Skip to main content

File Upload

4034 CVEs technique

Monthly

CVE-2021-31599 HIGH POC This Week

An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence Server through 7.x. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Vantara Pentaho Vantara Pentaho Business Intelligence Server
NVD
CVSS 3.1
8.8
EPSS
2.3%
CVE-2021-42669 CRITICAL POC THREAT Act Now

A file upload vulnerability exists in Sourcecodester Engineers Online Portal in PHP via dashboard_teacher.php, which allows changing the avatar through teacher_avatar.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Engineers Online Portal
NVD GitHub
CVSS 3.1
9.8
EPSS
23.3%
CVE-2021-20706 HIGH This Week

Improper input validation vulnerability in the WebManager CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft File Upload Clusterpro X Clusterpro X Singleserversafe Expresscluster X +1
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2021-20705 HIGH This Week

Improper input validation vulnerability in the WebManager CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft File Upload Clusterpro X Clusterpro X Singleserversafe Expresscluster X +1
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2021-26740 CRITICAL POC Act Now

Arbitrary file upload vulnerability sysupload.php in millken doyocms 2.3 allows attackers to execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Doyocms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2021-38847 HIGH This Week

S-Cart v6.4.1 and below was discovered to contain an arbitrary file upload vulnerability in the Editor module on the Admin panel. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE File Upload S Cart
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2021-41646 CRITICAL POC Act Now

Remote Code Execution (RCE) vulnerability exists in Sourcecodester Online Reviewer System 1.0 by uploading a maliciously crafted PHP file that bypasses the image upload filters.. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP RCE Online Reviewer System
NVD Exploit-DB VulDB
CVSS 3.1
9.8
EPSS
3.7%
CVE-2021-41645 HIGH POC This Week

Remote Code Execution (RCE) vulnerability exists in Sourcecodester Budget and Expense Tracker System 1.0 that allows a remote malicious user to inject arbitrary code via the image upload field. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Budget And Expense Tracker System
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
3.1%
CVE-2021-41644 CRITICAL POC Act Now

Remote Code Exection (RCE) vulnerability exists in Sourcecodester Online Food Ordering System 2.0 via a maliciously crafted PHP file that bypasses the image upload filters. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Online Food Ordering System
NVD Exploit-DB VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2021-41643 CRITICAL POC Act Now

Remote Code Execution (RCE) vulnerability exists in Sourcecodester Church Management System 1.0 via the image upload field. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Church Management System
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
4.5%
CVE-2021-41675 HIGH POC This Week

A Remote Code Execution (RCE) vulnerabilty exists in Sourcecodester E-Negosyo System 1.0 in /admin/produts/controller.php via the doInsert function, which validates images with getImageSizei. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload E Negosyo System
NVD GitHub
CVSS 3.1
7.2
EPSS
3.0%
CVE-2021-36548 CRITICAL POC Act Now

A remote code execution (RCE) vulnerability in the component /admin/index.php?id=themes&action=edit_template&filename=blog of Monstra v3.0.4 allows attackers to execute arbitrary commands via a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Monstra
NVD GitHub
CVSS 3.1
9.8
EPSS
3.2%
CVE-2021-36547 CRITICAL POC Act Now

A remote code execution (RCE) vulnerability in the component /codebase/dir.php?type=filenew of Mara v7.5 allows attackers to execute arbitrary commands via a crafted PHP file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Mara Cms
NVD GitHub
CVSS 3.1
9.8
EPSS
3.2%
CVE-2021-3745 MEDIUM POC PATCH This Month

flatcore-cms is vulnerable to Unrestricted Upload of File with Dangerous Type. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. Public exploit code available.

File Upload Flatcore Cms
NVD GitHub
CVSS 3.1
6.6
EPSS
1.1%
CVE-2021-3906 MEDIUM POC PATCH This Month

bookstack is vulnerable to Unrestricted Upload of File with Dangerous Type. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

File Upload Bookstack
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2021-37221 HIGH POC This Week

A file upload vulnerability exists in Sourcecodester Customer Relationship Management System 1.0 via the account update option & customer create option, which could let a remote malicious user upload. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Customer Relationship Management System
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
1.1%
CVE-2021-37372 HIGH This Week

Online Student Admission System 1.0 is affected by an insecure file upload vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE PHP File Upload Online Student Admission System
NVD
CVSS 3.1
8.8
EPSS
3.3%
CVE-2021-40344 HIGH POC THREAT This Week

An issue was discovered in Nagios XI 5.8.5. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Nagios Xi
NVD
CVSS 3.1
7.2
EPSS
66.2%
CVE-2021-42840 HIGH POC THREAT Act Now

SuiteCRM before 7.11.19 allows remote code execution via the system settings Log File Name setting. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Suitecrm
NVD GitHub Exploit-DB
CVSS 3.1
8.8
EPSS
58.9%
CVE-2021-41745 PHP CRITICAL PATCH Act Now

ShowDoc 2.8.3 ihas a file upload vulnerability, where attackers can use the vulnerability to obtain server permissions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Showdoc
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2021-38471 CRITICAL PATCH Act Now

There are multiple API function codes that permit data writing to any file, which may allow an attacker to modify existing files or create new files. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload Versiondog
NVD
CVSS 3.1
9.1
EPSS
1.0%
CVE-2021-39352 HIGH POC PATCH THREAT Act Now

The Catch Themes Demo Import WordPress plugin is vulnerable to arbitrary file uploads via the import functionality found in the ~/inc/CatchThemesDemoImport.php file, in versions up to and including. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

WordPress RCE PHP File Upload Catch Themes Demo Import
NVD GitHub Exploit-DB
CVSS 3.1
7.2
EPSS
55.7%
CVE-2021-3846 PHP HIGH POC PATCH This Week

firefly-iii is vulnerable to Unrestricted Upload of File with Dangerous Type. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

File Upload Firefly Iii
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2021-38484 HIGH This Week

InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 do not have a filter or signature check to detect or prevent an upload of malicious files to the server, which may allow an. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE XSS File Upload Ir615 Firmware
NVD
CVSS 3.1
7.2
EPSS
2.6%
CVE-2021-24736 MEDIUM POC This Month

The Easy Download Manager and File Sharing Plugin with frontend file upload - a better Media Library - Shared Files WordPress plugin before 1.6.57 does not sanitise and escape some of its settings. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS File Upload Shared Files
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2021-24642 MEDIUM POC This Month

The Scroll Baner WordPress plugin through 1.0 does not have CSRF check in place when saving its settings, nor perform any sanitisation, escaping or validation on them. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress XSS File Upload Scroll Banner
NVD WPScan
CVSS 3.1
6.5
EPSS
0.6%
CVE-2021-42342 CRITICAL Act Now

An issue was discovered in GoAhead 4.x and 5.x before 5.1.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Goahead
NVD GitHub
CVSS 3.1
9.8
EPSS
59.5%
CVE-2021-20131 HIGH This Week

ManageEngine ADManager Plus Build 7111 contains a post-authentication remote code execution vulnerability due to improperly validated file uploads in the Personalization interface. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Zoho File Upload Manageengine Admanager Plus
NVD
CVSS 3.1
8.8
EPSS
16.0%
CVE-2021-20130 HIGH This Week

ManageEngine ADManager Plus Build 7111 contains a post-authentication remote code execution vulnerability due to improperly validated file uploads in the PasswordExpiry interface. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Zoho File Upload Manageengine Admanager Plus
NVD
CVSS 3.1
8.8
EPSS
31.6%
CVE-2021-20125 CRITICAL POC Act Now

An arbitrary file upload and directory traversal vulnerability exists in the file upload functionality of DownloadFileServlet in Draytek VigorConnect 1.6.0-B3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal File Upload Vigorconnect
NVD
CVSS 3.1
9.8
EPSS
3.8%
CVE-2021-40189 HIGH POC This Week

PHPFusion 9.03.110 is affected by a remote code execution vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Phpfusion
NVD GitHub
CVSS 3.1
7.2
EPSS
1.7%
CVE-2021-40188 HIGH POC This Week

PHPFusion 9.03.110 is affected by an arbitrary file upload vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Phpfusion
NVD GitHub
CVSS 3.1
7.2
EPSS
1.3%
CVE-2021-42112 PHP MEDIUM POC PATCH This Month

The "File upload question" functionality in LimeSurvey 3.x-LTS through 3.27.18 allows XSS in assets/scripts/modaldialog.js and assets/scripts/uploader.js. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS File Upload Limesurvey
NVD GitHub
CVSS 3.1
6.1
EPSS
1.5%
CVE-2021-41919 HIGH POC This Week

webTareas version 2.4 and earlier allows an authenticated user to arbitrarily upload potentially dangerous files without restrictions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Webtareas
NVD
CVSS 3.1
8.8
EPSS
2.3%
CVE-2021-41566 CRITICAL Act Now

The file extension of the TadTools file upload function fails to filter, thus remote attackers can upload any types of files and execute arbitrary code without logging in. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE File Upload Tadtools
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2021-37931 CRITICAL Act Now

Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Zoho File Upload Manageengine Admanager Plus
NVD
CVSS 3.1
9.8
EPSS
9.2%
CVE-2021-37930 CRITICAL Act Now

Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Zoho File Upload Manageengine Admanager Plus
NVD
CVSS 3.1
9.8
EPSS
9.2%
CVE-2021-37929 CRITICAL Act Now

Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Zoho File Upload Manageengine Admanager Plus
NVD
CVSS 3.1
9.8
EPSS
9.2%
CVE-2021-37928 CRITICAL Act Now

Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Zoho File Upload Manageengine Admanager Plus
NVD
CVSS 3.1
9.8
EPSS
9.2%
CVE-2021-37926 CRITICAL Act Now

Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Zoho File Upload Manageengine Admanager Plus
NVD
CVSS 3.1
9.8
EPSS
73.6%
CVE-2021-37924 CRITICAL Act Now

Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Zoho File Upload Manageengine Admanager Plus
NVD
CVSS 3.1
9.8
EPSS
10.6%
CVE-2021-37923 CRITICAL Act Now

Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Zoho File Upload Manageengine Admanager Plus
NVD
CVSS 3.1
9.8
EPSS
10.6%
CVE-2021-37921 CRITICAL Act Now

Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Zoho File Upload Manageengine Admanager Plus
NVD
CVSS 3.1
9.8
EPSS
10.6%
CVE-2021-37920 CRITICAL Act Now

Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Zoho File Upload Manageengine Admanager Plus
NVD
CVSS 3.1
9.8
EPSS
10.6%
CVE-2021-37919 CRITICAL Act Now

Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Zoho File Upload Manageengine Admanager Plus
NVD
CVSS 3.1
9.8
EPSS
10.6%
CVE-2021-37918 CRITICAL Act Now

Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Zoho File Upload Manageengine Admanager Plus
NVD
CVSS 3.1
9.8
EPSS
73.6%
CVE-2021-37762 CRITICAL Act Now

Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file overwrite leading to remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Zoho File Upload Manageengine Admanager Plus
NVD
CVSS 3.1
9.8
EPSS
7.8%
CVE-2021-3832 CRITICAL Act Now

Integria IMS in its 5.0.92 version is vulnerable to a Remote Code Execution attack through file uploading. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE File Upload Integria Ims
NVD
CVSS 3.1
9.8
EPSS
2.2%
CVE-2021-39486 MEDIUM POC This Month

A Stored XSS via Malicious File Upload exists in Gila CMS version 2.2.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS File Upload Gila Cms
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-38822 MEDIUM POC This Month

A Stored Cross Site Scripting vulnerability via Malicious File Upload exists in multiple pages of IceHrm 30.0.0.OS that allows for arbitrary execution of JavaScript commands. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS File Upload Icehrm
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2021-40324 PyPI HIGH PATCH This Week

Cobbler before 3.3.0 allows arbitrary file write operations via upload_log_data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload Cobbler
NVD GitHub
CVSS 3.1
7.5
EPSS
68.6%
CVE-2021-41290 CRITICAL Act Now

ECOA BAS controller suffers from an arbitrary file write and path traversal vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Path Traversal File Upload Ecs Router Controller Ecs Firmware Riskbuster Firmware +1
NVD
CVSS 3.1
9.8
EPSS
2.2%
CVE-2021-37105 HIGH This Week

There is an improper file upload control vulnerability in FusionCompute 6.5.0, 6.5.1 and 8.0.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Fusioncompute
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2021-37761 CRITICAL Act Now

Zoho ManageEngine ADManager Plus version 7110 and prior is vulnerable to unrestricted file upload, leading to remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Zoho File Upload Manageengine Admanager Plus
NVD
CVSS 3.1
9.8
EPSS
9.2%
CVE-2021-37539 CRITICAL Act Now

Zoho ManageEngine ADManager Plus before 7111 is vulnerable to unrestricted file which leads to Remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Zoho File Upload Manageengine Admanager Plus
NVD
CVSS 3.1
9.8
EPSS
93.4%
CVE-2021-26794 CRITICAL POC Act Now

Privilege escalation in 'upload.php' in FrogCMS SentCMS v0.9.5 allows attacker to execute arbitrary code via crafted php file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation RCE PHP File Upload Frogcms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2021-22005 CRITICAL POC KEV PATCH THREAT Act Now

The vCenter Server contains an arbitrary file upload vulnerability in the Analytics service. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal File Upload VMware Cloud Foundation Vcenter Server
NVD
CVSS 3.1
9.8
EPSS
100.0%
CVE-2021-37741 HIGH This Week

ManageEngine ADManager Plus before 7111 has Pre-authentication RCE vulnerabilities. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Zoho File Upload Manageengine Admanager Plus
NVD
CVSS 3.1
8.8
EPSS
2.6%
CVE-2021-24663 HIGH POC This Week

The Simple Schools Staff Directory WordPress plugin through 1.1 does not validate uploaded logo pictures to ensure that are indeed images, allowing high privilege users such as admin to upload. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress File Upload Simple Schools Staff Directory
NVD WPScan
CVSS 3.1
7.2
EPSS
1.4%
CVE-2021-33698 HIGH PATCH This Week

SAP Business One, version - 10.0, allows an attacker with business authorization to upload any files (including script files) without the proper file format validation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

SAP File Upload Business One
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2021-40845 HIGH POC This Week

The web part of Zenitel AlphaCom XE Audio Server through 11.2.3.10, called AlphaWeb XE, does not restrict file upload in the Custom Scripts section at php/index.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Alphacom Xe Audio Server
NVD GitHub
CVSS 3.1
8.8
EPSS
4.7%
CVE-2021-36582 CRITICAL Act Now

In Kooboo CMS 2.1.1.0, it is possible to upload a remote shell (e.g., aspx) to the server and then call upon it to receive a reverse shell from the victim server. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Kooboo Cms
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
1.5%
CVE-2021-36581 CRITICAL Act Now

Kooboo CMS 2.1.1.0 is vulnerable to Insecure file upload. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Kooboo Cms
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
1.5%
CVE-2021-24620 HIGH POC This Week

The WordPress Simple Ecommerce Shopping Cart Plugin- Sell products through Paypal plugin through 2.2.5 does not check for the uploaded Downloadable Digital product file, allowing any file, such as. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress PHP File Upload Simple E Commerce Shopping Cart
NVD WPScan
CVSS 3.1
8.8
EPSS
0.6%
CVE-2021-24493 CRITICAL POC Act Now

The shopp_upload_file AJAX action of the Shopp WordPress plugin through 1.4, available to both unauthenticated and authenticated user does not have any security measure in place to prevent upload of. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress File Upload Shopp
NVD WPScan
CVSS 3.1
9.8
EPSS
2.0%
CVE-2021-40870 CRITICAL POC KEV THREAT Act Now

An issue was discovered in Aviatrix Controller 6.x before 6.5-1804.1922. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Path Traversal File Upload Controller
NVD
CVSS 3.1
9.8
EPSS
93.0%
CVE-2021-36440 PHP CRITICAL POC PATCH Act Now

Unrestricted File Upload in ShowDoc v2.9.5 allows remote attackers to execute arbitrary code via the 'file_url' parameter in the component AdminUpdateController.class.php'. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Showdoc
NVD GitHub
CVSS 3.1
9.8
EPSS
4.8%
CVE-2021-38841 HIGH POC This Week

Remote Code Execution can occur in Simple Water Refilling Station Management System 1.0 via the System Logo option on the system_info page in classes/SystemSettings.php with an update_settings action. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Simple Water Refilling Station Management System
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
4.1%
CVE-2021-40531 CRITICAL POC PATCH THREAT Act Now

Sketch before 75 allows library feeds to be used to bypass file quarantine. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Apple RCE File Upload Sketch
NVD
CVSS 3.1
9.8
EPSS
32.8%
CVE-2021-40524 HIGH POC PATCH This Week

In Pure-FTPd before 1.0.50, an incorrect max_filesize quota mechanism in the server allows attackers to upload files of unbounded size, which may lead to denial of service or a server hang. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service File Upload Pure Ftpd
NVD GitHub
CVSS 3.1
7.5
EPSS
4.3%
CVE-2021-36042 PHP HIGH PATCH This Week

Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability in the API File Option Upload Extension. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

RCE File Upload Adobe Adobe Commerce Magento Open Source
NVD
CVSS 3.1
7.2
EPSS
2.5%
CVE-2021-29907 HIGH PATCH This Week

IBM OpenPages with Watson 8.1 and 8.2 could allow an authenticated user to upload a file that could execute arbitrary code on the system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

IBM File Upload RCE Openpages With Watson
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2021-36356 CRITICAL POC THREAT Act Now

KRAMER VIAware through August 2021 allows remote attackers to execute arbitrary code because ajaxPages/writeBrowseFilePathAjax.php accepts arbitrary executable pathnames (even though. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Viaware
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
54.4%
CVE-2021-39132 Maven HIGH PATCH This Week

Rundeck is an open source automation service with a web console, command line tools and a WebAPI. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization File Upload Rundeck
NVD GitHub
CVSS 3.1
8.8
EPSS
1.4%
CVE-2021-32955 CRITICAL Act Now

Delta Electronics DIAEnergie Version 1.7.5 and prior allows unrestricted file uploads, which may allow an attacker to remotely execute code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Diaenergie
NVD
CVSS 3.1
9.8
EPSS
37.3%
CVE-2021-40175 CRITICAL Act Now

Zoho ManageEngine Log360 before Build 5219 allows unrestricted file upload with resultant remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Zoho File Upload Manageengine Log360
NVD
CVSS 3.1
9.8
EPSS
7.0%
CVE-2021-27944 CRITICAL POC Act Now

Several high privileged APIs on the Vizio P65-F1 6.0.31.4-2 and E50x-E1 10.0.31.4-2 Smart TVs do not enforce access controls, allowing an unauthenticated threat actor to access privileged. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection File Upload P65 F1 Firmware E50X E1 Firmware
NVD
CVSS 3.1
9.8
EPSS
3.5%
CVE-2021-1581 CRITICAL PATCH Act Now

Multiple vulnerabilities in the web UI and API endpoints of Cisco Application Policy Infrastructure Controller (APIC) or Cisco Cloud APIC could allow a remote attacker to perform a command injection. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Cisco Command Injection File Upload Authentication Bypass Application Policy Infrastructure Controller +1
NVD
CVSS 3.1
9.1
EPSS
1.1%
CVE-2021-1580 HIGH PATCH This Week

Multiple vulnerabilities in the web UI and API endpoints of Cisco Application Policy Infrastructure Controller (APIC) or Cisco Cloud APIC could allow a remote attacker to perform a command injection. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

Cisco Command Injection File Upload Authentication Bypass Application Policy Infrastructure Controller +1
NVD
CVSS 3.1
7.2
EPSS
1.8%
CVE-2021-39136 PHP MEDIUM PATCH This Month

baserCMS is an open source content management system with a focus on Japanese language support. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS File Upload Basercms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.9%
CVE-2021-33884 CRITICAL POC Act Now

An Unrestricted Upload of File with Dangerous Type vulnerability in B. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Spacecom2
NVD
CVSS 3.1
9.1
EPSS
1.0%
CVE-2021-38613 CRITICAL POC Act Now

The assets/index.php Image Upload feature of the NASCENT RemKon Device Manager 4.0.0.0 allows attackers to upload any code to the target system and achieve remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Remkon Device Manager
NVD
CVSS 3.1
9.8
EPSS
4.5%
CVE-2021-39608 HIGH POC THREAT This Week

Remote Code Execution (RCE) vulnerabilty exists in FlatCore-CMS 2.0.7 via the upload addon plugin, which could let a remote malicious user exeuct arbitrary php code. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Flatcore Cms
NVD GitHub Exploit-DB
CVSS 3.1
7.2
EPSS
45.9%
CVE-2021-39154 Maven HIGH POC PATCH This Week

XStream is a simple library to serialize objects to XML and back again. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. Public exploit code available.

RCE File Upload Xstream Fedora Debian Linux +12
NVD GitHub
CVSS 3.1
8.5
EPSS
4.7%
CVE-2021-39153 Maven HIGH POC PATCH This Week

XStream is a simple library to serialize objects to XML and back again. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. Public exploit code available.

RCE File Upload Java Xstream Fedora +11
NVD GitHub
CVSS 3.1
8.5
EPSS
4.5%
CVE-2021-39151 Maven HIGH POC PATCH This Week

XStream is a simple library to serialize objects to XML and back again. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. Public exploit code available.

RCE File Upload Xstream Fedora Debian Linux +12
NVD GitHub
CVSS 3.1
8.5
EPSS
4.7%
CVE-2021-39149 Maven HIGH POC PATCH This Week

XStream is a simple library to serialize objects to XML and back again. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. Public exploit code available.

RCE File Upload Xstream Fedora Debian Linux +12
NVD GitHub
CVSS 3.1
8.5
EPSS
4.7%
CVE-2021-39148 Maven HIGH POC PATCH This Week

XStream is a simple library to serialize objects to XML and back again. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. Public exploit code available.

RCE File Upload Xstream Fedora Debian Linux +12
NVD GitHub
CVSS 3.1
8.5
EPSS
4.7%
CVE-2021-39147 Maven HIGH POC PATCH This Week

XStream is a simple library to serialize objects to XML and back again. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. Public exploit code available.

RCE File Upload Xstream Fedora Debian Linux +12
NVD GitHub
CVSS 3.1
8.5
EPSS
4.7%
CVE-2021-39146 Maven HIGH POC PATCH THREAT This Week

XStream is a simple library to serialize objects to XML and back again. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

RCE File Upload Xstream Fedora Debian Linux +12
NVD GitHub
CVSS 3.1
8.5
EPSS
14.3%
EPSS 2% CVSS 8.8
HIGH POC This Week

An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence Server through 7.x. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Vantara Pentaho +1
NVD
EPSS 23% CVSS 9.8
CRITICAL POC THREAT Act Now

A file upload vulnerability exists in Sourcecodester Engineers Online Portal in PHP via dashboard_teacher.php, which allows changing the avatar through teacher_avatar.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Engineers Online Portal
NVD GitHub
EPSS 1% CVSS 7.5
HIGH This Week

Improper input validation vulnerability in the WebManager CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft File Upload Clusterpro X +3
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Improper input validation vulnerability in the WebManager CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft File Upload Clusterpro X +3
NVD
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

Arbitrary file upload vulnerability sysupload.php in millken doyocms 2.3 allows attackers to execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload +1
NVD GitHub
EPSS 1% CVSS 8.8
HIGH This Week

S-Cart v6.4.1 and below was discovered to contain an arbitrary file upload vulnerability in the Editor module on the Admin panel. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE File Upload S Cart
NVD GitHub
EPSS 4% CVSS 9.8
CRITICAL POC Act Now

Remote Code Execution (RCE) vulnerability exists in Sourcecodester Online Reviewer System 1.0 by uploading a maliciously crafted PHP file that bypasses the image upload filters.. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP RCE +1
NVD Exploit-DB VulDB
EPSS 3% CVSS 8.8
HIGH POC This Week

Remote Code Execution (RCE) vulnerability exists in Sourcecodester Budget and Expense Tracker System 1.0 that allows a remote malicious user to inject arbitrary code via the image upload field. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Budget And Expense Tracker System
NVD Exploit-DB
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

Remote Code Exection (RCE) vulnerability exists in Sourcecodester Online Food Ordering System 2.0 via a maliciously crafted PHP file that bypasses the image upload filters. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Online Food Ordering System
NVD Exploit-DB VulDB
EPSS 4% CVSS 9.8
CRITICAL POC Act Now

Remote Code Execution (RCE) vulnerability exists in Sourcecodester Church Management System 1.0 via the image upload field. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Church Management System
NVD Exploit-DB
EPSS 3% CVSS 7.2
HIGH POC This Week

A Remote Code Execution (RCE) vulnerabilty exists in Sourcecodester E-Negosyo System 1.0 in /admin/produts/controller.php via the doInsert function, which validates images with getImageSizei. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload +1
NVD GitHub
EPSS 3% CVSS 9.8
CRITICAL POC Act Now

A remote code execution (RCE) vulnerability in the component /admin/index.php?id=themes&action=edit_template&filename=blog of Monstra v3.0.4 allows attackers to execute arbitrary commands via a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload +1
NVD GitHub
EPSS 3% CVSS 9.8
CRITICAL POC Act Now

A remote code execution (RCE) vulnerability in the component /codebase/dir.php?type=filenew of Mara v7.5 allows attackers to execute arbitrary commands via a crafted PHP file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload +1
NVD GitHub
EPSS 1% CVSS 6.6
MEDIUM POC PATCH This Month

flatcore-cms is vulnerable to Unrestricted Upload of File with Dangerous Type. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. Public exploit code available.

File Upload Flatcore Cms
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC PATCH This Month

bookstack is vulnerable to Unrestricted Upload of File with Dangerous Type. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

File Upload Bookstack
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

A file upload vulnerability exists in Sourcecodester Customer Relationship Management System 1.0 via the account update option & customer create option, which could let a remote malicious user upload. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Customer Relationship Management System
NVD Exploit-DB
EPSS 3% CVSS 8.8
HIGH This Week

Online Student Admission System 1.0 is affected by an insecure file upload vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE PHP File Upload +1
NVD
EPSS 66% CVSS 7.2
HIGH POC THREAT This Week

An issue was discovered in Nagios XI 5.8.5. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Nagios Xi
NVD
EPSS 59% CVSS 8.8
HIGH POC THREAT Act Now

SuiteCRM before 7.11.19 allows remote code execution via the system settings Log File Name setting. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload +1
NVD GitHub Exploit-DB
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

ShowDoc 2.8.3 ihas a file upload vulnerability, where attackers can use the vulnerability to obtain server permissions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Showdoc
NVD GitHub
EPSS 1% CVSS 9.1
CRITICAL PATCH Act Now

There are multiple API function codes that permit data writing to any file, which may allow an attacker to modify existing files or create new files. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload Versiondog
NVD
EPSS 56% CVSS 7.2
HIGH POC PATCH THREAT Act Now

The Catch Themes Demo Import WordPress plugin is vulnerable to arbitrary file uploads via the import functionality found in the ~/inc/CatchThemesDemoImport.php file, in versions up to and including. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

WordPress RCE PHP +2
NVD GitHub Exploit-DB
EPSS 1% CVSS 8.8
HIGH POC PATCH This Week

firefly-iii is vulnerable to Unrestricted Upload of File with Dangerous Type. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

File Upload Firefly Iii
NVD GitHub
EPSS 3% CVSS 7.2
HIGH This Week

InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 do not have a filter or signature check to detect or prevent an upload of malicious files to the server, which may allow an. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE XSS File Upload +1
NVD
EPSS 1% CVSS 4.8
MEDIUM POC This Month

The Easy Download Manager and File Sharing Plugin with frontend file upload - a better Media Library - Shared Files WordPress plugin before 1.6.57 does not sanitise and escape some of its settings. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS File Upload +1
NVD WPScan
EPSS 1% CVSS 6.5
MEDIUM POC This Month

The Scroll Baner WordPress plugin through 1.0 does not have CSRF check in place when saving its settings, nor perform any sanitisation, escaping or validation on them. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress XSS +2
NVD WPScan
EPSS 59% CVSS 9.8
CRITICAL Act Now

An issue was discovered in GoAhead 4.x and 5.x before 5.1.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Goahead
NVD GitHub
EPSS 16% CVSS 8.8
HIGH This Week

ManageEngine ADManager Plus Build 7111 contains a post-authentication remote code execution vulnerability due to improperly validated file uploads in the Personalization interface. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Zoho File Upload +1
NVD
EPSS 32% CVSS 8.8
HIGH This Week

ManageEngine ADManager Plus Build 7111 contains a post-authentication remote code execution vulnerability due to improperly validated file uploads in the PasswordExpiry interface. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Zoho File Upload +1
NVD
EPSS 4% CVSS 9.8
CRITICAL POC Act Now

An arbitrary file upload and directory traversal vulnerability exists in the file upload functionality of DownloadFileServlet in Draytek VigorConnect 1.6.0-B3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal File Upload Vigorconnect
NVD
EPSS 2% CVSS 7.2
HIGH POC This Week

PHPFusion 9.03.110 is affected by a remote code execution vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Phpfusion
NVD GitHub
EPSS 1% CVSS 7.2
HIGH POC This Week

PHPFusion 9.03.110 is affected by an arbitrary file upload vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Phpfusion
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM POC PATCH This Month

The "File upload question" functionality in LimeSurvey 3.x-LTS through 3.27.18 allows XSS in assets/scripts/modaldialog.js and assets/scripts/uploader.js. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS File Upload Limesurvey
NVD GitHub
EPSS 2% CVSS 8.8
HIGH POC This Week

webTareas version 2.4 and earlier allows an authenticated user to arbitrarily upload potentially dangerous files without restrictions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Webtareas
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

The file extension of the TadTools file upload function fails to filter, thus remote attackers can upload any types of files and execute arbitrary code without logging in. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE File Upload Tadtools
NVD
EPSS 9% CVSS 9.8
CRITICAL Act Now

Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Zoho File Upload +1
NVD
EPSS 9% CVSS 9.8
CRITICAL Act Now

Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Zoho File Upload +1
NVD
EPSS 9% CVSS 9.8
CRITICAL Act Now

Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Zoho File Upload +1
NVD
EPSS 9% CVSS 9.8
CRITICAL Act Now

Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Zoho File Upload +1
NVD
EPSS 74% CVSS 9.8
CRITICAL Act Now

Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Zoho File Upload +1
NVD
EPSS 11% CVSS 9.8
CRITICAL Act Now

Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Zoho File Upload +1
NVD
EPSS 11% CVSS 9.8
CRITICAL Act Now

Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Zoho File Upload +1
NVD
EPSS 11% CVSS 9.8
CRITICAL Act Now

Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Zoho File Upload +1
NVD
EPSS 11% CVSS 9.8
CRITICAL Act Now

Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Zoho File Upload +1
NVD
EPSS 11% CVSS 9.8
CRITICAL Act Now

Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Zoho File Upload +1
NVD
EPSS 74% CVSS 9.8
CRITICAL Act Now

Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Zoho File Upload +1
NVD
EPSS 8% CVSS 9.8
CRITICAL Act Now

Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file overwrite leading to remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Zoho File Upload +1
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

Integria IMS in its 5.0.92 version is vulnerable to a Remote Code Execution attack through file uploading. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE File Upload Integria Ims
NVD
EPSS 1% CVSS 5.4
MEDIUM POC This Month

A Stored XSS via Malicious File Upload exists in Gila CMS version 2.2.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS File Upload +1
NVD
EPSS 1% CVSS 5.4
MEDIUM POC This Month

A Stored Cross Site Scripting vulnerability via Malicious File Upload exists in multiple pages of IceHrm 30.0.0.OS that allows for arbitrary execution of JavaScript commands. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS File Upload Icehrm
NVD
EPSS 69% CVSS 7.5
HIGH PATCH This Week

Cobbler before 3.3.0 allows arbitrary file write operations via upload_log_data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload Cobbler
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL Act Now

ECOA BAS controller suffers from an arbitrary file write and path traversal vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Path Traversal File Upload +3
NVD
EPSS 1% CVSS 7.5
HIGH This Week

There is an improper file upload control vulnerability in FusionCompute 6.5.0, 6.5.1 and 8.0.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Fusioncompute
NVD
EPSS 9% CVSS 9.8
CRITICAL Act Now

Zoho ManageEngine ADManager Plus version 7110 and prior is vulnerable to unrestricted file upload, leading to remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Zoho File Upload +1
NVD
EPSS 93% CVSS 9.8
CRITICAL Act Now

Zoho ManageEngine ADManager Plus before 7111 is vulnerable to unrestricted file which leads to Remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Zoho File Upload +1
NVD
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

Privilege escalation in 'upload.php' in FrogCMS SentCMS v0.9.5 allows attacker to execute arbitrary code via crafted php file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation RCE PHP +2
NVD GitHub
EPSS 100% CVSS 9.8
CRITICAL POC KEV PATCH THREAT Act Now

The vCenter Server contains an arbitrary file upload vulnerability in the Analytics service. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal File Upload VMware +2
NVD
EPSS 3% CVSS 8.8
HIGH This Week

ManageEngine ADManager Plus before 7111 has Pre-authentication RCE vulnerabilities. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Zoho File Upload Manageengine Admanager Plus
NVD
EPSS 1% CVSS 7.2
HIGH POC This Week

The Simple Schools Staff Directory WordPress plugin through 1.1 does not validate uploaded logo pictures to ensure that are indeed images, allowing high privilege users such as admin to upload. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress File Upload Simple Schools Staff Directory
NVD WPScan
EPSS 1% CVSS 8.8
HIGH PATCH This Week

SAP Business One, version - 10.0, allows an attacker with business authorization to upload any files (including script files) without the proper file format validation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

SAP File Upload Business One
NVD
EPSS 5% CVSS 8.8
HIGH POC This Week

The web part of Zenitel AlphaCom XE Audio Server through 11.2.3.10, called AlphaWeb XE, does not restrict file upload in the Custom Scripts section at php/index.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Alphacom Xe Audio Server
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

In Kooboo CMS 2.1.1.0, it is possible to upload a remote shell (e.g., aspx) to the server and then call upon it to receive a reverse shell from the victim server. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Kooboo Cms
NVD GitHub VulDB
EPSS 1% CVSS 9.8
CRITICAL Act Now

Kooboo CMS 2.1.1.0 is vulnerable to Insecure file upload. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Kooboo Cms
NVD GitHub VulDB
EPSS 1% CVSS 8.8
HIGH POC This Week

The WordPress Simple Ecommerce Shopping Cart Plugin- Sell products through Paypal plugin through 2.2.5 does not check for the uploaded Downloadable Digital product file, allowing any file, such as. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress PHP +2
NVD WPScan
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

The shopp_upload_file AJAX action of the Shopp WordPress plugin through 1.4, available to both unauthenticated and authenticated user does not have any security measure in place to prevent upload of. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress File Upload Shopp
NVD WPScan
EPSS 93% CVSS 9.8
CRITICAL POC KEV THREAT Act Now

An issue was discovered in Aviatrix Controller 6.x before 6.5-1804.1922. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Path Traversal File Upload +1
NVD
EPSS 5% CVSS 9.8
CRITICAL POC PATCH Act Now

Unrestricted File Upload in ShowDoc v2.9.5 allows remote attackers to execute arbitrary code via the 'file_url' parameter in the component AdminUpdateController.class.php'. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload +1
NVD GitHub
EPSS 4% CVSS 8.8
HIGH POC This Week

Remote Code Execution can occur in Simple Water Refilling Station Management System 1.0 via the System Logo option on the system_info page in classes/SystemSettings.php with an update_settings action. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload +1
NVD Exploit-DB
EPSS 33% CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

Sketch before 75 allows library feeds to be used to bypass file quarantine. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Apple RCE File Upload +1
NVD
EPSS 4% CVSS 7.5
HIGH POC PATCH This Week

In Pure-FTPd before 1.0.50, an incorrect max_filesize quota mechanism in the server allows attackers to upload files of unbounded size, which may lead to denial of service or a server hang. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service File Upload Pure Ftpd
NVD GitHub
EPSS 2% CVSS 7.2
HIGH PATCH This Week

Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability in the API File Option Upload Extension. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

RCE File Upload Adobe +2
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

IBM OpenPages with Watson 8.1 and 8.2 could allow an authenticated user to upload a file that could execute arbitrary code on the system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

IBM File Upload RCE +1
NVD
EPSS 54% CVSS 9.8
CRITICAL POC THREAT Act Now

KRAMER VIAware through August 2021 allows remote attackers to execute arbitrary code because ajaxPages/writeBrowseFilePathAjax.php accepts arbitrary executable pathnames (even though. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload +1
NVD Exploit-DB
EPSS 1% CVSS 8.8
HIGH PATCH This Week

Rundeck is an open source automation service with a web console, command line tools and a WebAPI. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization File Upload Rundeck
NVD GitHub
EPSS 37% CVSS 9.8
CRITICAL Act Now

Delta Electronics DIAEnergie Version 1.7.5 and prior allows unrestricted file uploads, which may allow an attacker to remotely execute code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Diaenergie
NVD
EPSS 7% CVSS 9.8
CRITICAL Act Now

Zoho ManageEngine Log360 before Build 5219 allows unrestricted file upload with resultant remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Zoho File Upload +1
NVD
EPSS 4% CVSS 9.8
CRITICAL POC Act Now

Several high privileged APIs on the Vizio P65-F1 6.0.31.4-2 and E50x-E1 10.0.31.4-2 Smart TVs do not enforce access controls, allowing an unauthenticated threat actor to access privileged. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection File Upload P65 F1 Firmware +1
NVD
EPSS 1% CVSS 9.1
CRITICAL PATCH Act Now

Multiple vulnerabilities in the web UI and API endpoints of Cisco Application Policy Infrastructure Controller (APIC) or Cisco Cloud APIC could allow a remote attacker to perform a command injection. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Cisco Command Injection File Upload +3
NVD
EPSS 2% CVSS 7.2
HIGH PATCH This Week

Multiple vulnerabilities in the web UI and API endpoints of Cisco Application Policy Infrastructure Controller (APIC) or Cisco Cloud APIC could allow a remote attacker to perform a command injection. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

Cisco Command Injection File Upload +3
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

baserCMS is an open source content management system with a focus on Japanese language support. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS File Upload Basercms
NVD GitHub
EPSS 1% CVSS 9.1
CRITICAL POC Act Now

An Unrestricted Upload of File with Dangerous Type vulnerability in B. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Spacecom2
NVD
EPSS 5% CVSS 9.8
CRITICAL POC Act Now

The assets/index.php Image Upload feature of the NASCENT RemKon Device Manager 4.0.0.0 allows attackers to upload any code to the target system and achieve remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload +1
NVD
EPSS 46% CVSS 7.2
HIGH POC THREAT This Week

Remote Code Execution (RCE) vulnerabilty exists in FlatCore-CMS 2.0.7 via the upload addon plugin, which could let a remote malicious user exeuct arbitrary php code. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload +1
NVD GitHub Exploit-DB
EPSS 5% CVSS 8.5
HIGH POC PATCH This Week

XStream is a simple library to serialize objects to XML and back again. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. Public exploit code available.

RCE File Upload Xstream +14
NVD GitHub
EPSS 4% CVSS 8.5
HIGH POC PATCH This Week

XStream is a simple library to serialize objects to XML and back again. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. Public exploit code available.

RCE File Upload Java +13
NVD GitHub
EPSS 5% CVSS 8.5
HIGH POC PATCH This Week

XStream is a simple library to serialize objects to XML and back again. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. Public exploit code available.

RCE File Upload Xstream +14
NVD GitHub
EPSS 5% CVSS 8.5
HIGH POC PATCH This Week

XStream is a simple library to serialize objects to XML and back again. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. Public exploit code available.

RCE File Upload Xstream +14
NVD GitHub
EPSS 5% CVSS 8.5
HIGH POC PATCH This Week

XStream is a simple library to serialize objects to XML and back again. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. Public exploit code available.

RCE File Upload Xstream +14
NVD GitHub
EPSS 5% CVSS 8.5
HIGH POC PATCH This Week

XStream is a simple library to serialize objects to XML and back again. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. Public exploit code available.

RCE File Upload Xstream +14
NVD GitHub
EPSS 14% CVSS 8.5
HIGH POC PATCH THREAT This Week

XStream is a simple library to serialize objects to XML and back again. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

RCE File Upload Xstream +14
NVD GitHub
Prev Page 35 of 45 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy