Skip to main content

File Upload

4034 CVEs technique

Monthly

CVE-2020-25790 HIGH POC THREAT This Week

Typesetter CMS 5.x through 5.1 allows admins to upload and execute arbitrary PHP code via a .php file inside a ZIP archive. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Typesetter
NVD GitHub Exploit-DB
CVSS 3.1
7.2
EPSS
15.6%
CVE-2020-15189 HIGH POC PATCH This Week

SOY CMS 3.0.2 and earlier is affected by Remote Code Execution (RCE) using Unrestricted File Upload. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS File Upload RCE Soy Cms
NVD GitHub
CVSS 3.1
7.2
EPSS
2.8%
CVE-2020-25733 HIGH This Week

webTareas through 2.1 allows upload of the dangerous .exe and .shtml file types. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Webtareas
NVD
CVSS 3.1
7.5
EPSS
2.1%
CVE-2020-23828 CRITICAL POC Act Now

A File Upload vulnerability in SourceCodester Online Course Registration v1.0 allows remote attackers to achieve Remote Code Execution (RCE) on the hosting webserver by uploading a crafted PHP. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE PHP Online Course Registration
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
4.1%
CVE-2020-4703 HIGH PATCH This Week

IBM Spectrum Protect Plus 10.1.0 through 10.1.6 Administrative Console could allow an authenticated attacker to upload arbitrary files which could be execute arbitrary code on the vulnerable server. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload RCE IBM Spectrum Protect Plus
NVD
CVSS 3.1
8.0
EPSS
1.8%
CVE-2020-10228 HIGH POC This Week

A file upload vulnerability in vtecrm vtenext 19 CE allows authenticated users to upload files with a .pht extension, resulting in remote code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Vtenext
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
2.9%
CVE-2020-25287 HIGH POC This Week

Pligg 2.0.3 allows remote authenticated users to execute arbitrary commands because the template editor can edit any file, as demonstrated by an admin/admin_editor.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Pligg
NVD GitHub
CVSS 3.1
7.2
EPSS
2.7%
CVE-2020-25213 CRITICAL POC KEV PATCH THREAT Act Now

The File Manager (wp-file-manager) plugin before 6.9 for WordPress allows remote attackers to upload and execute arbitrary PHP code because it renames an unsafe example elFinder connector file to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

File Upload WordPress PHP File Manager
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
97.3%
CVE-2020-24199 CRITICAL POC Act Now

Arbitrary File Upload in the Vehicle Image Upload component in Project Worlds Car Rental Management System v1.0 allows attackers to conduct remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Car Rental Project
NVD GitHub
CVSS 3.1
9.8
EPSS
3.7%
CVE-2020-24195 CRITICAL Act Now

An Arbitrary File Upload in the Upload Image component in Sourcecodester Online Bike Rental v1.0 allows authenticated administrator to conduct remote code execution. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload RCE Online Bike Rental
NVD
CVSS 3.1
9.1
EPSS
2.9%
CVE-2020-6288 MEDIUM This Month

SAP Business Objects Business Intelligence Platform (Web Intelligence HTML interface) allows an attacker with edit document rights to upload any file (including script files) without proper file. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload SAP Businessobjects Business Intelligence Platform
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2020-24986 HIGH POC This Week

Concrete5 up to and including 8.5.2 allows Unrestricted Upload of File with Dangerous Type such as a .php file via File Manager. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Concrete Cms
NVD
CVSS 3.1
7.2
EPSS
2.0%
CVE-2020-14008 HIGH POC THREAT This Week

Zoho ManageEngine Applications Manager 14710 and before allows an authenticated admin user to upload a vulnerable jar in a specific location, which leads to remote code execution. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Zoho RCE Manageengine Applications Manager
NVD Exploit-DB
CVSS 3.1
7.2
EPSS
35.8%
CVE-2020-25042 HIGH POC THREAT Act Now

An arbitrary file upload issue exists in Mara CMS 7.5. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Maracms
NVD Exploit-DB
CVSS 3.1
7.2
EPSS
18.2%
CVE-2020-24948 HIGH POC THREAT This Week

The ao_ccss_import AJAX call in Autoptimize Wordpress Plugin 2.7.6 does not ensure that the file provided is a legitimate Zip file, allowing high privilege users to upload arbitrary files, such as. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload WordPress Autoptimize
NVD
CVSS 3.1
7.2
EPSS
13.1%
CVE-2020-14209 PHP HIGH POC PATCH THREAT This Week

Dolibarr before 11.0.5 allows low-privilege users to upload files of dangerous types, leading to arbitrary code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE PHP Dolibarr
NVD GitHub Exploit-DB
CVSS 3.1
8.8
EPSS
27.5%
CVE-2020-23829 HIGH POC This Week

interface/new/new_comprehensive_save.php in LibreHealth EHR 2.0.0 suffers from an authenticated file upload vulnerability, allowing remote attackers to achieve remote code execution (RCE) on the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE PHP Librehealth Ehr
NVD GitHub Exploit-DB
CVSS 3.1
8.8
EPSS
2.5%
CVE-2020-24203 CRITICAL POC Act Now

Insecure File Permissions and Arbitrary File Upload in the upload pic function in updatesubcategory.php in Projects World Travel Management System v1.0 allows remote unauthenticated attackers to gain. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE PHP Travel Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
3.7%
CVE-2020-24202 CRITICAL POC Act Now

File Upload component in Projects World House Rental v1.0 suffers from an arbitrary file upload vulnerability with regular users, which allows remote attackers to conduct code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE House Rental And Property Listing Project
NVD GitHub
CVSS 3.1
9.8
EPSS
2.9%
CVE-2020-24196 HIGH POC This Week

An Arbitrary File Upload in Vehicle Image Upload in Online Bike Rental v1.0 allows authenticated admin to conduct remote code execution. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Online Bike Rental
NVD
CVSS 3.1
7.2
EPSS
2.7%
CVE-2020-23972 HIGH POC THREAT This Week

In Joomla Component GMapFP Version J3.5 and J3.5free, an attacker can access the upload function without authenticating to the application and can also upload files which due to issues of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Gmapfp
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
31.4%
CVE-2020-15645 HIGH POC THREAT This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole 5.5.0.64. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Qconvergeconsole
NVD
CVSS 3.1
8.8
EPSS
10.7%
CVE-2020-24186 CRITICAL POC THREAT Emergency

A Remote Code Execution vulnerability exists in the gVectors wpDiscuz plugin 7.0 through 7.0.4 for WordPress, which allows unauthenticated users to upload any type of file, including PHP files via. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload WordPress RCE PHP Wpdiscuz
NVD Exploit-DB
CVSS 3.1
10.0
EPSS
94.5%
CVE-2020-22722 HIGH POC This Week

Rapid Software LLC Rapid SCADA 5.8.0 is affected by a local privilege escalation vulnerability in the ScadaAgentSvc.exe executable file. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

File Upload Privilege Escalation Microsoft Rapid Scada
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2020-22721 HIGH POC This Week

A File Upload Vulnerability in PNotes - Andrey Gruber PNotes.NET v3.8.1.2 allows a local attacker to execute arbitrary code via the Miscellaneous " External Programs by uploading the malicious .exe. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Pnotes Net
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2020-17462 HIGH POC This Week

CMS Made Simple 2.2.14 allows Authenticated Arbitrary File Upload because the File Manager does not block .ptar files, a related issue to CVE-2017-16798. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

File Upload Cms Made Simple
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
1.0%
CVE-2020-7302 MEDIUM This Month

Unrestricted Upload of File with Dangerous Type in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.5.3 allows authenticated attackers to upload malicious files to the DLP case management. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Data Loss Prevention
NVD
CVSS 3.1
6.4
EPSS
0.7%
CVE-2020-7301 MEDIUM This Month

Cross Site scripting vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.5.3 allows authenticated attackers to trigger alerts via the file upload tab in the DLP case. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS File Upload Data Loss Prevention
NVD
CVSS 3.1
4.6
EPSS
0.5%
CVE-2020-6293 MEDIUM This Month

SAP NetWeaver (Knowledge Management), versions - 7.30, 7.31, 7.40, 7.50, allows an unauthenticated attacker to upload a malicious file and also to access, modify or make unavailable existing files. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload SAP Netweaver Knowledge Management
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2020-15649 MEDIUM This Month

Given an installed malicious file picker application, an attacker was able to steal and upload local files of their choosing, regardless of the actually files picked. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google File Upload Mozilla Firefox Esr
NVD
CVSS 3.1
5.5
EPSS
0.7%
CVE-2020-17452 HIGH POC This Week

flatCore before 1.5.7 allows upload and execution of a .php file by an admin. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Flatcore
NVD
CVSS 3.1
7.2
EPSS
2.4%
CVE-2020-14488 HIGH This Week

OpenClinic GA 5.09.02 and 5.89.05b does not properly verify uploaded files, which may allow a low-privilege user to upload and execute arbitrary files on the system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Openclinic Ga
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2020-11476 PHP HIGH POC PATCH This Week

Concrete5 before 8.5.3 allows Unrestricted Upload of File with Dangerous Type such as a .phar file. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

File Upload Concrete Cms
NVD GitHub
CVSS 3.1
7.2
EPSS
2.9%
CVE-2020-9309 PHP HIGH This Week

Silverstripe CMS through 4.5 can be susceptible to script execution from malicious upload contents under allowed file extensions (for example HTML code in a TXT file). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Mimevalidator Recipe
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2020-14066 HIGH This Week

IceWarp Email Server 12.3.0.1 allows remote attackers to upload JavaScript files that are dangerous for clients to access. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Mail Server
NVD GitHub
CVSS 3.1
8.8
EPSS
1.8%
CVE-2020-14065 MEDIUM This Month

IceWarp Email Server 12.3.0.1 allows remote attackers to upload files and consume disk space. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Mail Server
NVD GitHub
CVSS 3.1
6.5
EPSS
1.5%
CVE-2020-12854 HIGH This Week

A remote code execution vulnerability was identified in SecZetta NEProfile 3.3.11. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload RCE Neprofile
NVD
CVSS 3.1
8.8
EPSS
3.0%
CVE-2020-14630 HIGH This Week

Vulnerability in the Oracle Enterprise Session Border Controller product of Oracle Communications Applications (component: File Upload). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Oracle Enterprise Session Border Controller
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2020-14610 HIGH PATCH This Week

Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Attachments / File Upload). Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS File Upload Oracle Authentication Bypass Applications Framework
NVD
CVSS 3.1
7.6
EPSS
0.9%
CVE-2020-1469 NuGet HIGH PATCH This Week

A denial of service vulnerability exists when the .NET implementation of Bond improperly parses input, aka 'Bond Denial of Service Vulnerability'. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload Denial Of Service Bond
NVD
CVSS 3.1
7.5
EPSS
4.8%
CVE-2020-13994 HIGH POC This Week

An issue was discovered in Mods for HESK 3.1.0 through 2019.1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Mods For Hesk
NVD
CVSS 3.1
8.8
EPSS
7.4%
CVE-2020-14173 MEDIUM This Month

The file upload feature in Atlassian Jira Server and Data Center in affected versions allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS File Upload Atlassian Jira Jira Data Center +2
NVD
CVSS 3.1
5.4
EPSS
0.9%
CVE-2020-13443 HIGH POC This Week

ExpressionEngine before 5.3.2 allows remote attackers to upload and execute arbitrary code in a .php%20 file via Compose Msg, Add attachment, and Save As Draft actions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE PHP Expressionengine
NVD GitHub
CVSS 3.1
8.8
EPSS
4.3%
CVE-2020-13887 HIGH This Week

documents_add.php in Kordil EDMS through 2.2.60rc3 allows Remote Command Execution because .php files can be uploaded to the documents folder. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload PHP Kordil Edms
NVD
CVSS 3.1
8.8
EPSS
2.4%
CVE-2020-8162 Ruby HIGH POC PATCH This Week

A client side enforcement of server side security vulnerability exists in rails < 5.2.4.2 and rails < 6.0.3.1 ActiveStorage's S3 adapter that allows the Content-Length of a direct file upload to be. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

File Upload Rails Debian Linux
NVD
CVSS 3.1
7.5
EPSS
3.1%
CVE-2020-12005 HIGH This Week

FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.00 and prior,Connected Components Workbench: Version 12 and prior, ControlFLASH: Version 14 and later, ControlFLASH Plus: Version. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Factorytalk Linx Rslinx Classic
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2020-4470 HIGH PATCH This Week

IBM Spectrum Protect Plus 10.1.0 through 10.1.5 Administrative Console could allow an authenticated attacker to upload arbitrary files which could be execute arbitrary code on the vulnerable server. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload RCE IBM Spectrum Protect Plus
NVD
CVSS 3.1
8.0
EPSS
1.9%
CVE-2020-14067 CRITICAL PATCH Act Now

The install_from_hash functionality in Navigate CMS 2.9 does not consider the .phtml extension when examining files within a ZIP archive that may contain PHP code, in check_upload in. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload PHP Navigatecms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2020-13855 HIGH POC THREAT This Week

Artica Pandora FMS 7.44 allows arbitrary file upload (leading to remote command execution) via the File Repository Manager feature. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Pandora Fms
NVD
CVSS 3.1
7.2
EPSS
27.6%
CVE-2020-13852 HIGH POC THREAT This Week

Artica Pandora FMS 7.44 allows arbitrary file upload (leading to remote command execution) via the File Manager feature. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Pandora Fms
NVD
CVSS 3.1
7.2
EPSS
27.6%
CVE-2020-12800 CRITICAL POC THREAT Emergency

The drag-and-drop-multiple-file-upload-contact-form-7 plugin before 1.3.3.3 for WordPress allows Unrestricted File Upload and remote code execution by setting supported_type to php% and uploading a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload WordPress RCE PHP Drag And Drop Multiple File Upload Contact Form 7
NVD
CVSS 3.1
9.8
EPSS
78.8%
CVE-2020-12846 HIGH This Week

Zimbra before 8.8.15 Patch 10 and 9.x before 9.0.0 Patch 3 allows remote code execution via an avatar file. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload RCE Zimbra Collaboration Suite
NVD
CVSS 3.1
8.0
EPSS
2.6%
CVE-2020-12675 HIGH This Week

The mappress-google-maps-for-wordpress plugin before 2.54.6 for WordPress does not correctly implement capability checks for AJAX functions related to creation/retrieval/deletion of PHP template. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress File Upload RCE PHP Google +1
NVD
CVSS 3.1
8.8
EPSS
2.8%
CVE-2020-13442 CRITICAL POC Act Now

A Remote code execution vulnerability exists in DEXT5Upload in DEXT5 through 2.7.1402870. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE PHP Dext5
NVD GitHub
CVSS 3.1
9.8
EPSS
2.6%
CVE-2020-13384 HIGH POC This Week

Monstra CMS 3.0.4 allows remote authenticated users to upload and execute arbitrary PHP code via admin/index.php?id=filesmanager because, for example, .php filenames are blocked but .php7 filenames. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Monstra
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
2.5%
CVE-2020-1112 CRITICAL PATCH Act Now

An elevation of privilege vulnerability exists when the Windows Background Intelligent Transfer Service (BITS) IIS module improperly handles uploaded content, aka 'Windows Background Intelligent. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload Microsoft Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
9.9
EPSS
3.7%
CVE-2020-1102 HIGH PATCH This Week

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload RCE Microsoft Sharepoint Enterprise Server Sharepoint Server
NVD
CVSS 3.1
8.8
EPSS
15.1%
CVE-2020-1024 HIGH PATCH This Week

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload RCE Microsoft Sharepoint Enterprise Server Sharepoint Foundation +1
NVD
CVSS 3.1
8.8
EPSS
10.4%
CVE-2020-1023 HIGH PATCH This Week

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload RCE Microsoft Sharepoint Enterprise Server Sharepoint Foundation +1
NVD
CVSS 3.1
8.8
EPSS
10.4%
CVE-2020-12828 CRITICAL Act Now

An issue was discovered in AnchorFree VPN SDK before 1.3.3.218. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Virtual Private Network Software Development Kit
NVD
CVSS 3.1
9.8
EPSS
3.3%
CVE-2020-13241 PHP HIGH POC This Week

Microweber 1.1.18 allows Unrestricted File Upload because admin/view:modules/load_module:users#edit-user=1 does not verify that the file extension (used with the Add Image option on the Edit User. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

File Upload Microweber
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2020-11807 HIGH POC PATCH This Week

Because of Unrestricted Upload of a File with a Dangerous Type, Sourcefabric Newscoop 4.4.7 allows an authenticated user to execute arbitrary PHP code (and sometimes terminal commands) on a server by. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

File Upload PHP Newscoop
NVD GitHub
CVSS 3.1
7.8
EPSS
0.7%
CVE-2020-12255 HIGH This Week

rConfig 3.9.4 is vulnerable to remote code execution due to improper validation in the file upload functionality. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload RCE PHP Rconfig
NVD GitHub
CVSS 3.1
8.8
EPSS
52.6%
CVE-2020-13128 HIGH POC This Week

An issue was discovered in Manolo GWTUpload 1.0.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Java Denial Of Service Gwtupload
NVD GitHub
CVSS 3.1
7.5
EPSS
1.6%
CVE-2020-13126 CRITICAL Act Now

An issue was discovered in the Elementor Pro plugin before 2.9.4 for WordPress, as exploited in the wild in May 2020 in conjunction with CVE-2020-13125. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload WordPress RCE Elementor Page Builder
NVD
CVSS 3.1
9.9
EPSS
8.6%
CVE-2020-5577 HIGH This Week

Movable Type series (Movable Type 7 r.4606 (7.2.1) and earlier (Movable Type 7), Movable Type Advanced 7 r.4606 (7.2.1) and earlier (Movable Type Advanced 7), Movable Type for AWS 7 r.4606 (7.2.1). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload PHP Movable Type
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2020-11069 PHP HIGH PATCH This Week

In TYPO3 CMS 9.0.0 through 9.5.16 and 10.0.0 through 10.4.1, it has been discovered that the backend user interface and install tool are vulnerable to a same-site request forgery. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS File Upload CSRF Typo3
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2020-11108 HIGH POC THREAT Act Now

The Gravity updater in Pi-hole through 4.4 allows an authenticated adversary to upload arbitrary files. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE PHP Pi Hole
NVD GitHub Exploit-DB
CVSS 3.1
8.8
EPSS
78.3%
CVE-2020-5880 HIGH This Week

Om BIG-IP 15.0.0-15.0.1.3 and 14.1.0-14.1.2.3, the restjavad process may expose a way for attackers to upload arbitrary files on the BIG-IP system, bypassing the authorization system. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Analytics Big Ip Application Acceleration Manager +7
NVD
CVSS 3.1
7.1
EPSS
1.3%
CVE-2020-11943 HIGH POC THREAT This Week

An issue was discovered in Open-AudIT 3.2.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Open Audit
NVD
CVSS 3.1
8.8
EPSS
23.9%
CVE-2020-12252 MEDIUM This Month

An issue was discovered in Gigamon GigaVUE 5.5.01.11. Rated medium severity (CVSS 6.2), this vulnerability is remotely exploitable. No vendor patch available.

File Upload RCE Gigavue
NVD
CVSS 3.1
6.2
EPSS
2.0%
CVE-2020-11817 CRITICAL POC Act Now

In Rukovoditel V2.5.2, attackers can upload an arbitrary file to the server just changing the the content-type value. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Rukovoditel
NVD
CVSS 3.1
9.8
EPSS
2.0%
CVE-2020-12077 HIGH POC This Week

The mappress-google-maps-for-wordpress plugin before 2.53.9 for WordPress does not correctly implement AJAX functions with nonces (or capability checks), leading to remote code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Google File Upload WordPress RCE Mappress
NVD
CVSS 3.1
8.8
EPSS
5.6%
CVE-2020-7055 CRITICAL POC Act Now

An issue was discovered in Elementor 2.7.4. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Elementor Page Builder
NVD
CVSS 3.1
9.9
EPSS
3.1%
CVE-2020-11011 HIGH PATCH This Week

In Phproject before version 1.7.8, there's a vulnerability which allows users with access to file uploads to execute arbitrary code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload RCE Phproject
NVD GitHub
CVSS 3.1
8.8
EPSS
1.9%
CVE-2020-10569 CRITICAL POC Act Now

SysAid On-Premise 20.1.11, by default, allows the AJP protocol port, which is vulnerable to a GhostCat attack. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload On Premise
NVD
CVSS 3.1
9.8
EPSS
3.2%
CVE-2020-11815 CRITICAL POC Act Now

In Rukovoditel 2.5.2, attackers can upload arbitrary file to the server by just changing the content-type value. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Rukovoditel
NVD
CVSS 3.1
9.8
EPSS
2.3%
CVE-2020-11811 CRITICAL POC Act Now

In qdPM 9.1, an attacker can upload a malicious .php file to the server by exploiting the Add Profile Photo capability with a crafted content-type value. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Qdpm
NVD
CVSS 3.1
9.8
EPSS
3.0%
CVE-2020-9280 PHP HIGH PATCH This Week

In SilverStripe through 4.5, files uploaded via Forms to folders migrated from Silverstripe CMS 3.x may be put to the default "/Uploads" folder instead. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Silverstripe
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2020-0974 HIGH PATCH This Week

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload RCE Microsoft Sharepoint Enterprise Server Sharepoint Server
NVD
CVSS 3.1
8.8
EPSS
10.7%
CVE-2020-0971 HIGH PATCH This Week

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload RCE Microsoft Sharepoint Enterprise Server Sharepoint Foundation +1
NVD
CVSS 3.1
8.8
EPSS
13.2%
CVE-2020-0932 HIGH PATCH This Week

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload RCE Microsoft Sharepoint Enterprise Server Sharepoint Foundation +1
NVD
CVSS 3.1
8.8
EPSS
31.2%
CVE-2020-0931 HIGH PATCH This Week

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload RCE Microsoft Business Productivity Servers Sharepoint Enterprise Server +2
NVD
CVSS 3.1
8.8
EPSS
10.7%
CVE-2020-0929 HIGH PATCH This Week

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload RCE Microsoft Sharepoint Enterprise Server Sharepoint Foundation +1
NVD
CVSS 3.1
8.8
EPSS
10.7%
CVE-2020-0920 HIGH PATCH This Week

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload RCE Microsoft Sharepoint Enterprise Server Sharepoint Foundation +1
NVD
CVSS 3.1
8.8
EPSS
10.4%
CVE-2020-2866 MEDIUM This Month

Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Attachments / File Upload). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Oracle Applications Framework
NVD
CVSS 3.1
5.3
EPSS
1.1%
CVE-2020-10507 CRITICAL Act Now

The School Manage System before 2020, developed by ALLE INFORMATION CO., LTD., contains a vulnerability of Unrestricted file upload (RCE) , that would allow attackers to gain access in the hosting. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload The School Manage System
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2020-11722 CRITICAL PATCH Act Now

Dungeon Crawl Stone Soup (aka DCSS or crawl) before 0.25 allows remote attackers to execute arbitrary code via Lua bytecode embedded in an uploaded .crawlrc file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload RCE Dungeon Crawl Stone Soup
NVD GitHub
CVSS 3.1
9.8
EPSS
3.9%
CVE-2020-10621 CRITICAL Act Now

Multiple issues exist that allow files to be uploaded and executed on the WebAccess/NMS (versions prior to 3.0.2). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Webaccess Nms
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2020-11544 HIGH POC This Week

An issue was discovered in Project Worlds Official Car Rental System 1. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Official Car Rental System
NVD
CVSS 3.1
7.2
EPSS
1.1%
EPSS 16% CVSS 7.2
HIGH POC THREAT This Week

Typesetter CMS 5.x through 5.1 allows admins to upload and execute arbitrary PHP code via a .php file inside a ZIP archive. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Typesetter
NVD GitHub Exploit-DB
EPSS 3% CVSS 7.2
HIGH POC PATCH This Week

SOY CMS 3.0.2 and earlier is affected by Remote Code Execution (RCE) using Unrestricted File Upload. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS File Upload RCE +1
NVD GitHub
EPSS 2% CVSS 7.5
HIGH This Week

webTareas through 2.1 allows upload of the dangerous .exe and .shtml file types. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Webtareas
NVD
EPSS 4% CVSS 9.8
CRITICAL POC Act Now

A File Upload vulnerability in SourceCodester Online Course Registration v1.0 allows remote attackers to achieve Remote Code Execution (RCE) on the hosting webserver by uploading a crafted PHP. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE PHP +1
NVD Exploit-DB
EPSS 2% CVSS 8.0
HIGH PATCH This Week

IBM Spectrum Protect Plus 10.1.0 through 10.1.6 Administrative Console could allow an authenticated attacker to upload arbitrary files which could be execute arbitrary code on the vulnerable server. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload RCE IBM +1
NVD
EPSS 3% CVSS 8.8
HIGH POC This Week

A file upload vulnerability in vtecrm vtenext 19 CE allows authenticated users to upload files with a .pht extension, resulting in remote code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Vtenext
NVD Exploit-DB
EPSS 3% CVSS 7.2
HIGH POC This Week

Pligg 2.0.3 allows remote authenticated users to execute arbitrary commands because the template editor can edit any file, as demonstrated by an admin/admin_editor.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Pligg
NVD GitHub
EPSS 97% CVSS 9.8
CRITICAL POC KEV PATCH THREAT Act Now

The File Manager (wp-file-manager) plugin before 6.9 for WordPress allows remote attackers to upload and execute arbitrary PHP code because it renames an unsafe example elFinder connector file to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

File Upload WordPress PHP +1
NVD GitHub Exploit-DB
EPSS 4% CVSS 9.8
CRITICAL POC Act Now

Arbitrary File Upload in the Vehicle Image Upload component in Project Worlds Car Rental Management System v1.0 allows attackers to conduct remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Car Rental Project
NVD GitHub
EPSS 3% CVSS 9.1
CRITICAL Act Now

An Arbitrary File Upload in the Upload Image component in Sourcecodester Online Bike Rental v1.0 allows authenticated administrator to conduct remote code execution. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload RCE Online Bike Rental
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

SAP Business Objects Business Intelligence Platform (Web Intelligence HTML interface) allows an attacker with edit document rights to upload any file (including script files) without proper file. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload SAP Businessobjects Business Intelligence Platform
NVD
EPSS 2% CVSS 7.2
HIGH POC This Week

Concrete5 up to and including 8.5.2 allows Unrestricted Upload of File with Dangerous Type such as a .php file via File Manager. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Concrete Cms
NVD
EPSS 36% CVSS 7.2
HIGH POC THREAT This Week

Zoho ManageEngine Applications Manager 14710 and before allows an authenticated admin user to upload a vulnerable jar in a specific location, which leads to remote code execution. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Zoho RCE +1
NVD Exploit-DB
EPSS 18% CVSS 7.2
HIGH POC THREAT Act Now

An arbitrary file upload issue exists in Mara CMS 7.5. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Maracms
NVD Exploit-DB
EPSS 13% CVSS 7.2
HIGH POC THREAT This Week

The ao_ccss_import AJAX call in Autoptimize Wordpress Plugin 2.7.6 does not ensure that the file provided is a legitimate Zip file, allowing high privilege users to upload arbitrary files, such as. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload WordPress Autoptimize
NVD
EPSS 27% CVSS 8.8
HIGH POC PATCH THREAT This Week

Dolibarr before 11.0.5 allows low-privilege users to upload files of dangerous types, leading to arbitrary code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE PHP +1
NVD GitHub Exploit-DB
EPSS 3% CVSS 8.8
HIGH POC This Week

interface/new/new_comprehensive_save.php in LibreHealth EHR 2.0.0 suffers from an authenticated file upload vulnerability, allowing remote attackers to achieve remote code execution (RCE) on the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE PHP +1
NVD GitHub Exploit-DB
EPSS 4% CVSS 9.8
CRITICAL POC Act Now

Insecure File Permissions and Arbitrary File Upload in the upload pic function in updatesubcategory.php in Projects World Travel Management System v1.0 allows remote unauthenticated attackers to gain. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE PHP +1
NVD GitHub
EPSS 3% CVSS 9.8
CRITICAL POC Act Now

File Upload component in Projects World House Rental v1.0 suffers from an arbitrary file upload vulnerability with regular users, which allows remote attackers to conduct code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE House Rental And Property Listing Project
NVD GitHub
EPSS 3% CVSS 7.2
HIGH POC This Week

An Arbitrary File Upload in Vehicle Image Upload in Online Bike Rental v1.0 allows authenticated admin to conduct remote code execution. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Online Bike Rental
NVD
EPSS 31% CVSS 7.5
HIGH POC THREAT This Week

In Joomla Component GMapFP Version J3.5 and J3.5free, an attacker can access the upload function without authenticating to the application and can also upload files which due to issues of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Gmapfp
NVD Exploit-DB
EPSS 11% CVSS 8.8
HIGH POC THREAT This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole 5.5.0.64. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Qconvergeconsole
NVD
EPSS 95% CVSS 10.0
CRITICAL POC THREAT Emergency

A Remote Code Execution vulnerability exists in the gVectors wpDiscuz plugin 7.0 through 7.0.4 for WordPress, which allows unauthenticated users to upload any type of file, including PHP files via. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload WordPress RCE +2
NVD Exploit-DB
EPSS 0% CVSS 7.8
HIGH POC This Week

Rapid Software LLC Rapid SCADA 5.8.0 is affected by a local privilege escalation vulnerability in the ScadaAgentSvc.exe executable file. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

File Upload Privilege Escalation Microsoft +1
NVD
EPSS 0% CVSS 7.8
HIGH POC This Week

A File Upload Vulnerability in PNotes - Andrey Gruber PNotes.NET v3.8.1.2 allows a local attacker to execute arbitrary code via the Miscellaneous " External Programs by uploading the malicious .exe. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Pnotes Net
NVD
EPSS 1% CVSS 7.8
HIGH POC This Week

CMS Made Simple 2.2.14 allows Authenticated Arbitrary File Upload because the File Manager does not block .ptar files, a related issue to CVE-2017-16798. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

File Upload Cms Made Simple
NVD Exploit-DB
EPSS 1% CVSS 6.4
MEDIUM This Month

Unrestricted Upload of File with Dangerous Type in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.5.3 allows authenticated attackers to upload malicious files to the DLP case management. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Data Loss Prevention
NVD
EPSS 1% CVSS 4.6
MEDIUM This Month

Cross Site scripting vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.5.3 allows authenticated attackers to trigger alerts via the file upload tab in the DLP case. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS File Upload Data Loss Prevention
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

SAP NetWeaver (Knowledge Management), versions - 7.30, 7.31, 7.40, 7.50, allows an unauthenticated attacker to upload a malicious file and also to access, modify or make unavailable existing files. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload SAP Netweaver Knowledge Management
NVD
EPSS 1% CVSS 5.5
MEDIUM This Month

Given an installed malicious file picker application, an attacker was able to steal and upload local files of their choosing, regardless of the actually files picked. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google File Upload Mozilla +1
NVD
EPSS 2% CVSS 7.2
HIGH POC This Week

flatCore before 1.5.7 allows upload and execution of a .php file by an admin. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Flatcore
NVD
EPSS 2% CVSS 8.8
HIGH This Week

OpenClinic GA 5.09.02 and 5.89.05b does not properly verify uploaded files, which may allow a low-privilege user to upload and execute arbitrary files on the system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Openclinic Ga
NVD
EPSS 3% CVSS 7.2
HIGH POC PATCH This Week

Concrete5 before 8.5.3 allows Unrestricted Upload of File with Dangerous Type such as a .phar file. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

File Upload Concrete Cms
NVD GitHub
EPSS 2% CVSS 8.8
HIGH This Week

Silverstripe CMS through 4.5 can be susceptible to script execution from malicious upload contents under allowed file extensions (for example HTML code in a TXT file). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Mimevalidator Recipe
NVD
EPSS 2% CVSS 8.8
HIGH This Week

IceWarp Email Server 12.3.0.1 allows remote attackers to upload JavaScript files that are dangerous for clients to access. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Mail Server
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM This Month

IceWarp Email Server 12.3.0.1 allows remote attackers to upload files and consume disk space. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Mail Server
NVD GitHub
EPSS 3% CVSS 8.8
HIGH This Week

A remote code execution vulnerability was identified in SecZetta NEProfile 3.3.11. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload RCE Neprofile
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Vulnerability in the Oracle Enterprise Session Border Controller product of Oracle Communications Applications (component: File Upload). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Oracle Enterprise Session Border Controller
NVD
EPSS 1% CVSS 7.6
HIGH PATCH This Week

Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Attachments / File Upload). Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS File Upload Oracle +2
NVD
EPSS 5% CVSS 7.5
HIGH PATCH This Week

A denial of service vulnerability exists when the .NET implementation of Bond improperly parses input, aka 'Bond Denial of Service Vulnerability'. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload Denial Of Service Bond
NVD
EPSS 7% CVSS 8.8
HIGH POC This Week

An issue was discovered in Mods for HESK 3.1.0 through 2019.1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Mods For Hesk
NVD
EPSS 1% CVSS 5.4
MEDIUM This Month

The file upload feature in Atlassian Jira Server and Data Center in affected versions allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS File Upload Atlassian +4
NVD
EPSS 4% CVSS 8.8
HIGH POC This Week

ExpressionEngine before 5.3.2 allows remote attackers to upload and execute arbitrary code in a .php%20 file via Compose Msg, Add attachment, and Save As Draft actions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE PHP +1
NVD GitHub
EPSS 2% CVSS 8.8
HIGH This Week

documents_add.php in Kordil EDMS through 2.2.60rc3 allows Remote Command Execution because .php files can be uploaded to the documents folder. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload PHP Kordil Edms
NVD
EPSS 3% CVSS 7.5
HIGH POC PATCH This Week

A client side enforcement of server side security vulnerability exists in rails < 5.2.4.2 and rails < 6.0.3.1 ActiveStorage's S3 adapter that allows the Content-Length of a direct file upload to be. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

File Upload Rails Debian Linux
NVD
EPSS 2% CVSS 7.5
HIGH This Week

FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.00 and prior,Connected Components Workbench: Version 12 and prior, ControlFLASH: Version 14 and later, ControlFLASH Plus: Version. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Factorytalk Linx Rslinx Classic
NVD
EPSS 2% CVSS 8.0
HIGH PATCH This Week

IBM Spectrum Protect Plus 10.1.0 through 10.1.5 Administrative Console could allow an authenticated attacker to upload arbitrary files which could be execute arbitrary code on the vulnerable server. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload RCE IBM +1
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

The install_from_hash functionality in Navigate CMS 2.9 does not consider the .phtml extension when examining files within a ZIP archive that may contain PHP code, in check_upload in. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload PHP Navigatecms
NVD GitHub
EPSS 28% CVSS 7.2
HIGH POC THREAT This Week

Artica Pandora FMS 7.44 allows arbitrary file upload (leading to remote command execution) via the File Repository Manager feature. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Pandora Fms
NVD
EPSS 28% CVSS 7.2
HIGH POC THREAT This Week

Artica Pandora FMS 7.44 allows arbitrary file upload (leading to remote command execution) via the File Manager feature. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Pandora Fms
NVD
EPSS 79% CVSS 9.8
CRITICAL POC THREAT Emergency

The drag-and-drop-multiple-file-upload-contact-form-7 plugin before 1.3.3.3 for WordPress allows Unrestricted File Upload and remote code execution by setting supported_type to php% and uploading a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload WordPress RCE +2
NVD
EPSS 3% CVSS 8.0
HIGH This Week

Zimbra before 8.8.15 Patch 10 and 9.x before 9.0.0 Patch 3 allows remote code execution via an avatar file. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload RCE Zimbra Collaboration Suite
NVD
EPSS 3% CVSS 8.8
HIGH This Week

The mappress-google-maps-for-wordpress plugin before 2.54.6 for WordPress does not correctly implement capability checks for AJAX functions related to creation/retrieval/deletion of PHP template. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress File Upload RCE +3
NVD
EPSS 3% CVSS 9.8
CRITICAL POC Act Now

A Remote code execution vulnerability exists in DEXT5Upload in DEXT5 through 2.7.1402870. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE PHP +1
NVD GitHub
EPSS 3% CVSS 8.8
HIGH POC This Week

Monstra CMS 3.0.4 allows remote authenticated users to upload and execute arbitrary PHP code via admin/index.php?id=filesmanager because, for example, .php filenames are blocked but .php7 filenames. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Monstra
NVD Exploit-DB
EPSS 4% CVSS 9.9
CRITICAL PATCH Act Now

An elevation of privilege vulnerability exists when the Windows Background Intelligent Transfer Service (BITS) IIS module improperly handles uploaded content, aka 'Windows Background Intelligent. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload Microsoft Windows 10 +7
NVD
EPSS 15% CVSS 8.8
HIGH PATCH This Week

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload RCE Microsoft +2
NVD
EPSS 10% CVSS 8.8
HIGH PATCH This Week

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload RCE Microsoft +3
NVD
EPSS 10% CVSS 8.8
HIGH PATCH This Week

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload RCE Microsoft +3
NVD
EPSS 3% CVSS 9.8
CRITICAL Act Now

An issue was discovered in AnchorFree VPN SDK before 1.3.3.218. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Virtual Private Network Software Development Kit
NVD
EPSS 0% CVSS 7.8
HIGH POC This Week

Microweber 1.1.18 allows Unrestricted File Upload because admin/view:modules/load_module:users#edit-user=1 does not verify that the file extension (used with the Add Image option on the Edit User. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

File Upload Microweber
NVD GitHub
EPSS 1% CVSS 7.8
HIGH POC PATCH This Week

Because of Unrestricted Upload of a File with a Dangerous Type, Sourcefabric Newscoop 4.4.7 allows an authenticated user to execute arbitrary PHP code (and sometimes terminal commands) on a server by. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

File Upload PHP Newscoop
NVD GitHub
EPSS 53% CVSS 8.8
HIGH This Week

rConfig 3.9.4 is vulnerable to remote code execution due to improper validation in the file upload functionality. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload RCE PHP +1
NVD GitHub
EPSS 2% CVSS 7.5
HIGH POC This Week

An issue was discovered in Manolo GWTUpload 1.0.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Java Denial Of Service +1
NVD GitHub
EPSS 9% CVSS 9.9
CRITICAL Act Now

An issue was discovered in the Elementor Pro plugin before 2.9.4 for WordPress, as exploited in the wild in May 2020 in conjunction with CVE-2020-13125. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload WordPress RCE +1
NVD
EPSS 2% CVSS 8.8
HIGH This Week

Movable Type series (Movable Type 7 r.4606 (7.2.1) and earlier (Movable Type 7), Movable Type Advanced 7 r.4606 (7.2.1) and earlier (Movable Type Advanced 7), Movable Type for AWS 7 r.4606 (7.2.1). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload PHP Movable Type
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

In TYPO3 CMS 9.0.0 through 9.5.16 and 10.0.0 through 10.4.1, it has been discovered that the backend user interface and install tool are vulnerable to a same-site request forgery. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS File Upload CSRF +1
NVD GitHub
EPSS 78% CVSS 8.8
HIGH POC THREAT Act Now

The Gravity updater in Pi-hole through 4.4 allows an authenticated adversary to upload arbitrary files. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE PHP +1
NVD GitHub Exploit-DB
EPSS 1% CVSS 7.1
HIGH This Week

Om BIG-IP 15.0.0-15.0.1.3 and 14.1.0-14.1.2.3, the restjavad process may expose a way for attackers to upload arbitrary files on the BIG-IP system, bypassing the authorization system. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Big Ip Access Policy Manager Big Ip Advanced Firewall Manager +9
NVD
EPSS 24% CVSS 8.8
HIGH POC THREAT This Week

An issue was discovered in Open-AudIT 3.2.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Open Audit
NVD
EPSS 2% CVSS 6.2
MEDIUM This Month

An issue was discovered in Gigamon GigaVUE 5.5.01.11. Rated medium severity (CVSS 6.2), this vulnerability is remotely exploitable. No vendor patch available.

File Upload RCE Gigavue
NVD
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

In Rukovoditel V2.5.2, attackers can upload an arbitrary file to the server just changing the the content-type value. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Rukovoditel
NVD
EPSS 6% CVSS 8.8
HIGH POC This Week

The mappress-google-maps-for-wordpress plugin before 2.53.9 for WordPress does not correctly implement AJAX functions with nonces (or capability checks), leading to remote code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Google File Upload WordPress +2
NVD
EPSS 3% CVSS 9.9
CRITICAL POC Act Now

An issue was discovered in Elementor 2.7.4. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Elementor Page Builder
NVD
EPSS 2% CVSS 8.8
HIGH PATCH This Week

In Phproject before version 1.7.8, there's a vulnerability which allows users with access to file uploads to execute arbitrary code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload RCE Phproject
NVD GitHub
EPSS 3% CVSS 9.8
CRITICAL POC Act Now

SysAid On-Premise 20.1.11, by default, allows the AJP protocol port, which is vulnerable to a GhostCat attack. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload On Premise
NVD
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

In Rukovoditel 2.5.2, attackers can upload arbitrary file to the server by just changing the content-type value. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Rukovoditel
NVD
EPSS 3% CVSS 9.8
CRITICAL POC Act Now

In qdPM 9.1, an attacker can upload a malicious .php file to the server by exploiting the Add Profile Photo capability with a crafted content-type value. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Qdpm
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

In SilverStripe through 4.5, files uploaded via Forms to folders migrated from Silverstripe CMS 3.x may be put to the default "/Uploads" folder instead. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Silverstripe
NVD
EPSS 11% CVSS 8.8
HIGH PATCH This Week

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload RCE Microsoft +2
NVD
EPSS 13% CVSS 8.8
HIGH PATCH This Week

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload RCE Microsoft +3
NVD
EPSS 31% CVSS 8.8
HIGH PATCH This Week

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload RCE Microsoft +3
NVD
EPSS 11% CVSS 8.8
HIGH PATCH This Week

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload RCE Microsoft +4
NVD
EPSS 11% CVSS 8.8
HIGH PATCH This Week

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload RCE Microsoft +3
NVD
EPSS 10% CVSS 8.8
HIGH PATCH This Week

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload RCE Microsoft +3
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Attachments / File Upload). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Oracle Applications Framework
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

The School Manage System before 2020, developed by ALLE INFORMATION CO., LTD., contains a vulnerability of Unrestricted file upload (RCE) , that would allow attackers to gain access in the hosting. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload The School Manage System
NVD
EPSS 4% CVSS 9.8
CRITICAL PATCH Act Now

Dungeon Crawl Stone Soup (aka DCSS or crawl) before 0.25 allows remote attackers to execute arbitrary code via Lua bytecode embedded in an uploaded .crawlrc file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload RCE Dungeon Crawl Stone Soup
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL Act Now

Multiple issues exist that allow files to be uploaded and executed on the WebAccess/NMS (versions prior to 3.0.2). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Webaccess Nms
NVD
EPSS 1% CVSS 7.2
HIGH POC This Week

An issue was discovered in Project Worlds Official Car Rental System 1. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Official Car Rental System
NVD
Prev Page 38 of 45 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy