Skip to main content

File Upload

4034 CVEs technique

Monthly

CVE-2020-8639 HIGH POC PATCH THREAT This Week

An unrestricted file upload vulnerability in keywordsImport.php in TestLink 1.9.20 allows remote attackers to execute arbitrary code by uploading a file with an executable extension. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

File Upload RCE PHP Testlink
NVD GitHub Exploit-DB
CVSS 3.1
8.8
EPSS
15.9%
CVE-2020-11451 HIGH POC PATCH This Week

The Upload Visualization plugin in the Microstrategy Web 10.4 admin panel allows an administrator to upload a ZIP archive containing files with arbitrary extensions and data. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

File Upload SSRF Microstrategy Web
NVD
CVSS 3.1
7.2
EPSS
2.7%
CVE-2020-6008 CRITICAL Act Now

LifterLMS Wordpress plugin version below 3.37.15 is vulnerable to arbitrary file write leading to remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload WordPress RCE Lifterlms
NVD
CVSS 3.1
9.8
EPSS
3.8%
CVE-2020-10964 CRITICAL Act Now

Serendipity before 2.3.4 on Windows allows remote attackers to execute arbitrary code because the filename of a renamed file may end with a dot. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload RCE Microsoft PHP Serendipity
NVD GitHub
CVSS 3.1
9.8
EPSS
2.8%
CVE-2020-10963 PHP HIGH POC THREAT This Week

FrozenNode Laravel-Administrator through 5.0.12 allows unrestricted file upload (and consequently Remote Code Execution) via admin/tips_image/image/file_upload image upload with PHP content within a. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE PHP Laravel Administrator
NVD Exploit-DB
CVSS 3.1
7.2
EPSS
14.7%
CVE-2020-10934 HIGH This Week

Acyba AcyMailing before 6.9.2 mishandles file uploads by admins. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Acymailing
NVD
CVSS 3.1
7.2
EPSS
1.3%
CVE-2020-8866 MEDIUM POC This Month

This vulnerability allows remote attackers to create arbitrary files on affected installations of Horde Groupware Webmail Edition 5.2.22. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Groupware Horde Form Debian Linux
NVD Exploit-DB
CVSS 3.1
6.5
EPSS
9.6%
CVE-2020-8511 HIGH POC This Week

In Artica Pandora FMS through 7.42, Web Admin users can execute arbitrary code by uploading a .php file via the File Repository component, a different issue than CVE-2020-7935 and CVE-2020-8500. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE PHP Pandora Fms
NVD
CVSS 3.1
7.2
EPSS
3.1%
CVE-2020-7935 HIGH POC This Week

Artica Pandora FMS through 7.42 is vulnerable to remote PHP code execution because of an Unrestricted Upload Of A File With A Dangerous Type issue in the File Manager. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE PHP Pandora Fms
NVD
CVSS 3.1
7.2
EPSS
3.1%
CVE-2020-10806 PHP CRITICAL PATCH Act Now

eZ Publish Kernel before 5.4.14.1, 6.x before 6.13.6.2, and 7.x before 7.5.6.2 and eZ Publish Legacy before 5.4.14.1, 2017 before 2017.12.7.2, and 2019 before 2019.03.4.2 allow remote attackers to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload RCE PHP Ez Publish Kernel Ez Publish Legacy
NVD
CVSS 3.1
9.8
EPSS
2.3%
CVE-2020-10682 HIGH POC This Week

The Filemanager in CMS Made Simple 2.2.13 allows remote code execution via a .php.jpegd JPEG file, as demonstrated by m1_files[] to admin/moduleinterface.php. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE PHP Cms Made Simple
NVD
CVSS 3.1
7.8
EPSS
1.9%
CVE-2020-9423 CRITICAL POC Act Now

LogicalDoc before 8.3.3 could allow an attacker to upload arbitrary files, leading to command execution or retrieval of data from the database. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Logicaldoc
NVD
CVSS 3.1
9.8
EPSS
4.9%
CVE-2020-9472 NuGet MEDIUM POC PATCH This Month

Umbraco CMS 8.5.3 allows an authenticated file upload (and consequently Remote Code Execution) via the Install Package functionality. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Umbraco Cms
NVD
CVSS 3.1
6.5
EPSS
2.1%
CVE-2020-9471 NuGet HIGH POC This Week

Umbraco Cloud 8.5.3 allows an authenticated file upload (and consequently Remote Code Execution) via the Install Packages functionality. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Umbraco Cms
NVD
CVSS 3.1
8.8
EPSS
2.3%
CVE-2020-5844 HIGH POC THREAT This Week

index.php?sec=godmode/extensions&sec2=extensions/files_repo in Pandora FMS v7.0 NG allows authenticated administrators to upload malicious PHP scripts, and execute them via base64 decoding of the. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Pandora Fms
NVD GitHub Exploit-DB
CVSS 3.1
7.2
EPSS
30.3%
CVE-2020-10557 HIGH POC This Week

An issue was discovered in AContent through 1.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Acontent
NVD GitHub
CVSS 3.1
8.8
EPSS
1.4%
CVE-2020-10564 CRITICAL POC Act Now

An issue was discovered in the File Upload plugin before 4.13.0 for WordPress. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload WordPress RCE Path Traversal Wordpress File Upload
NVD GitHub
CVSS 3.1
9.8
EPSS
8.6%
CVE-2020-10562 HIGH PATCH This Week

An issue was discovered in DEVOME GRR before 3.4.1c. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload PHP Grr
NVD GitHub
CVSS 3.1
7.2
EPSS
1.5%
CVE-2020-10386 HIGH POC THREAT This Week

admin/imagepaster/image-upload.php in Chadha PHPKB Standard Multi-Language 9 allows remote attackers to achieve Code Execution by uploading a .php file in the admin/js/ directory. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE PHP Phpkb
NVD Exploit-DB
CVSS 3.1
7.2
EPSS
12.3%
CVE-2020-10225 CRITICAL POC Act Now

An unauthenticated file upload vulnerability has been identified in admin/gallery.php in PHPGurukul Job Portal 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Job Portal
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
4.3%
CVE-2020-10224 CRITICAL POC Act Now

An unauthenticated file upload vulnerability has been identified in admin_add.php in PHPGurukul Online Book Store 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Online Book Store
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
5.5%
CVE-2020-9380 CRITICAL POC Act Now

IPTV Smarters WEB TV PLAYER through 2020-02-22 allows attackers to execute OS commands by uploading a script. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Web Tv Player
NVD GitHub
CVSS 3.1
9.8
EPSS
4.0%
CVE-2020-10103 MEDIUM PATCH This Month

An XSS issue was discovered in Zammad 3.0 through 3.2. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS File Upload Zammad
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2020-8500 HIGH POC This Week

In Artica Pandora FMS 7.42, Web Admin users can execute arbitrary code by uploading a .php file via the Updater or Extension component. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE PHP Pandora Fms
NVD
CVSS 3.1
7.2
EPSS
3.5%
CVE-2020-9447 Maven MEDIUM POC This Month

There is an XSS (cross-site scripting) vulnerability in GwtUpload 1.0.3 in the file upload functionality. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS File Upload Gwtupload
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-7062 HIGH POC This Week

In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when using file upload functionality, if upload progress tracking is enabled, but session.upload_progress.cleanup is set. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Null Pointer Dereference Denial Of Service PHP Leap +2
NVD
CVSS 3.1
7.5
EPSS
3.5%
CVE-2020-1938 Maven CRITICAL POC KEV PATCH THREAT Act Now

When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Apache File Upload RCE Tomcat Geode +19
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
99.3%
CVE-2020-5188 NuGet MEDIUM POC This Month

DNN (formerly DotNetNuke) through 9.4.4 has Insecure Permissions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Dotnetnuke
NVD GitHub
CVSS 3.1
6.5
EPSS
1.8%
CVE-2020-9320 MEDIUM This Month

Avira AV Engine before 8.3.54.138 allows virus-detection bypass via a crafted ISO archive. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

File Upload Microsoft Anti Malware Sdk Antivirus Server Avira Antivirus For Endpoint +5
NVD
CVSS 3.1
5.5
EPSS
2.9%
CVE-2020-6975 MEDIUM This Month

Digi International ConnectPort LTS 32 MEI, Firmware Version 1.4.3 (82002228_K 08/09/2018), bios Version 1.2. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Connectport Lts 32 Mei Bios Connectport Lts 32 Mei Firmware
NVD
CVSS 3.1
4.9
EPSS
0.8%
CVE-2020-8440 CRITICAL POC Act Now

controllers/page_apply.php in Simplejobscript.com SJS through 1.66 is prone to unauthenticated Remote Code Execution by uploading a PHP script as a resume. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE PHP Simplejobscript
NVD GitHub
CVSS 3.1
9.8
EPSS
2.8%
CVE-2020-7998 HIGH This Week

An arbitrary file upload vulnerability has been discovered in the Super File Explorer app 1.0.1 for iOS. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Super File Explorer
NVD GitHub
CVSS 3.1
8.8
EPSS
1.5%
CVE-2020-6965 CRITICAL Act Now

In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Central Station (CSCS) Versions 1.X,. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Apexpro Telemetry Server Firmware Carescape B450 Monitor Firmware Carescape B650 Monitor Firmware Carescape B850 Monitor Firmware +5
NVD
CVSS 3.1
9.9
EPSS
1.1%
CVE-2020-2730 MEDIUM PATCH This Month

Vulnerability in the Oracle Financial Services Revenue Management and Billing product of Oracle Financial Services Applications (component: File Upload). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload Oracle Revenue Management And Billing
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2020-2666 MEDIUM PATCH This Month

Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Attachments / File Upload). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

File Upload Oracle Applications Framework
NVD
CVSS 3.1
5.3
EPSS
1.3%
CVE-2020-2566 MEDIUM PATCH This Month

Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Attachments / File Upload). Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

File Upload Oracle Applications Framework
NVD
CVSS 3.1
4.7
EPSS
1.1%
CVE-2020-5509 HIGH POC This Week

PHPGurukul Car Rental Project v1.0 allows Remote Code Execution via an executable file in an upload of a new profile image. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Car Rental Portal
NVD Exploit-DB
CVSS 3.1
7.2
EPSS
5.8%
CVE-2020-5846 HIGH POC This Week

An insecure file upload and code execution issue was discovered in Ahsay Cloud Backup Suite 8.3.0.30 via a "PUT /obs/obm7/file/upload" request with the base64-encoded pathname in the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Cloud Backup Suite
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2020-5514 CRITICAL POC THREAT Act Now

Gila CMS 1.11.8 allows Unrestricted Upload of a File with a Dangerous Type via .phar or .phtml to the lzld/thumb?src= URI. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Gila Cms
NVD
CVSS 3.1
9.1
EPSS
44.1%
CVE-2019-20049 CRITICAL POC THREAT Act Now

An issue was discovered on Alcatel-Lucent OmniVista 4760 devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Path Traversal RCE Omnivista 4760
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
12.8%
CVE-2019-20048 HIGH POC PATCH This Week

An issue was discovered on Alcatel-Lucent OmniVista 8770 devices before 4.1.2. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP File Upload RCE Omnivista 8770
NVD Exploit-DB
CVSS 3.1
7.2
EPSS
5.8%
CVE-2019-19925 HIGH PATCH This Week

zipfileUpdate in ext/misc/zipfile.c in SQLite 3.30.1 mishandles a NULL pathname during an update of a ZIP archive. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload Sqlite Sinec Infrastructure Network Services Mysql Workbench Debian Linux +7
NVD GitHub
CVSS 3.1
7.5
EPSS
6.8%
CVE-2019-8293 CRITICAL POC PATCH Act Now

Due to a logic error in the code, upload-image-with-ajax v1.0 allows arbitrary files to be uploaded to the web root allowing code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

File Upload RCE Upload Image With Ajax
NVD GitHub
CVSS 3.1
9.8
EPSS
2.6%
CVE-2019-19634 PHP CRITICAL POC Act Now

class.upload.php in verot.net class.upload through 1.0.3 and 2.x through 2.0.4, as used in the K2 extension for Joomla!. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Verot K2
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
4.2%
CVE-2019-19745 PHP HIGH PATCH This Week

Contao 4.0 through 4.8.5 allows PHP local file inclusion. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP File Upload Contao
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2019-18313 CRITICAL Act Now

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload RCE Sppa T3000 Ms3000 Migration Server
NVD
CVSS 3.1
9.8
EPSS
2.8%
CVE-2019-18288 HIGH This Week

A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload RCE Sppa T3000 Application Server
NVD
CVSS 3.1
8.8
EPSS
4.0%
CVE-2019-15936 CRITICAL POC Act Now

Intesync Solismed 3.3sp allows Insecure File Upload. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Solismed
NVD
CVSS 3.1
9.8
EPSS
2.4%
CVE-2019-19374 CRITICAL POC Act Now

An issue was discovered in core/assets/form/form_question_types/form_question_type_file_upload/form_question_type_file_upload.inc in Squiz Matrix CMS 5.5.0 prior to 5.5.0.3, 5.5.1 prior to 5.5.1.8,. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Path Traversal Information Disclosure Matrix
NVD
CVSS 3.1
9.1
EPSS
3.4%
CVE-2019-4612 HIGH This Week

IBM Planning Analytics 2.0 is vulnerable to malicious file upload in the My Account Portal. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload IBM Planning Analytics
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2019-19684 HIGH POC This Week

nopCommerce v4.2.0 allows privilege escalation via file upload in Presentation/Nop.Web/Admin/Areas/Controllers/PluginController.cs via Admin/FacebookAuthentication/Configure because it is possible to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation File Upload Nopcommerce
NVD GitHub
CVSS 3.1
8.8
EPSS
1.6%
CVE-2019-19595 CRITICAL POC Act Now

reset/modules/advanced_form_maker_edit/multiupload/upload.php in the RESET.PRO Adobe Stock API integration 4.8 for PrestaShop allows remote attackers to execute arbitrary code by uploading a .php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload RCE Adobe Stock Api Integration +1
NVD
CVSS 3.1
9.8
EPSS
4.0%
CVE-2019-19594 CRITICAL POC Act Now

reset/modules/fotoliaFoto/multi_upload.php in the RESET.PRO Adobe Stock API Integration for PrestaShop 1.6 and 1.7 allows remote attackers to execute arbitrary code by uploading a .php file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload RCE Adobe Stock Api Integration +1
NVD
CVSS 3.1
9.8
EPSS
4.0%
CVE-2019-19589 CRITICAL POC Act Now

The Lever PDF Embedder plugin 4.4 for WordPress does not block the distribution of polyglot PDF documents that are valid JAR archives. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload WordPress Pdf Embedder
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2019-11216 MEDIUM POC This Month

BMC Smart Reporting 7.3 20180418 allows authenticated XXE within the import functionality. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XXE File Upload Remedy Smart Reporting
NVD
CVSS 3.1
6.5
EPSS
1.8%
CVE-2019-19576 PHP CRITICAL POC PATCH THREAT Act Now

class.upload.php in verot.net class.upload before 1.0.3 and 2.x before 2.0.4, as used in the K2 extension for Joomla!. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 26.2%.

File Upload PHP Verot K2
NVD GitHub Exploit-DB VulDB
CVSS 3.1
9.8
EPSS
26.2%
Threat
4.2
CVE-2019-4130 HIGH PATCH This Week

IBM Cloud Pak System 2.3 and 2.3.0.1 could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload IBM RCE Cloud Pak System
NVD
CVSS 3.1
8.8
EPSS
2.0%
CVE-2019-19020 HIGH POC This Week

An issue was discovered in TitanHQ WebTitan before 5.18. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload RCE Webtitan
NVD
CVSS 3.1
7.2
EPSS
2.3%
CVE-2019-19493 MEDIUM POC PATCH This Month

Kentico before 12.0.50 allows file uploads in which the Content-Type header is inconsistent with the file extension, leading to XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS File Upload Xperience
NVD Exploit-DB
CVSS 3.1
5.4
EPSS
2.0%
CVE-2019-19468 HIGH POC This Week

Free Photo Viewer 1.3 allows remote attackers to execute arbitrary code via a crafted BMP and/or TIFF file that triggers a malformed SEH, as demonstrated by a 0012ECB4 FreePhot.00425642 42200008. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Free Photo Viewer
NVD
CVSS 3.1
7.8
EPSS
1.7%
CVE-2019-17403 HIGH POC This Week

Nokia IMPACT < 18A: An unrestricted File Upload vulnerability was found that may lead to Remote Code Execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Nokia File Upload RCE Impact
NVD
CVSS 3.1
8.8
EPSS
2.5%
CVE-2019-12409 Maven CRITICAL POC PATCH THREAT Act Now

The 8.1.1 and 8.2.0 releases of Apache Solr contain an insecure setting for the ENABLE_REMOTE_JMX_OPTS configuration option in the default solr.in.sh configuration file shipping with Solr. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Apache Solr
NVD GitHub
CVSS 3.1
9.8
EPSS
21.9%
CVE-2019-12311 MEDIUM POC This Month

Sandline Centraleyezer (On Premises) allows Unrestricted File Upload leading to Stored XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS File Upload Centraleyezer
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2019-12271 CRITICAL POC Act Now

Sandline Centraleyezer (On Premises) allows unrestricted File Upload with a dangerous type, because the feature of adding ".jpg" to any uploaded filename is not enforced on the server side. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Centraleyezer
NVD
CVSS 3.1
9.8
EPSS
2.0%
CVE-2019-19084 MEDIUM This Month

In Octopus Deploy 3.3.0 through 2019.10.4, an authenticated user with PackagePush permission to upload packages could upload a maliciously crafted package, triggering an exception that exposes. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Octopus Deploy
NVD GitHub
CVSS 3.1
4.3
EPSS
0.7%
CVE-2019-17058 CRITICAL Act Now

Footy Tipping Software AFL Web Edition 2019 allows arbitrary file upload and resultant remote code execution because a whitelist can be bypassed by an Administrator who uploads a crafted upload.dat. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload RCE Tipping Software
NVD
CVSS 3.1
9.1
EPSS
1.9%
CVE-2019-14467 HIGH POC This Week

The Social Photo Gallery plugin 1.0 for WordPress allows Remote Code Execution by creating an album and attaching a malicious PHP file in the cover photo album, because the file extension is not. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload WordPress RCE Social Photo Gallery
NVD
CVSS 3.1
7.8
EPSS
1.8%
CVE-2019-18952 CRITICAL POC THREAT Act Now

SibSoft Xfilesharing through 2.5.1 allows cgi-bin/up.cgi arbitrary file upload. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Xfilesharing
NVD GitHub
CVSS 3.1
9.8
EPSS
45.4%
CVE-2019-1443 MEDIUM PATCH This Month

An information disclosure vulnerability exists in Microsoft SharePoint when an attacker uploads a specially crafted file to the SharePoint Server.An authenticated attacker who successfully exploited. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload Microsoft Information Disclosure Sharepoint Enterprise Server Sharepoint Foundation +1
NVD
CVSS 3.1
6.5
EPSS
5.4%
CVE-2019-12719 CRITICAL POC Act Now

An issue was discovered in Picture_Manage_mvc.aspx in AUO SunVeillance Monitoring System before v1.1.9e. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Sunveillance Monitoring System Data Recorder
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
2.1%
CVE-2019-8140 PHP MEDIUM PATCH This Month

An unrestricted file upload vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

PHP File Upload Adobe Magento
NVD
CVSS 3.1
4.9
EPSS
0.8%
CVE-2019-8114 PHP HIGH PATCH This Week

A remote code execution vulnerability exists in Magento 1 prior to 1.9.4.3 and 1.14.4.3, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

RCE File Upload Adobe Magento
NVD
CVSS 3.1
7.2
EPSS
1.9%
CVE-2019-8093 PHP HIGH PATCH This Week

An arbitrary file access vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload Adobe Magento
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2019-17325 MEDIUM This Month

ClipSoft REXPERT 1.0.0.527 and earlier version allows remote attacker to upload arbitrary local file via the ActiveX method in RexViewerCtrl30.ocx. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Rexpert
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2019-18206 HIGH This Week

A cross-site request forgery (CSRF) vulnerability in Zucchetti InfoBusiness before and including 4.4.1 allows arbitrary file upload. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload CSRF Infobusiness
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2019-18204 HIGH POC This Week

Zucchetti InfoBusiness before and including 4.4.1 allows any authenticated user to upload .php files in order to achieve code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload RCE Infobusiness
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2019-14451 CRITICAL Act Now

RepetierServer.exe in Repetier-Server 0.8 through 0.91 does not properly validate the XML data structure provided when uploading a new printer configuration. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload RCE Repetier Server
NVD
CVSS 3.1
9.8
EPSS
4.5%
CVE-2019-18417 HIGH POC This Week

Sourcecodester Restaurant Management System 1.0 allows an authenticated attacker to upload arbitrary files that can result in code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload RCE Restaurant Management System
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2019-11021 HIGH This Week

admin/app/mediamanager in Schlix CMS 2.1.8-7 allows Authenticated Unrestricted File Upload, leading to remote code execution. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP File Upload RCE Cms
NVD VulDB
CVSS 3.1
7.2
EPSS
2.2%
CVE-2019-16530 Maven HIGH PATCH This Week

Sonatype Nexus Repository Manager 2.x before 2.14.15 and 3.x before 3.19, and IQ Server before 72, has remote code execution. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload RCE Nexus Iq Server Nexus Repository Manager
NVD
CVSS 3.1
7.2
EPSS
3.3%
CVE-2019-16700 PHP CRITICAL PATCH Act Now

The slub_events (aka SLUB: Event Registration) extension through 3.0.2 for TYPO3 allows uploading of arbitrary files to the webserver. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service File Upload RCE Slub Events
NVD
CVSS 3.1
9.8
EPSS
2.5%
CVE-2019-17536 MEDIUM POC This Month

Gila CMS through 1.11.4 allows Unrestricted Upload of a File with a Dangerous Type via the moveAction function in core/controllers/fm.php. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Gila Cms
NVD GitHub
CVSS 3.1
4.9
EPSS
2.3%
CVE-2019-17490 HIGH POC This Week

app\modules\polygon\controllers\ProblemController in Jiangnan Online Judge (aka jnoj) 0.8.0 allows arbitrary file upload, as demonstrated by PHP code (with a .php filename but the image/png content. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Jiangnan Online Judge
NVD GitHub
CVSS 3.1
8.8
EPSS
1.5%
CVE-2019-17352 Maven HIGH POC PATCH This Week

In JFinal cos before 2019-08-13, as used in JFinal 4.4, there is a vulnerability that can bypass the isSafeFile() function: one can upload any type of file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Jfinal
NVD GitHub
CVSS 3.1
7.5
EPSS
1.7%
CVE-2019-14657 HIGH POC This Week

Yealink phones through 2019-08-04 have an issue with OpenVPN file upload. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Path Traversal RCE Vp59 Firmware T49G Firmware +1
NVD
CVSS 3.1
8.8
EPSS
3.7%
CVE-2019-14656 HIGH POC This Week

Yealink phones through 2019-08-04 do not properly check user roles in POST requests. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Vp59 Firmware T49G Firmware T58V Firmware
NVD
CVSS 3.1
8.8
EPSS
2.0%
CVE-2019-15751 CRITICAL Act Now

An unrestricted file upload vulnerability in SITOS six Build v6.2.1 allows remote attackers to execute arbitrary code by uploading a SCORM file with an executable extension. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP File Upload RCE Sitos Six
NVD
CVSS 3.1
9.8
EPSS
4.5%
CVE-2019-15748 CRITICAL Act Now

SITOS six Build v6.2.1 permits unauthorised users to upload and import a SCORM 2004 package by browsing directly to affected pages. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP File Upload Sitos Six
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2019-17188 HIGH POC This Week

An unrestricted file upload vulnerability was discovered in catalog/productinfo/imageupload in Fecshop FecMall 2.3.4. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Fecmall
NVD GitHub
CVSS 3.1
7.2
EPSS
1.4%
CVE-2019-11655 HIGH This Week

Unrestricted file upload vulnerability in Micro Focus ArcSight Logger, version 6.7.0 and later. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Arcsight Logger
NVD
CVSS 3.1
8.8
EPSS
1.5%
EPSS 16% CVSS 8.8
HIGH POC PATCH THREAT This Week

An unrestricted file upload vulnerability in keywordsImport.php in TestLink 1.9.20 allows remote attackers to execute arbitrary code by uploading a file with an executable extension. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

File Upload RCE PHP +1
NVD GitHub Exploit-DB
EPSS 3% CVSS 7.2
HIGH POC PATCH This Week

The Upload Visualization plugin in the Microstrategy Web 10.4 admin panel allows an administrator to upload a ZIP archive containing files with arbitrary extensions and data. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

File Upload SSRF Microstrategy Web
NVD
EPSS 4% CVSS 9.8
CRITICAL Act Now

LifterLMS Wordpress plugin version below 3.37.15 is vulnerable to arbitrary file write leading to remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload WordPress RCE +1
NVD
EPSS 3% CVSS 9.8
CRITICAL Act Now

Serendipity before 2.3.4 on Windows allows remote attackers to execute arbitrary code because the filename of a renamed file may end with a dot. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload RCE Microsoft +2
NVD GitHub
EPSS 15% CVSS 7.2
HIGH POC THREAT This Week

FrozenNode Laravel-Administrator through 5.0.12 allows unrestricted file upload (and consequently Remote Code Execution) via admin/tips_image/image/file_upload image upload with PHP content within a. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE PHP +1
NVD Exploit-DB
EPSS 1% CVSS 7.2
HIGH This Week

Acyba AcyMailing before 6.9.2 mishandles file uploads by admins. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Acymailing
NVD
EPSS 10% CVSS 6.5
MEDIUM POC This Month

This vulnerability allows remote attackers to create arbitrary files on affected installations of Horde Groupware Webmail Edition 5.2.22. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Groupware +2
NVD Exploit-DB
EPSS 3% CVSS 7.2
HIGH POC This Week

In Artica Pandora FMS through 7.42, Web Admin users can execute arbitrary code by uploading a .php file via the File Repository component, a different issue than CVE-2020-7935 and CVE-2020-8500. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE PHP +1
NVD
EPSS 3% CVSS 7.2
HIGH POC This Week

Artica Pandora FMS through 7.42 is vulnerable to remote PHP code execution because of an Unrestricted Upload Of A File With A Dangerous Type issue in the File Manager. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE PHP +1
NVD
EPSS 2% CVSS 9.8
CRITICAL PATCH Act Now

eZ Publish Kernel before 5.4.14.1, 6.x before 6.13.6.2, and 7.x before 7.5.6.2 and eZ Publish Legacy before 5.4.14.1, 2017 before 2017.12.7.2, and 2019 before 2019.03.4.2 allow remote attackers to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload RCE PHP +2
NVD
EPSS 2% CVSS 7.8
HIGH POC This Week

The Filemanager in CMS Made Simple 2.2.13 allows remote code execution via a .php.jpegd JPEG file, as demonstrated by m1_files[] to admin/moduleinterface.php. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE PHP +1
NVD
EPSS 5% CVSS 9.8
CRITICAL POC Act Now

LogicalDoc before 8.3.3 could allow an attacker to upload arbitrary files, leading to command execution or retrieval of data from the database. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Logicaldoc
NVD
EPSS 2% CVSS 6.5
MEDIUM POC PATCH This Month

Umbraco CMS 8.5.3 allows an authenticated file upload (and consequently Remote Code Execution) via the Install Package functionality. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Umbraco Cms
NVD
EPSS 2% CVSS 8.8
HIGH POC This Week

Umbraco Cloud 8.5.3 allows an authenticated file upload (and consequently Remote Code Execution) via the Install Packages functionality. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Umbraco Cms
NVD
EPSS 30% CVSS 7.2
HIGH POC THREAT This Week

index.php?sec=godmode/extensions&sec2=extensions/files_repo in Pandora FMS v7.0 NG allows authenticated administrators to upload malicious PHP scripts, and execute them via base64 decoding of the. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Pandora Fms
NVD GitHub Exploit-DB
EPSS 1% CVSS 8.8
HIGH POC This Week

An issue was discovered in AContent through 1.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Acontent
NVD GitHub
EPSS 9% CVSS 9.8
CRITICAL POC Act Now

An issue was discovered in the File Upload plugin before 4.13.0 for WordPress. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload WordPress RCE +2
NVD GitHub
EPSS 1% CVSS 7.2
HIGH PATCH This Week

An issue was discovered in DEVOME GRR before 3.4.1c. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload PHP Grr
NVD GitHub
EPSS 12% CVSS 7.2
HIGH POC THREAT This Week

admin/imagepaster/image-upload.php in Chadha PHPKB Standard Multi-Language 9 allows remote attackers to achieve Code Execution by uploading a .php file in the admin/js/ directory. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE PHP +1
NVD Exploit-DB
EPSS 4% CVSS 9.8
CRITICAL POC Act Now

An unauthenticated file upload vulnerability has been identified in admin/gallery.php in PHPGurukul Job Portal 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Job Portal
NVD Exploit-DB
EPSS 5% CVSS 9.8
CRITICAL POC Act Now

An unauthenticated file upload vulnerability has been identified in admin_add.php in PHPGurukul Online Book Store 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Online Book Store
NVD Exploit-DB
EPSS 4% CVSS 9.8
CRITICAL POC Act Now

IPTV Smarters WEB TV PLAYER through 2020-02-22 allows attackers to execute OS commands by uploading a script. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Web Tv Player
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

An XSS issue was discovered in Zammad 3.0 through 3.2. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS File Upload Zammad
NVD
EPSS 4% CVSS 7.2
HIGH POC This Week

In Artica Pandora FMS 7.42, Web Admin users can execute arbitrary code by uploading a .php file via the Updater or Extension component. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE PHP +1
NVD
EPSS 1% CVSS 6.1
MEDIUM POC This Month

There is an XSS (cross-site scripting) vulnerability in GwtUpload 1.0.3 in the file upload functionality. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS File Upload Gwtupload
NVD GitHub
EPSS 4% CVSS 7.5
HIGH POC This Week

In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when using file upload functionality, if upload progress tracking is enabled, but session.upload_progress.cleanup is set. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Null Pointer Dereference Denial Of Service +4
NVD
EPSS 99% CVSS 9.8
CRITICAL POC KEV PATCH THREAT Act Now

When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Apache File Upload RCE +21
NVD Exploit-DB
EPSS 2% CVSS 6.5
MEDIUM POC This Month

DNN (formerly DotNetNuke) through 9.4.4 has Insecure Permissions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Dotnetnuke
NVD GitHub
EPSS 3% CVSS 5.5
MEDIUM This Month

Avira AV Engine before 8.3.54.138 allows virus-detection bypass via a crafted ISO archive. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

File Upload Microsoft Anti Malware Sdk +7
NVD
EPSS 1% CVSS 4.9
MEDIUM This Month

Digi International ConnectPort LTS 32 MEI, Firmware Version 1.4.3 (82002228_K 08/09/2018), bios Version 1.2. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Connectport Lts 32 Mei Bios Connectport Lts 32 Mei Firmware
NVD
EPSS 3% CVSS 9.8
CRITICAL POC Act Now

controllers/page_apply.php in Simplejobscript.com SJS through 1.66 is prone to unauthenticated Remote Code Execution by uploading a PHP script as a resume. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE PHP +1
NVD GitHub
EPSS 2% CVSS 8.8
HIGH This Week

An arbitrary file upload vulnerability has been discovered in the Super File Explorer app 1.0.1 for iOS. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Super File Explorer
NVD GitHub
EPSS 1% CVSS 9.9
CRITICAL Act Now

In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Central Station (CSCS) Versions 1.X,. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Apexpro Telemetry Server Firmware Carescape B450 Monitor Firmware +7
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

Vulnerability in the Oracle Financial Services Revenue Management and Billing product of Oracle Financial Services Applications (component: File Upload). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload Oracle Revenue Management And Billing
NVD
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Attachments / File Upload). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

File Upload Oracle Applications Framework
NVD
EPSS 1% CVSS 4.7
MEDIUM PATCH This Month

Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Attachments / File Upload). Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

File Upload Oracle Applications Framework
NVD
EPSS 6% CVSS 7.2
HIGH POC This Week

PHPGurukul Car Rental Project v1.0 allows Remote Code Execution via an executable file in an upload of a new profile image. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Car Rental Portal
NVD Exploit-DB
EPSS 1% CVSS 8.8
HIGH POC This Week

An insecure file upload and code execution issue was discovered in Ahsay Cloud Backup Suite 8.3.0.30 via a "PUT /obs/obm7/file/upload" request with the base64-encoded pathname in the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Cloud Backup Suite
NVD
EPSS 44% CVSS 9.1
CRITICAL POC THREAT Act Now

Gila CMS 1.11.8 allows Unrestricted Upload of a File with a Dangerous Type via .phar or .phtml to the lzld/thumb?src= URI. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Gila Cms
NVD
EPSS 13% CVSS 9.8
CRITICAL POC THREAT Act Now

An issue was discovered on Alcatel-Lucent OmniVista 4760 devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Path Traversal RCE +1
NVD Exploit-DB
EPSS 6% CVSS 7.2
HIGH POC PATCH This Week

An issue was discovered on Alcatel-Lucent OmniVista 8770 devices before 4.1.2. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP File Upload RCE +1
NVD Exploit-DB
EPSS 7% CVSS 7.5
HIGH PATCH This Week

zipfileUpdate in ext/misc/zipfile.c in SQLite 3.30.1 mishandles a NULL pathname during an update of a ZIP archive. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload Sqlite Sinec Infrastructure Network Services +9
NVD GitHub
EPSS 3% CVSS 9.8
CRITICAL POC PATCH Act Now

Due to a logic error in the code, upload-image-with-ajax v1.0 allows arbitrary files to be uploaded to the web root allowing code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

File Upload RCE Upload Image With Ajax
NVD GitHub
EPSS 4% CVSS 9.8
CRITICAL POC Act Now

class.upload.php in verot.net class.upload through 1.0.3 and 2.x through 2.0.4, as used in the K2 extension for Joomla!. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Verot +1
NVD GitHub VulDB
EPSS 1% CVSS 8.8
HIGH PATCH This Week

Contao 4.0 through 4.8.5 allows PHP local file inclusion. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP File Upload Contao
NVD
EPSS 3% CVSS 9.8
CRITICAL Act Now

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload RCE Sppa T3000 Ms3000 Migration Server
NVD
EPSS 4% CVSS 8.8
HIGH This Week

A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload RCE Sppa T3000 Application Server
NVD
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

Intesync Solismed 3.3sp allows Insecure File Upload. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Solismed
NVD
EPSS 3% CVSS 9.1
CRITICAL POC Act Now

An issue was discovered in core/assets/form/form_question_types/form_question_type_file_upload/form_question_type_file_upload.inc in Squiz Matrix CMS 5.5.0 prior to 5.5.0.3, 5.5.1 prior to 5.5.1.8,. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Path Traversal Information Disclosure +1
NVD
EPSS 1% CVSS 8.8
HIGH This Week

IBM Planning Analytics 2.0 is vulnerable to malicious file upload in the My Account Portal. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload IBM Planning Analytics
NVD
EPSS 2% CVSS 8.8
HIGH POC This Week

nopCommerce v4.2.0 allows privilege escalation via file upload in Presentation/Nop.Web/Admin/Areas/Controllers/PluginController.cs via Admin/FacebookAuthentication/Configure because it is possible to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation File Upload Nopcommerce
NVD GitHub
EPSS 4% CVSS 9.8
CRITICAL POC Act Now

reset/modules/advanced_form_maker_edit/multiupload/upload.php in the RESET.PRO Adobe Stock API integration 4.8 for PrestaShop allows remote attackers to execute arbitrary code by uploading a .php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload RCE +3
NVD
EPSS 4% CVSS 9.8
CRITICAL POC Act Now

reset/modules/fotoliaFoto/multi_upload.php in the RESET.PRO Adobe Stock API Integration for PrestaShop 1.6 and 1.7 allows remote attackers to execute arbitrary code by uploading a .php file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload RCE +3
NVD
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

The Lever PDF Embedder plugin 4.4 for WordPress does not block the distribution of polyglot PDF documents that are valid JAR archives. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload WordPress Pdf Embedder
NVD
EPSS 2% CVSS 6.5
MEDIUM POC This Month

BMC Smart Reporting 7.3 20180418 allows authenticated XXE within the import functionality. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XXE File Upload Remedy Smart Reporting
NVD
EPSS 26% 4.2 CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

class.upload.php in verot.net class.upload before 1.0.3 and 2.x before 2.0.4, as used in the K2 extension for Joomla!. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 26.2%.

File Upload PHP Verot +1
NVD GitHub Exploit-DB VulDB
EPSS 2% CVSS 8.8
HIGH PATCH This Week

IBM Cloud Pak System 2.3 and 2.3.0.1 could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload IBM RCE +1
NVD
EPSS 2% CVSS 7.2
HIGH POC This Week

An issue was discovered in TitanHQ WebTitan before 5.18. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload RCE +1
NVD
EPSS 2% CVSS 5.4
MEDIUM POC PATCH This Month

Kentico before 12.0.50 allows file uploads in which the Content-Type header is inconsistent with the file extension, leading to XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS File Upload Xperience
NVD Exploit-DB
EPSS 2% CVSS 7.8
HIGH POC This Week

Free Photo Viewer 1.3 allows remote attackers to execute arbitrary code via a crafted BMP and/or TIFF file that triggers a malformed SEH, as demonstrated by a 0012ECB4 FreePhot.00425642 42200008. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Free Photo Viewer
NVD
EPSS 3% CVSS 8.8
HIGH POC This Week

Nokia IMPACT < 18A: An unrestricted File Upload vulnerability was found that may lead to Remote Code Execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Nokia File Upload RCE +1
NVD
EPSS 22% CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

The 8.1.1 and 8.2.0 releases of Apache Solr contain an insecure setting for the ENABLE_REMOTE_JMX_OPTS configuration option in the default solr.in.sh configuration file shipping with Solr. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Apache Solr
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM POC This Month

Sandline Centraleyezer (On Premises) allows Unrestricted File Upload leading to Stored XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS File Upload Centraleyezer
NVD
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

Sandline Centraleyezer (On Premises) allows unrestricted File Upload with a dangerous type, because the feature of adding ".jpg" to any uploaded filename is not enforced on the server side. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Centraleyezer
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

In Octopus Deploy 3.3.0 through 2019.10.4, an authenticated user with PackagePush permission to upload packages could upload a maliciously crafted package, triggering an exception that exposes. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Octopus Deploy
NVD GitHub
EPSS 2% CVSS 9.1
CRITICAL Act Now

Footy Tipping Software AFL Web Edition 2019 allows arbitrary file upload and resultant remote code execution because a whitelist can be bypassed by an Administrator who uploads a crafted upload.dat. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload RCE Tipping Software
NVD
EPSS 2% CVSS 7.8
HIGH POC This Week

The Social Photo Gallery plugin 1.0 for WordPress allows Remote Code Execution by creating an album and attaching a malicious PHP file in the cover photo album, because the file extension is not. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload WordPress +2
NVD
EPSS 45% CVSS 9.8
CRITICAL POC THREAT Act Now

SibSoft Xfilesharing through 2.5.1 allows cgi-bin/up.cgi arbitrary file upload. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Xfilesharing
NVD GitHub
EPSS 5% CVSS 6.5
MEDIUM PATCH This Month

An information disclosure vulnerability exists in Microsoft SharePoint when an attacker uploads a specially crafted file to the SharePoint Server.An authenticated attacker who successfully exploited. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload Microsoft Information Disclosure +3
NVD
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

An issue was discovered in Picture_Manage_mvc.aspx in AUO SunVeillance Monitoring System before v1.1.9e. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Sunveillance Monitoring System Data Recorder
NVD Exploit-DB
EPSS 1% CVSS 4.9
MEDIUM PATCH This Month

An unrestricted file upload vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

PHP File Upload Adobe +1
NVD
EPSS 2% CVSS 7.2
HIGH PATCH This Week

A remote code execution vulnerability exists in Magento 1 prior to 1.9.4.3 and 1.14.4.3, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

RCE File Upload Adobe +1
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

An arbitrary file access vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload Adobe Magento
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

ClipSoft REXPERT 1.0.0.527 and earlier version allows remote attacker to upload arbitrary local file via the ActiveX method in RexViewerCtrl30.ocx. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Rexpert
NVD
EPSS 0% CVSS 8.8
HIGH This Week

A cross-site request forgery (CSRF) vulnerability in Zucchetti InfoBusiness before and including 4.4.1 allows arbitrary file upload. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload CSRF Infobusiness
NVD
EPSS 2% CVSS 8.8
HIGH POC This Week

Zucchetti InfoBusiness before and including 4.4.1 allows any authenticated user to upload .php files in order to achieve code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload RCE +1
NVD
EPSS 4% CVSS 9.8
CRITICAL Act Now

RepetierServer.exe in Repetier-Server 0.8 through 0.91 does not properly validate the XML data structure provided when uploading a new printer configuration. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload RCE Repetier Server
NVD
EPSS 2% CVSS 8.8
HIGH POC This Week

Sourcecodester Restaurant Management System 1.0 allows an authenticated attacker to upload arbitrary files that can result in code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload RCE +1
NVD
EPSS 2% CVSS 7.2
HIGH This Week

admin/app/mediamanager in Schlix CMS 2.1.8-7 allows Authenticated Unrestricted File Upload, leading to remote code execution. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP File Upload RCE +1
NVD VulDB
EPSS 3% CVSS 7.2
HIGH PATCH This Week

Sonatype Nexus Repository Manager 2.x before 2.14.15 and 3.x before 3.19, and IQ Server before 72, has remote code execution. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload RCE Nexus Iq Server +1
NVD
EPSS 3% CVSS 9.8
CRITICAL PATCH Act Now

The slub_events (aka SLUB: Event Registration) extension through 3.0.2 for TYPO3 allows uploading of arbitrary files to the webserver. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service File Upload RCE +1
NVD
EPSS 2% CVSS 4.9
MEDIUM POC This Month

Gila CMS through 1.11.4 allows Unrestricted Upload of a File with a Dangerous Type via the moveAction function in core/controllers/fm.php. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Gila Cms
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

app\modules\polygon\controllers\ProblemController in Jiangnan Online Judge (aka jnoj) 0.8.0 allows arbitrary file upload, as demonstrated by PHP code (with a .php filename but the image/png content. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Jiangnan Online Judge
NVD GitHub
EPSS 2% CVSS 7.5
HIGH POC PATCH This Week

In JFinal cos before 2019-08-13, as used in JFinal 4.4, there is a vulnerability that can bypass the isSafeFile() function: one can upload any type of file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Jfinal
NVD GitHub
EPSS 4% CVSS 8.8
HIGH POC This Week

Yealink phones through 2019-08-04 have an issue with OpenVPN file upload. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Path Traversal RCE +3
NVD
EPSS 2% CVSS 8.8
HIGH POC This Week

Yealink phones through 2019-08-04 do not properly check user roles in POST requests. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Vp59 Firmware T49G Firmware +1
NVD
EPSS 4% CVSS 9.8
CRITICAL Act Now

An unrestricted file upload vulnerability in SITOS six Build v6.2.1 allows remote attackers to execute arbitrary code by uploading a SCORM file with an executable extension. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP File Upload RCE +1
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

SITOS six Build v6.2.1 permits unauthorised users to upload and import a SCORM 2004 package by browsing directly to affected pages. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP File Upload Sitos Six
NVD
EPSS 1% CVSS 7.2
HIGH POC This Week

An unrestricted file upload vulnerability was discovered in catalog/productinfo/imageupload in Fecshop FecMall 2.3.4. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Fecmall
NVD GitHub
EPSS 2% CVSS 8.8
HIGH This Week

Unrestricted file upload vulnerability in Micro Focus ArcSight Logger, version 6.7.0 and later. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Arcsight Logger
NVD
Prev Page 39 of 45 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy