross-Site Request Forgery (CSRF) leading to Arbitrary File Upload vulnerability in Rara One Click Demo Import plugin <= 1.2.9 on WordPress allows attackers to trick logged-in admin users into. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF File Upload WordPress +1
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

bloofoxCMS v0.5.2.1 was discovered to contain an arbitrary file upload vulnerability via /admin/index.php?mode=content&page=media&action=edit. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Bloofoxcms
NVD GitHub
EPSS 1% CVSS 8.8
HIGH This Week

ED01-CMS v20180505 was discovered to contain an arbitrary file upload vulnerability via /admin/users.php?source=edit_user&id=1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP File Upload Ed01 Cms
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

Monstaftp v2.10.3 was discovered to contain an arbitrary file upload which allows attackers to execute arbitrary code via a crafted file uploaded to the web server. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Monsta Ftp
NVD
EPSS 2% CVSS 7.8
HIGH This Week

IBM Planning Analytics Local 2.0 could allow an attacker to upload arbitrary executable files which, when executed by an unsuspecting victim could result in code execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE IBM File Upload +1
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

Typemill v1.5.3 was discovered to contain an arbitrary file upload vulnerability via the upload function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE File Upload +1
NVD GitHub
EPSS 2% CVSS 8.8
HIGH POC This Week

An arbitrary file upload vulnerability in UCMS v1.6 allows attackers to execute arbitrary code via a crafted PHP file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE File Upload +1
NVD GitHub
EPSS 24% CVSS 9.8
CRITICAL POC THREAT Act Now

Purchase Order Management System v1.0 was discovered to contain a remote code execution (RCE) vulnerability via /purchase_order/admin/?page=user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Purchase Order Management System
NVD GitHub
EPSS 20% CVSS 8.8
HIGH POC THREAT This Week

Victor v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the component admin/profile.php?section=admin. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE File Upload +1
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL Act Now

Arbitrary File Upload leading to RCE in E4J s.r.l. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP WordPress File Upload +1
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Attachments, File Upload). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Oracle Applications Framework
NVD
EPSS 93% CVSS 8.8
HIGH POC PATCH THREAT Act Now

The Elementor Website Builder plugin for WordPress is vulnerable to unauthorized execution of several AJAX actions due to a missing capability check in the ~/core/app/modules/onboarding/module.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP RCE WordPress +2
NVD
EPSS 100% CVSS 9.8
CRITICAL POC KEV THREAT Emergency

Certain WSO2 products allow unrestricted file upload with resultant remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Path Traversal +8
NVD GitHub
EPSS 1% CVSS 9.0
CRITICAL POC PATCH Act Now

Stored XSS viva .svg file upload in GitHub repository causefx/organizr prior to 2.1.1810. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS File Upload Information Disclosure +1
NVD GitHub
EPSS 3% CVSS 9.8
CRITICAL POC Act Now

An arbitrary file upload vulnerability in the file upload module of Ghost CMS v4.42.0 allows attackers to execute arbitrary code via a crafted file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Ghost
NVD GitHub VulDB
EPSS 2% CVSS 9.8
CRITICAL POC PATCH Act Now

An arbitrary file upload vulnerability in the file upload module of PayloadCMS v0.15.0 allows attackers to execute arbitrary code via a crafted SVG file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Payload
NVD GitHub
EPSS 3% CVSS 9.8
CRITICAL POC Act Now

An arbitrary file upload vulnerability in the file upload module of Strapi v4.1.5 allows attackers to execute arbitrary code via a crafted file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Strapi
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

An arbitrary file upload vulnerability in the file upload module of Skipper v0.9.1 allows attackers to execute arbitrary code via a crafted file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Skipper
NVD VulDB
EPSS 1% CVSS 7.5
HIGH POC This Week

An arbitrary file write vulnerability in Express-FileUpload v1.3.1 allows attackers to upload multiple files with the same name, causing an overwrite of files in the web application server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Express Fileupload
NVD
EPSS 3% CVSS 9.8
CRITICAL POC Act Now

An arbitrary file upload vulnerability in the file upload component of ButterCMS v1.2.8 allows attackers to execute arbitrary code via a crafted SVG file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Buttercms
NVD GitHub VulDB
EPSS 3% CVSS 9.8
CRITICAL POC Act Now

An arbitrary file upload vulnerability in the file upload module of express-fileupload 1.3.1 allows attackers to execute arbitrary code via a crafted PHP file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE File Upload +1
NVD GitHub
EPSS 4% CVSS 9.8
CRITICAL POC Act Now

An arbitrary file upload vulnerability in the file upload module of Ghost v4.39.0 allows attackers to execute arbitrary code via a crafted SVG file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Ghost
NVD
EPSS 29% CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

In Studio-42 elFinder 2.1.60, there is a vulnerability that causes remote code execution through file name bypass for file upload. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Elfinder
NVD GitHub
EPSS 2% CVSS 7.2
HIGH POC PATCH This Week

The One Click Demo Import WordPress plugin before 3.1.0 does not validate the imported file, allowing high privilege users such as admin to upload arbitrary files (such as PHP) even when FILE_MODS. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

WordPress File Upload One Click Demo Import
NVD WPScan
EPSS 2% CVSS 5.4
MEDIUM POC PATCH This Month

Stored XSS viva .svg file upload in GitHub repository polonel/trudesk prior to v1.2.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS File Upload Trudesk
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

Newbee-Mall v1.0.0 was discovered to contain an arbitrary file upload via the Upload function at /admin/goods/edit. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Newbee Mall
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

An arbitrary file upload vulnerability at /zbzedit/php/zbz.php in zbzcms v1.0 allows attackers to execute arbitrary code via a crafted PHP file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP RCE File Upload +1
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

An arbitrary file upload vulnerability at /admin/ajax.php in zbzcms v1.0 allows attackers to execute arbitrary code via a crafted PHP file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP RCE File Upload +1
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

mogu_blog_cms 5.2 suffers from upload arbitrary files without any limitation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Mogu Blog Cms
NVD GitHub
EPSS 3% CVSS 9.8
CRITICAL POC Act Now

Ecommerce-Website v1 was discovered to contain an arbitrary file upload vulnerability via /customer_register.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE File Upload +1
NVD GitHub
EPSS 3% CVSS 8.8
HIGH POC This Week

Simple House Rental System v1 was discovered to contain an arbitrary file upload vulnerability via /app/register.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE File Upload +1
NVD GitHub
EPSS 3% CVSS 9.8
CRITICAL POC Act Now

Zoo Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via /public_html/apply_vacancy. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE File Upload +1
NVD GitHub
EPSS 2% CVSS 7.2
HIGH POC This Week

Social Codia SMS v1 was discovered to contain an arbitrary file upload vulnerability via addteacher.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE File Upload +1
NVD GitHub
EPSS 3% CVSS 8.8
HIGH POC This Week

Ecommece-Website v1.1.0 was discovered to contain an arbitrary file upload vulnerability via /admin/index.php?slides. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE File Upload +1
NVD GitHub
EPSS 3% CVSS 8.8
HIGH POC This Week

Musical World v1 was discovered to contain an arbitrary file upload vulnerability via uploaded_songs.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE File Upload +1
NVD GitHub
EPSS 3% CVSS 7.2
HIGH POC This Week

AeroCMS v0.0.1 was discovered to contain an arbitrary file upload vulnerability via the Post Image function under the Admin panel. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE File Upload +1
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

Online Project Time Management System v1.0 was discovered to contain an arbitrary file write vulnerability which allows attackers to execute arbitrary code via a crafted HTML file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Online Project Time Management System
NVD GitHub
EPSS 2% CVSS 7.2
HIGH POC This Week

A remote code execution (RCE) vulnerability in baigo CMS v3.0-alpha-2 was discovered to allow attackers to execute arbitrary code via uploading a crafted PHP file. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE PHP +1
NVD GitHub VulDB
EPSS 1% CVSS 8.8
HIGH POC This Week

eZiosuite v2.0.7 contains an authenticated arbitrary file upload via the Avatar upload functionality. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Eziosuite
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

Jellycms v3.8.1 and below was discovered to contain an arbitrary file upload vulnerability via \app.\admin\Controllers\db.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Jellycms
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC This Week

Halo Blog CMS v1.4.17 was discovered to allow attackers to upload arbitrary files via the Attachment Upload function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Halo
NVD GitHub
EPSS 1% CVSS 7.2
HIGH POC This Week

The MapPress Maps for WordPress plugin before 2.73.13 allows a high privileged user to bypass the DISALLOW_FILE_EDIT and DISALLOW_FILE_MODS settings and upload arbitrary files to the site through the. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP WordPress File Upload +1
NVD WPScan
EPSS 1% CVSS 8.1
HIGH POC This Week

The Library File Manager WordPress plugin before 5.2.3 is using an outdated version of the elFinder library, which is know to be affected by security issues (CVE-2021-32682), and does not have any. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress File Upload +1
NVD WPScan
EPSS 2% CVSS 8.8
HIGH POC This Week

Car Rental System v1.0 contains an arbitrary file upload vulnerability via the Add Car component which allows attackers to upload a webshell and execute arbitrary code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Online Car Rental System
NVD GitHub
EPSS 2% CVSS 8.8
HIGH POC This Week

An unrestricted file upload at /public/admin/index.php?add_product of Ecommerce-Website v1.1.0 allows attackers to upload a webshell via the Product Image component. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Ecommerce Website
NVD GitHub
EPSS 5% CVSS 8.8
HIGH POC This Week

An unrestricted file upload vulnerability in IdeaRE RefTree before 2021.09.17 allows remote authenticated users to execute arbitrary code by using UploadDwg to upload a crafted aspx file to the web. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Reftree
NVD
EPSS 1% CVSS 7.2
HIGH PATCH This Week

Dell Wyse Management Suite versions 2.0 through 3.5.2 contain an unrestricted file upload vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

RCE Dell File Upload +1
NVD
EPSS 4% CVSS 9.8
CRITICAL PATCH Act Now

RaspberryMatic is a free and open-source operating system for running a cloud-free smart-home using the homematicIP / HomeMatic hardware line of IoT devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

RCE Command Injection File Upload +1
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

Hospital Management System v1.0 is affected by an unrestricted upload of dangerous file type vulerability in treatmentrecord.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Hospital Management System
NVD GitHub
EPSS 3% CVSS 9.8
CRITICAL POC Act Now

A remote code execution (RCE) vulnerability in Online Banking System Protect v1.0 allows attackers to execute arbitrary code via a crafted PHP file uploaded through the Upload Image function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE PHP +1
NVD GitHub
EPSS 1% CVSS 7.2
HIGH This Week

Tekon KIO devices through 2022-03-30 allow an authenticated admin user to escalate privileges to root by uploading a malicious Lua plugin. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Kio Firmware Kio 1M Firmware +6
NVD
EPSS 20% CVSS 9.8
CRITICAL KEV PATCH THREAT Act Now

An arbitrary file upload vulnerability in Trend Micro Apex Central could allow an unauthenticated remote attacker to upload an arbitrary file which could lead to remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE File Upload Trend Micro +2
NVD
EPSS 14% CVSS 5.4
MEDIUM POC PATCH THREAT This Month

The Drag and Drop Multiple File Upload WordPress plugin before 1.3.6.3 allows SVG files to be uploaded by default via the dnd_codedropz_upload AJAX action, which could lead to Stored Cross-Site. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS File Upload WordPress +1
NVD WPScan
EPSS 3% CVSS 8.8
HIGH POC This Week

The web management console of CheckMK Enterprise Edition (versions 1.5.0 to 2.0.0p9) does not properly sanitise the uploading of ".mkp" files, which are Extension Packages, making remote code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Checkmk
NVD GitHub VulDB
EPSS 1% CVSS 8.6
HIGH This Week

Improper Input Validation vulnerability in project file upload in Nozomi Networks Guardian and CMC allows an authenticated attacker with admin or import manager roles to execute unattended commands. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Cmc Guardian
NVD
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

An arbitrary file upload vulnerability in the File Management function module of taoCMS v3.0.2 allows attackers to execute arbitrary code via a crafted PHP file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE File Upload +1
NVD GitHub
EPSS 1% CVSS 9.1
CRITICAL PATCH Act Now

VMware Carbon Black App Control (8.5.x prior to 8.5.14, 8.6.x prior to 8.6.6, 8.7.x prior to 8.7.4 and 8.8.x prior to 8.8.2) contains a file upload vulnerability. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

VMware Microsoft File Upload +1
NVD
EPSS 9% CVSS 9.8
CRITICAL POC Act Now

The Ninja Forms - File Uploads Extension WordPress plugin is vulnerable to arbitrary file uploads due to insufficient input file type validation found in the ~/includes/ajax/controllers/uploads.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE WordPress +2
NVD GitHub VulDB
Prev Page 33 of 45 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy