Skip to main content

File Upload

4034 CVEs technique

Monthly

CVE-2022-1033 HIGH POC PATCH This Week

Unrestricted Upload of File with Dangerous Type in GitHub repository crater-invoice/crater prior to 6.0.6. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

File Upload Crater
NVD GitHub
CVSS 3.1
7.8
EPSS
0.9%
CVE-2022-1034 PHP HIGH POC PATCH This Week

There is a Unrestricted Upload of File vulnerability in ShowDoc v2.10.3 in GitHub repository star7th/showdoc prior to 2.10.4. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

File Upload Showdoc
NVD GitHub
CVSS 3.1
7.2
EPSS
1.5%
CVE-2022-23346 HIGH POC This Week

BigAnt Software BigAnt Server v5.6.06 was discovered to contain incorrect access control issues. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Bigant Server
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.6%
CVE-2022-0687 HIGH POC This Week

The Amelia WordPress plugin before 1.0.47 stores image blobs into actual files whose extension is controlled by the user, which may lead to PHP backdoors being uploaded onto the site. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP WordPress File Upload Amelia
NVD WPScan
CVSS 3.1
8.8
EPSS
1.4%
CVE-2022-25581 HIGH POC This Week

Classcms v2.5 and below contains an arbitrary file upload via the component \class\classupload. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Classcms
NVD GitHub
CVSS 3.1
7.8
EPSS
1.1%
CVE-2022-25602 HIGH This Week

Nonce token leak vulnerability leading to arbitrary file upload, theme deletion, plugin settings change discovered in Responsive Menu WordPress plugin (versions <= 4.1.7). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress File Upload Information Disclosure Responsive Menu
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2021-45834 CRITICAL POC Act Now

An attacker can upload or transfer files of dangerous types to the OpenDocMan 1.4.4 portal via add.php using MIME-bypass, which may be automatically processed within the product's environment or lead. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE PHP Opendocman
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
2.2%
CVE-2022-26965 HIGH POC THREAT This Week

In Pluck 4.7.16, an admin user can use the theme upload functionality at /admin.php?action=themeinstall to perform remote code execution. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE File Upload Pluck
NVD Exploit-DB
CVSS 3.1
7.2
EPSS
37.7%
CVE-2022-0959 PyPI MEDIUM PATCH This Month

A malicious, but authorised and authenticated user can construct an HTTP request using their existing CSRF token and session cookie to manually upload files to any location that the operating system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

CSRF File Upload Pgadmin 4
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2022-25495 CRITICAL POC Act Now

The component /jquery_file_upload/server/php/index.php of CuppaCMS v1.0 allows attackers to upload arbitrary files and execute arbitrary code via a crafted PHP file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE File Upload Cuppacms
NVD GitHub
CVSS 3.1
9.8
EPSS
2.0%
CVE-2022-25487 CRITICAL POC THREAT Act Now

Atom CMS v2.0 was discovered to contain a remote code execution (RCE) vulnerability via /admin/uploads.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE File Upload Atomcms
NVD GitHub
CVSS 3.1
9.8
EPSS
54.8%
CVE-2022-0967 PHP MEDIUM POC PATCH This Month

Stored XSS via File Upload in star7th/showdoc in star7th/showdoc in GitHub repository star7th/showdoc prior to 2.10.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS File Upload Showdoc
NVD GitHub Exploit-DB
CVSS 3.1
5.4
EPSS
3.3%
CVE-2022-0966 PHP MEDIUM POC PATCH This Month

Stored XSS via File Upload in star7th/showdoc in GitHub repository star7th/showdoc prior to 2.4.10. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS File Upload Showdoc
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-0965 PHP MEDIUM POC PATCH This Month

Stored XSS viva .ofd file upload in GitHub repository star7th/showdoc prior to 2.10.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS File Upload Showdoc
NVD GitHub
CVSS 3.1
5.4
EPSS
0.9%
CVE-2022-0964 PHP MEDIUM POC PATCH This Month

Stored XSS viva .webmv file upload in GitHub repository star7th/showdoc prior to 2.10.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS File Upload Showdoc
NVD GitHub
CVSS 3.1
5.4
EPSS
0.8%
CVE-2022-0942 PHP MEDIUM POC PATCH This Month

Stored XSS due to Unrestricted File Upload in GitHub repository star7th/showdoc prior to 2.10.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS File Upload Showdoc
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2022-0957 PHP MEDIUM POC PATCH This Month

Stored XSS via File Upload in GitHub repository star7th/showdoc prior to 2.10.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS File Upload Showdoc
NVD GitHub
CVSS 3.1
5.4
EPSS
0.8%
CVE-2022-0956 PHP MEDIUM POC PATCH This Month

Stored XSS via File Upload in GitHub repository star7th/showdoc prior to v.2.10.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS File Upload Showdoc
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2022-0951 PHP MEDIUM POC PATCH This Month

File Upload Restriction Bypass leading to Stored XSS Vulnerability in GitHub repository star7th/showdoc prior to 2.10.4. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS File Upload Showdoc
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2022-0950 PHP MEDIUM POC PATCH This Month

Unrestricted Upload of File with Dangerous Type in GitHub repository star7th/showdoc prior to 2.10.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

File Upload Showdoc
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-0945 PHP MEDIUM POC PATCH This Month

Stored XSS viva axd and cshtml file upload in star7th/showdoc in GitHub repository star7th/showdoc prior to v2.10.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS File Upload Showdoc
NVD GitHub
CVSS 3.1
5.4
EPSS
0.8%
CVE-2022-0962 PHP MEDIUM POC PATCH This Month

Stored XSS viva .webma file upload in GitHub repository star7th/showdoc prior to 2.10.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS File Upload Showdoc
NVD GitHub
CVSS 3.1
5.4
EPSS
0.9%
CVE-2022-0960 PHP MEDIUM POC PATCH This Month

Stored XSS viva .properties file upload in GitHub repository star7th/showdoc prior to 2.10.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS File Upload Showdoc
NVD GitHub
CVSS 3.1
5.4
EPSS
0.8%
CVE-2022-0946 PHP MEDIUM POC PATCH This Month

Stored XSS viva cshtm file upload in GitHub repository star7th/showdoc prior to v2.10.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS File Upload Showdoc
NVD GitHub
CVSS 3.1
5.4
EPSS
0.8%
CVE-2022-24387 HIGH This Week

With administrator or admin privileges the application can be tricked into overwriting files in app_data/Config folder, e.g. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Smartertrack
NVD
CVSS 3.1
7.2
EPSS
2.0%
CVE-2022-0941 PHP MEDIUM POC PATCH This Month

Stored XSS due to Unrestricted File Upload in GitHub repository star7th/showdoc prior to v2.10.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS File Upload Showdoc
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-0940 PHP MEDIUM POC PATCH This Month

Stored XSS due to Unrestricted File Upload in GitHub repository star7th/showdoc prior to v2.10.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS File Upload Showdoc
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-0938 PHP MEDIUM POC PATCH This Month

Stored XSS via file upload in GitHub repository star7th/showdoc prior to v2.10.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS File Upload Showdoc
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-0937 PHP MEDIUM POC PATCH This Month

Stored xss in showdoc through file upload in GitHub repository star7th/showdoc prior to 2.10.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS File Upload Showdoc
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-0930 PHP MEDIUM POC PATCH This Month

File upload filter bypass leading to stored XSS in GitHub repository microweber/microweber prior to 1.2.12. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS File Upload Microweber
NVD GitHub
CVSS 3.1
4.8
EPSS
0.9%
CVE-2022-0926 PHP MEDIUM POC PATCH This Month

File upload filter bypass leading to stored XSS in GitHub repository microweber/microweber prior to 1.2.12. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS File Upload Microweber
NVD GitHub
CVSS 3.1
4.8
EPSS
0.8%
CVE-2022-0912 PHP MEDIUM POC PATCH This Month

Unrestricted Upload of File with Dangerous Type in GitHub repository microweber/microweber prior to 1.2.11. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

File Upload Microweber
NVD GitHub
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-26521 HIGH POC This Week

Abantecart through 1.3.2 allows remote authenticated administrators to execute arbitrary code by uploading an executable file, because the Catalog>Media Manager>Images settings can be changed by an. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE File Upload Abantecart
NVD GitHub Exploit-DB
CVSS 3.1
7.2
EPSS
9.6%
CVE-2022-24652 CRITICAL POC Act Now

sentcms 4.0.x allows remote attackers to cause arbitrary file uploads through an unauthorized file upload interface, resulting in php code execution in /admin/upload/upload. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE File Upload Sentcms
NVD
CVSS 3.1
9.8
EPSS
2.5%
CVE-2022-24651 CRITICAL POC Act Now

sentcms 4.0.x allows remote attackers to cause arbitrary file uploads through an unauthorized file upload interface, resulting in PHP code execution through /user/upload/upload. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE File Upload Sentcms
NVD
CVSS 3.1
9.8
EPSS
2.5%
CVE-2022-0906 PHP MEDIUM POC PATCH This Month

Unrestricted file upload leads to stored XSS in GitHub repository microweber/microweber prior to 1.1.12. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS File Upload Microweber
NVD GitHub
CVSS 3.1
4.8
EPSS
0.6%
CVE-2022-0440 HIGH POC This Week

The Catch Themes Demo Import WordPress plugin before 2.1.1 does not validate one of the file to be imported, which could allow high privivilege admin to upload an arbitrary PHP file and gain RCE even. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP WordPress File Upload Catch Themes Demo Import
NVD WPScan
CVSS 3.1
7.2
EPSS
1.4%
CVE-2022-25115 HIGH POC This Week

A remote code execution (RCE) vulnerability in the Avatar parameter under /admin/?page=user/manage_user of Home Owners Collection Management System v1.0 allows attackers to execute arbitrary code via. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Home Owners Collection Management System
NVD GitHub
CVSS 3.1
7.8
EPSS
1.5%
CVE-2022-25016 CRITICAL POC Act Now

Home Owners Collection Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via the component /student_attendance/index.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE File Upload Home Owners Collection Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2022-24254 HIGH POC This Week

An unrestricted file upload vulnerability in the Backup/Restore Archive component of Extensis Portfolio v4.0 allows remote attackers to execute arbitrary code via a crafted ZIP file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Portfolio
NVD VulDB
CVSS 3.1
8.8
EPSS
2.9%
CVE-2022-24253 HIGH POC This Week

Extensis Portfolio v4.0 was discovered to contain an authenticated unrestricted file upload vulnerability via the component AdminFileTransferServlet. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Portfolio
NVD VulDB
CVSS 3.1
8.8
EPSS
1.6%
CVE-2022-24252 HIGH POC This Week

An unrestricted file upload vulnerability in the FileTransferServlet component of Extensis Portfolio v4.0 allows remote attackers to execute arbitrary code via a crafted file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Portfolio
NVD VulDB
CVSS 3.1
8.8
EPSS
2.9%
CVE-2022-24251 HIGH POC This Week

Extensis Portfolio v4.0 was discovered to contain an authenticated unrestricted file upload vulnerability via the Catalog Asset Upload function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Portfolio
NVD VulDB
CVSS 3.1
8.8
EPSS
1.6%
CVE-2022-25411 CRITICAL POC Act Now

A Remote Code Execution (RCE) vulnerability at /admin/options in Maxsite CMS v180 allows attackers to execute arbitrary code via a crafted PHP file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE File Upload Maxsite Cms
NVD GitHub
CVSS 3.1
9.8
EPSS
2.8%
CVE-2022-23906 HIGH POC This Week

CMS Made Simple v2.2.15 was discovered to contain a Remote Command Execution (RCE) vulnerability via the upload avatar function. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Cms Made Simple
NVD
CVSS 3.1
7.2
EPSS
2.1%
CVE-2022-26149 PHP HIGH POC This Week

MODX Revolution through 2.8.3-pl allows remote authenticated administrators to execute arbitrary code by uploading an executable file, because the Uploadable File Types setting can be changed by an. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Revolution
NVD GitHub Exploit-DB
CVSS 3.1
7.2
EPSS
9.3%
CVE-2022-25360 HIGH This Week

WatchGuard Firebox and XTM appliances allow an authenticated remote attacker with unprivileged credentials to upload files to arbitrary locations. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Watchguard File Upload Fireware
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2022-23043 PHP HIGH POC PATCH This Week

Zenario CMS 9.2 allows an authenticated admin user to bypass the file upload restriction by creating a new 'File/MIME Types' using the '.phar' extension. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

File Upload Zenario
NVD GitHub
CVSS 3.1
7.2
EPSS
1.4%
CVE-2022-24553 CRITICAL POC Act Now

An issue was found in Zfaka <= 1.4.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Zfaka
NVD GitHub
CVSS 3.1
9.8
EPSS
2.7%
CVE-2022-23375 HIGH POC THREAT This Week

WikiDocs version 0.1.18 has an authenticated remote code execution vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE File Upload Wikidocs
NVD GitHub
CVSS 3.1
8.8
EPSS
19.9%
CVE-2022-0409 PHP HIGH POC PATCH This Week

Unrestricted Upload of File with Dangerous Type in Packagist showdoc/showdoc prior to 2.10.2. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

File Upload Showdoc
NVD GitHub
CVSS 3.1
7.8
EPSS
0.9%
CVE-2021-46116 HIGH POC This Week

jpress 4.2.0 is vulnerable to remote code execution via io.jpress.web.admin._TemplateController#doInstall. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Jpress
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
2.5%
CVE-2021-46115 HIGH POC This Week

jpress 4.2.0 is vulnerable to RCE via io.jpress.web.admin._TemplateController#doUploadFile. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Jpress
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
1.3%
CVE-2021-45808 HIGH POC This Week

jpress v4.2.0 allows users to register an account by default. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Jpress
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.6%
CVE-2021-43856 MEDIUM POC PATCH This Month

Wiki.js is a wiki app built on Node.js. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Node.js XSS File Upload Wiki Js
NVD GitHub
CVSS 3.1
5.4
EPSS
0.9%
CVE-2021-43855 MEDIUM POC PATCH This Month

Wiki.js is a wiki app built on node.js. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Node.js XSS File Upload Wiki Js
NVD GitHub
CVSS 3.1
5.4
EPSS
0.9%
CVE-2021-21879 HIGH POC This Week

A directory traversal vulnerability exists in the Web Manager File Upload functionality of Lantronix PremierWave 2050 8.9.0.0R4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal File Upload Premierwave 2050
NVD
CVSS 3.1
8.8
EPSS
3.7%
CVE-2021-44031 CRITICAL Act Now

An issue was discovered in Quest KACE Desktop Authority before 11.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE File Upload Kace Desktop Authority
NVD
CVSS 3.1
9.8
EPSS
2.1%
CVE-2021-24981 HIGH POC This Week

The Directorist WordPress plugin before 7.0.6.2 was vulnerable to Cross-Site Request Forgery to Remote File Upload leading to arbitrary PHP shell uploads in the wp-content/plugins directory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

CSRF WordPress PHP File Upload Directorist
NVD WPScan
CVSS 3.1
7.5
EPSS
0.8%
CVE-2021-43842 MEDIUM PATCH This Month

Wiki.js is a wiki app built on Node.js. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Node.js Docker XSS File Upload Wiki Js
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2021-35244 HIGH This Week

The "Log alert to a file" action within action management enables any Orion Platform user with Orion alert management rights to write to any file. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE File Upload Orion Platform
NVD
CVSS 3.1
7.2
EPSS
5.8%
CVE-2021-44164 CRITICAL Act Now

Chain Sea ai chatbot system’s file upload function has insufficient filtering for special characters in URLs, which allows a remote attacker to by-pass file type validation, upload malicious script. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE File Upload Qb Smart Service Robot
NVD
CVSS 3.1
9.8
EPSS
2.1%
CVE-2021-44159 CRITICAL Act Now

4MOSAn GCB Doctor’s file upload function has improper user privilege control. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE File Upload Gcb Doctor
NVD
CVSS 3.1
9.8
EPSS
3.4%
CVE-2021-41560 CRITICAL POC PATCH THREAT Act Now

OpenCATS through 0.9.6 allows remote attackers to execute arbitrary code by uploading an executable file via lib/FileUtility.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE PHP File Upload Opencats
NVD GitHub
CVSS 3.1
9.8
EPSS
11.1%
CVE-2021-41870 HIGH This Week

An issue was discovered in the firmware update form in Socomec REMOTE VIEW PRO 2.0.41.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP File Upload Remote View Pro Firmware
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2021-43829 HIGH POC PATCH THREAT This Week

PatrOwl is a free and open-source solution for orchestrating Security Operations. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS File Upload Patrowlmanager
NVD GitHub
CVSS 3.1
8.8
EPSS
59.2%
CVE-2021-40883 CRITICAL POC Act Now

A Remote Code Execution (RCE) vulnerability exists in emlog 5.3.1 via content/plugins. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Emlog
NVD GitHub
CVSS 3.1
9.8
EPSS
3.0%
CVE-2021-43117 CRITICAL POC Act Now

fastadmin v1.2.1 is affected by a file upload vulnerability which allows arbitrary code execution through shell access. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Fastadmin
NVD GitHub
CVSS 3.1
9.8
EPSS
2.1%
CVE-2021-27984 HIGH POC This Week

In Pluck-4.7.15 admin background a remote command execution vulnerability exists when uploading files. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

File Upload Pluck
NVD GitHub
CVSS 3.1
8.1
EPSS
2.5%
CVE-2021-36719 HIGH This Week

PineApp - Mail Secure - The attacker must be logged in as a user to the Pineapp system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP File Upload Mail Secure
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2021-27860 HIGH POC KEV THREAT This Week

A vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p92 and 10.2.2r44p1 allows a remote, unauthenticated attacker to upload a file to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Ipvpn Firmware Warp Firmware Mpvpn Firmware
NVD
CVSS 3.1
8.8
EPSS
39.8%
CVE-2021-42133 HIGH This Week

An exposed dangerous function vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform an arbitrary file write. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Ivanti Avalanche
NVD
CVSS 3.1
8.1
EPSS
2.8%
CVE-2021-42125 HIGH This Week

An unrestricted file upload vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to write dangerous files. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization File Upload Ivanti Avalanche
NVD
CVSS 3.1
8.8
EPSS
81.6%
CVE-2021-43936 CRITICAL POC PATCH THREAT Act Now

The software allows the attacker to upload or transfer files of dangerous types to the WebHMI portal, that may be automatically processed within the product's environment or lead to arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE File Upload Webhmi Firmware
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
35.8%
CVE-2021-23562 npm HIGH PATCH This Week

This affects the package plupload before 2.3.9. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload Plupload
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2021-25967 PyPI MEDIUM PATCH This Month

In CKAN, versions 2.9.0 to 2.9.3 are affected by a stored XSS vulnerability via SVG file upload of users’ profile picture. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS File Upload Ckan
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-42099 CRITICAL Act Now

Zoho ManageEngine M365 Manager Plus before 4421 is vulnerable to file-upload remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Zoho File Upload Manageengine M365 Manager Plus
NVD
CVSS 3.1
9.8
EPSS
6.5%
CVE-2021-42123 HIGH This Week

Unrestricted File Upload in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 in the File Upload Functions allows an authenticated remote attacker with. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Topease
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2021-44094 HIGH POC This Week

ZrLog 2.2.2 has a remote command execution vulnerability at plugin download function, it could execute any JAR file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Zrlog
NVD GitHub
CVSS 3.1
7.8
EPSS
1.4%
CVE-2021-44093 CRITICAL POC Act Now

A Remote Command Execution vulnerability on the background in zrlog 2.2.2, at the upload avatar function, could bypass the original limit, upload the JSP file to get a WebShell. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Zrlog
NVD GitHub
CVSS 3.1
9.8
EPSS
2.5%
CVE-2021-22968 PHP HIGH POC PATCH This Week

A bypass of adding remote files in Concrete CMS (previously concrete5) File Manager leads to remote code execution in Concrete CMS (concrete5) versions 8.5.6 and below.The external file upload. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

LFI RCE PHP File Upload Concrete Cms
NVD
CVSS 3.1
7.2
EPSS
3.1%
CVE-2021-42362 HIGH POC PATCH THREAT Act Now

The WordPress Popular Posts WordPress plugin is vulnerable to arbitrary file uploads due to insufficient input file type validation found in the ~/src/Image.php file which makes it possible for. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

WordPress RCE PHP File Upload Wordpress Popular Posts
NVD GitHub WPScan Exploit-DB
CVSS 3.1
8.8
EPSS
79.8%
CVE-2021-42580 CRITICAL POC Act Now

Sourcecodester Online Learning System 2.0 is vunlerable to sql injection authentication bypass in admin login file (/admin/login.php) and authenticated file upload in (Master.php) file , we can craft. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP File Upload Authentication Bypass Online Learning System
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
10.0%
CVE-2021-42839 HIGH This Week

Grand Vice info Co. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE File Upload Webopac
NVD
CVSS 3.1
8.8
EPSS
2.4%
CVE-2021-43617 CRITICAL POC PATCH THREAT Act Now

Laravel Framework through 8.70.2 does not sufficiently block the upload of executable PHP content because Illuminate/Validation/Concerns/ValidatesAttributes.php lacks a check for .phar files, which. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

Debian PHP File Upload Framework
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
19.8%
CVE-2021-3915 PHP MEDIUM POC PATCH This Month

bookstack is vulnerable to Unrestricted Upload of File with Dangerous Type. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

File Upload Bookstack
NVD GitHub
CVSS 3.1
5.7
EPSS
0.9%
CVE-2021-41833 CRITICAL PATCH Act Now

Zoho ManageEngine Patch Connect Plus before 90099 is vulnerable to unauthenticated remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

RCE Zoho File Upload Manageengine Patch Connect Plus
NVD
CVSS 3.1
9.8
EPSS
7.8%
CVE-2021-25975 Ruby MEDIUM PATCH This Month

In publify, versions v8.0 to v9.2.4 are vulnerable to stored XSS as a result of an unrestricted file upload. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS File Upload Publify
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-28023 CRITICAL POC Act Now

Arbitrary file upload in Service import feature in ServiceTonic Helpdesk software version < 9.0.35937 allows a malicious user to execute JSP code by uploading a zip that extracts files in relative. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Servicetonic
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2021-34685 HIGH POC This Week

UploadService in Hitachi Vantara Pentaho Business Analytics through 9.1 does not properly verify uploaded user files, which allows an authenticated user to upload various files of different file. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Vantara Pentaho
NVD
CVSS 3.1
7.2
EPSS
2.2%
EPSS 1% CVSS 7.8
HIGH POC PATCH This Week

Unrestricted Upload of File with Dangerous Type in GitHub repository crater-invoice/crater prior to 6.0.6. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

File Upload Crater
NVD GitHub
EPSS 1% CVSS 7.2
HIGH POC PATCH This Week

There is a Unrestricted Upload of File vulnerability in ShowDoc v2.10.3 in GitHub repository star7th/showdoc prior to 2.10.4. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

File Upload Showdoc
NVD GitHub
EPSS 2% CVSS 8.8
HIGH POC This Week

BigAnt Software BigAnt Server v5.6.06 was discovered to contain incorrect access control issues. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Bigant Server
NVD GitHub VulDB
EPSS 1% CVSS 8.8
HIGH POC This Week

The Amelia WordPress plugin before 1.0.47 stores image blobs into actual files whose extension is controlled by the user, which may lead to PHP backdoors being uploaded onto the site. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP WordPress File Upload +1
NVD WPScan
EPSS 1% CVSS 7.8
HIGH POC This Week

Classcms v2.5 and below contains an arbitrary file upload via the component \class\classupload. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Classcms
NVD GitHub
EPSS 1% CVSS 8.8
HIGH This Week

Nonce token leak vulnerability leading to arbitrary file upload, theme deletion, plugin settings change discovered in Responsive Menu WordPress plugin (versions <= 4.1.7). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress File Upload Information Disclosure +1
NVD
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

An attacker can upload or transfer files of dangerous types to the OpenDocMan 1.4.4 portal via add.php using MIME-bypass, which may be automatically processed within the product's environment or lead. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE PHP +1
NVD GitHub VulDB
EPSS 38% CVSS 7.2
HIGH POC THREAT This Week

In Pluck 4.7.16, an admin user can use the theme upload functionality at /admin.php?action=themeinstall to perform remote code execution. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE File Upload +1
NVD Exploit-DB
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

A malicious, but authorised and authenticated user can construct an HTTP request using their existing CSRF token and session cookie to manually upload files to any location that the operating system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

CSRF File Upload Pgadmin 4
NVD
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

The component /jquery_file_upload/server/php/index.php of CuppaCMS v1.0 allows attackers to upload arbitrary files and execute arbitrary code via a crafted PHP file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE File Upload +1
NVD GitHub
EPSS 55% CVSS 9.8
CRITICAL POC THREAT Act Now

Atom CMS v2.0 was discovered to contain a remote code execution (RCE) vulnerability via /admin/uploads.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE File Upload +1
NVD GitHub
EPSS 3% CVSS 5.4
MEDIUM POC PATCH This Month

Stored XSS via File Upload in star7th/showdoc in star7th/showdoc in GitHub repository star7th/showdoc prior to 2.10.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS File Upload Showdoc
NVD GitHub Exploit-DB
EPSS 1% CVSS 5.4
MEDIUM POC PATCH This Month

Stored XSS via File Upload in star7th/showdoc in GitHub repository star7th/showdoc prior to 2.4.10. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS File Upload Showdoc
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC PATCH This Month

Stored XSS viva .ofd file upload in GitHub repository star7th/showdoc prior to 2.10.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS File Upload Showdoc
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC PATCH This Month

Stored XSS viva .webmv file upload in GitHub repository star7th/showdoc prior to 2.10.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS File Upload Showdoc
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC PATCH This Month

Stored XSS due to Unrestricted File Upload in GitHub repository star7th/showdoc prior to 2.10.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS File Upload Showdoc
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC PATCH This Month

Stored XSS via File Upload in GitHub repository star7th/showdoc prior to 2.10.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS File Upload Showdoc
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC PATCH This Month

Stored XSS via File Upload in GitHub repository star7th/showdoc prior to v.2.10.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS File Upload Showdoc
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM POC PATCH This Month

File Upload Restriction Bypass leading to Stored XSS Vulnerability in GitHub repository star7th/showdoc prior to 2.10.4. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS File Upload Showdoc
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC PATCH This Month

Unrestricted Upload of File with Dangerous Type in GitHub repository star7th/showdoc prior to 2.10.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

File Upload Showdoc
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC PATCH This Month

Stored XSS viva axd and cshtml file upload in star7th/showdoc in GitHub repository star7th/showdoc prior to v2.10.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS File Upload Showdoc
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC PATCH This Month

Stored XSS viva .webma file upload in GitHub repository star7th/showdoc prior to 2.10.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS File Upload Showdoc
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC PATCH This Month

Stored XSS viva .properties file upload in GitHub repository star7th/showdoc prior to 2.10.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS File Upload Showdoc
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC PATCH This Month

Stored XSS viva cshtm file upload in GitHub repository star7th/showdoc prior to v2.10.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS File Upload Showdoc
NVD GitHub
EPSS 2% CVSS 7.2
HIGH This Week

With administrator or admin privileges the application can be tricked into overwriting files in app_data/Config folder, e.g. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Smartertrack
NVD
EPSS 1% CVSS 5.4
MEDIUM POC PATCH This Month

Stored XSS due to Unrestricted File Upload in GitHub repository star7th/showdoc prior to v2.10.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS File Upload Showdoc
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC PATCH This Month

Stored XSS due to Unrestricted File Upload in GitHub repository star7th/showdoc prior to v2.10.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS File Upload Showdoc
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC PATCH This Month

Stored XSS via file upload in GitHub repository star7th/showdoc prior to v2.10.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS File Upload Showdoc
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC PATCH This Month

Stored xss in showdoc through file upload in GitHub repository star7th/showdoc prior to 2.10.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS File Upload Showdoc
NVD GitHub
EPSS 1% CVSS 4.8
MEDIUM POC PATCH This Month

File upload filter bypass leading to stored XSS in GitHub repository microweber/microweber prior to 1.2.12. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS File Upload Microweber
NVD GitHub
EPSS 1% CVSS 4.8
MEDIUM POC PATCH This Month

File upload filter bypass leading to stored XSS in GitHub repository microweber/microweber prior to 1.2.12. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS File Upload Microweber
NVD GitHub
EPSS 1% CVSS 4.8
MEDIUM POC PATCH This Month

Unrestricted Upload of File with Dangerous Type in GitHub repository microweber/microweber prior to 1.2.11. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

File Upload Microweber
NVD GitHub
EPSS 10% CVSS 7.2
HIGH POC This Week

Abantecart through 1.3.2 allows remote authenticated administrators to execute arbitrary code by uploading an executable file, because the Catalog>Media Manager>Images settings can be changed by an. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE File Upload +1
NVD GitHub Exploit-DB
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

sentcms 4.0.x allows remote attackers to cause arbitrary file uploads through an unauthorized file upload interface, resulting in php code execution in /admin/upload/upload. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE File Upload +1
NVD
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

sentcms 4.0.x allows remote attackers to cause arbitrary file uploads through an unauthorized file upload interface, resulting in PHP code execution through /user/upload/upload. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE File Upload +1
NVD
EPSS 1% CVSS 4.8
MEDIUM POC PATCH This Month

Unrestricted file upload leads to stored XSS in GitHub repository microweber/microweber prior to 1.1.12. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS File Upload Microweber
NVD GitHub
EPSS 1% CVSS 7.2
HIGH POC This Week

The Catch Themes Demo Import WordPress plugin before 2.1.1 does not validate one of the file to be imported, which could allow high privivilege admin to upload an arbitrary PHP file and gain RCE even. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP WordPress File Upload +1
NVD WPScan
EPSS 2% CVSS 7.8
HIGH POC This Week

A remote code execution (RCE) vulnerability in the Avatar parameter under /admin/?page=user/manage_user of Home Owners Collection Management System v1.0 allows attackers to execute arbitrary code via. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Home Owners Collection Management System
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

Home Owners Collection Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via the component /student_attendance/index.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE File Upload +1
NVD GitHub
EPSS 3% CVSS 8.8
HIGH POC This Week

An unrestricted file upload vulnerability in the Backup/Restore Archive component of Extensis Portfolio v4.0 allows remote attackers to execute arbitrary code via a crafted ZIP file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Portfolio
NVD VulDB
EPSS 2% CVSS 8.8
HIGH POC This Week

Extensis Portfolio v4.0 was discovered to contain an authenticated unrestricted file upload vulnerability via the component AdminFileTransferServlet. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Portfolio
NVD VulDB
EPSS 3% CVSS 8.8
HIGH POC This Week

An unrestricted file upload vulnerability in the FileTransferServlet component of Extensis Portfolio v4.0 allows remote attackers to execute arbitrary code via a crafted file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Portfolio
NVD VulDB
EPSS 2% CVSS 8.8
HIGH POC This Week

Extensis Portfolio v4.0 was discovered to contain an authenticated unrestricted file upload vulnerability via the Catalog Asset Upload function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Portfolio
NVD VulDB
EPSS 3% CVSS 9.8
CRITICAL POC Act Now

A Remote Code Execution (RCE) vulnerability at /admin/options in Maxsite CMS v180 allows attackers to execute arbitrary code via a crafted PHP file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE File Upload +1
NVD GitHub
EPSS 2% CVSS 7.2
HIGH POC This Week

CMS Made Simple v2.2.15 was discovered to contain a Remote Command Execution (RCE) vulnerability via the upload avatar function. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Cms Made Simple
NVD
EPSS 9% CVSS 7.2
HIGH POC This Week

MODX Revolution through 2.8.3-pl allows remote authenticated administrators to execute arbitrary code by uploading an executable file, because the Uploadable File Types setting can be changed by an. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Revolution
NVD GitHub Exploit-DB
EPSS 1% CVSS 8.8
HIGH This Week

WatchGuard Firebox and XTM appliances allow an authenticated remote attacker with unprivileged credentials to upload files to arbitrary locations. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Watchguard File Upload Fireware
NVD
EPSS 1% CVSS 7.2
HIGH POC PATCH This Week

Zenario CMS 9.2 allows an authenticated admin user to bypass the file upload restriction by creating a new 'File/MIME Types' using the '.phar' extension. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

File Upload Zenario
NVD GitHub
EPSS 3% CVSS 9.8
CRITICAL POC Act Now

An issue was found in Zfaka <= 1.4.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Zfaka
NVD GitHub
EPSS 20% CVSS 8.8
HIGH POC THREAT This Week

WikiDocs version 0.1.18 has an authenticated remote code execution vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE File Upload +1
NVD GitHub
EPSS 1% CVSS 7.8
HIGH POC PATCH This Week

Unrestricted Upload of File with Dangerous Type in Packagist showdoc/showdoc prior to 2.10.2. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

File Upload Showdoc
NVD GitHub
EPSS 3% CVSS 7.2
HIGH POC This Week

jpress 4.2.0 is vulnerable to remote code execution via io.jpress.web.admin._TemplateController#doInstall. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Jpress
NVD GitHub VulDB
EPSS 1% CVSS 7.2
HIGH POC This Week

jpress 4.2.0 is vulnerable to RCE via io.jpress.web.admin._TemplateController#doUploadFile. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Jpress
NVD GitHub VulDB
EPSS 2% CVSS 8.8
HIGH POC This Week

jpress v4.2.0 allows users to register an account by default. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Jpress
NVD GitHub VulDB
EPSS 1% CVSS 5.4
MEDIUM POC PATCH This Month

Wiki.js is a wiki app built on Node.js. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Node.js XSS File Upload +1
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC PATCH This Month

Wiki.js is a wiki app built on node.js. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Node.js XSS File Upload +1
NVD GitHub
EPSS 4% CVSS 8.8
HIGH POC This Week

A directory traversal vulnerability exists in the Web Manager File Upload functionality of Lantronix PremierWave 2050 8.9.0.0R4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal File Upload Premierwave 2050
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

An issue was discovered in Quest KACE Desktop Authority before 11.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE File Upload Kace Desktop Authority
NVD
EPSS 1% CVSS 7.5
HIGH POC This Week

The Directorist WordPress plugin before 7.0.6.2 was vulnerable to Cross-Site Request Forgery to Remote File Upload leading to arbitrary PHP shell uploads in the wp-content/plugins directory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

CSRF WordPress PHP +2
NVD WPScan
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

Wiki.js is a wiki app built on Node.js. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Node.js Docker XSS +2
NVD GitHub
EPSS 6% CVSS 7.2
HIGH This Week

The "Log alert to a file" action within action management enables any Orion Platform user with Orion alert management rights to write to any file. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE File Upload Orion Platform
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

Chain Sea ai chatbot system’s file upload function has insufficient filtering for special characters in URLs, which allows a remote attacker to by-pass file type validation, upload malicious script. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE File Upload Qb Smart Service Robot
NVD
EPSS 3% CVSS 9.8
CRITICAL Act Now

4MOSAn GCB Doctor’s file upload function has improper user privilege control. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE File Upload Gcb Doctor
NVD
EPSS 11% CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

OpenCATS through 0.9.6 allows remote attackers to execute arbitrary code by uploading an executable file via lib/FileUtility.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE PHP File Upload +1
NVD GitHub
EPSS 1% CVSS 8.8
HIGH This Week

An issue was discovered in the firmware update form in Socomec REMOTE VIEW PRO 2.0.41.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP File Upload Remote View Pro Firmware
NVD
EPSS 59% CVSS 8.8
HIGH POC PATCH THREAT This Week

PatrOwl is a free and open-source solution for orchestrating Security Operations. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS File Upload Patrowlmanager
NVD GitHub
EPSS 3% CVSS 9.8
CRITICAL POC Act Now

A Remote Code Execution (RCE) vulnerability exists in emlog 5.3.1 via content/plugins. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Emlog
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

fastadmin v1.2.1 is affected by a file upload vulnerability which allows arbitrary code execution through shell access. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Fastadmin
NVD GitHub
EPSS 3% CVSS 8.1
HIGH POC This Week

In Pluck-4.7.15 admin background a remote command execution vulnerability exists when uploading files. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

File Upload Pluck
NVD GitHub
EPSS 1% CVSS 8.8
HIGH This Week

PineApp - Mail Secure - The attacker must be logged in as a user to the Pineapp system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP File Upload Mail Secure
NVD
EPSS 40% CVSS 8.8
HIGH POC KEV THREAT This Week

A vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p92 and 10.2.2r44p1 allows a remote, unauthenticated attacker to upload a file to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Ipvpn Firmware Warp Firmware +1
NVD
EPSS 3% CVSS 8.1
HIGH This Week

An exposed dangerous function vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform an arbitrary file write. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Ivanti Avalanche
NVD
EPSS 82% CVSS 8.8
HIGH This Week

An unrestricted file upload vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to write dangerous files. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization File Upload Ivanti +1
NVD
EPSS 36% CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

The software allows the attacker to upload or transfer files of dangerous types to the WebHMI portal, that may be automatically processed within the product's environment or lead to arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE File Upload Webhmi Firmware
NVD Exploit-DB
EPSS 1% CVSS 8.8
HIGH PATCH This Week

This affects the package plupload before 2.3.9. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload Plupload
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

In CKAN, versions 2.9.0 to 2.9.3 are affected by a stored XSS vulnerability via SVG file upload of users’ profile picture. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS File Upload Ckan
NVD
EPSS 7% CVSS 9.8
CRITICAL Act Now

Zoho ManageEngine M365 Manager Plus before 4421 is vulnerable to file-upload remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Zoho File Upload +1
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Unrestricted File Upload in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 in the File Upload Functions allows an authenticated remote attacker with. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Topease
NVD
EPSS 1% CVSS 7.8
HIGH POC This Week

ZrLog 2.2.2 has a remote command execution vulnerability at plugin download function, it could execute any JAR file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Zrlog
NVD GitHub
EPSS 3% CVSS 9.8
CRITICAL POC Act Now

A Remote Command Execution vulnerability on the background in zrlog 2.2.2, at the upload avatar function, could bypass the original limit, upload the JSP file to get a WebShell. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Zrlog
NVD GitHub
EPSS 3% CVSS 7.2
HIGH POC PATCH This Week

A bypass of adding remote files in Concrete CMS (previously concrete5) File Manager leads to remote code execution in Concrete CMS (concrete5) versions 8.5.6 and below.The external file upload. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

LFI RCE PHP +2
NVD
EPSS 80% CVSS 8.8
HIGH POC PATCH THREAT Act Now

The WordPress Popular Posts WordPress plugin is vulnerable to arbitrary file uploads due to insufficient input file type validation found in the ~/src/Image.php file which makes it possible for. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

WordPress RCE PHP +2
NVD GitHub WPScan Exploit-DB
EPSS 10% CVSS 9.8
CRITICAL POC Act Now

Sourcecodester Online Learning System 2.0 is vunlerable to sql injection authentication bypass in admin login file (/admin/login.php) and authenticated file upload in (Master.php) file , we can craft. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP File Upload +2
NVD GitHub Exploit-DB
EPSS 2% CVSS 8.8
HIGH This Week

Grand Vice info Co. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE File Upload Webopac
NVD
EPSS 20% CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

Laravel Framework through 8.70.2 does not sufficiently block the upload of executable PHP content because Illuminate/Validation/Concerns/ValidatesAttributes.php lacks a check for .phar files, which. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

Debian PHP File Upload +1
NVD GitHub Exploit-DB
EPSS 1% CVSS 5.7
MEDIUM POC PATCH This Month

bookstack is vulnerable to Unrestricted Upload of File with Dangerous Type. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

File Upload Bookstack
NVD GitHub
EPSS 8% CVSS 9.8
CRITICAL PATCH Act Now

Zoho ManageEngine Patch Connect Plus before 90099 is vulnerable to unauthenticated remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

RCE Zoho File Upload +1
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

In publify, versions v8.0 to v9.2.4 are vulnerable to stored XSS as a result of an unrestricted file upload. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS File Upload Publify
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

Arbitrary file upload in Service import feature in ServiceTonic Helpdesk software version < 9.0.35937 allows a malicious user to execute JSP code by uploading a zip that extracts files in relative. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Servicetonic
NVD
EPSS 2% CVSS 7.2
HIGH POC This Week

UploadService in Hitachi Vantara Pentaho Business Analytics through 9.1 does not properly verify uploaded user files, which allows an authenticated user to upload various files of different file. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Vantara Pentaho
NVD
Prev Page 34 of 45 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy