Skip to main content

File Upload

4034 CVEs technique

Monthly

CVE-2019-15766 HIGH POC This Week

The KSLABS KSWEB (aka ru.kslabs.ksweb) application 3.93 for Android allows authenticated remote code execution via a POST request to the AJAX handler with the configFile parameter set to the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Google File Upload RCE PHP Ksweb
NVD
CVSS 3.1
8.8
EPSS
3.1%
CVE-2019-17046 HIGH POC This Week

Ilch 2.1.22 allows remote code execution because php is listed under "Allowed files" on the index.php/admin/media/settings/index page. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload RCE Ilch Cms
NVD
CVSS 3.1
7.2
EPSS
4.4%
CVE-2019-15862 HIGH This Week

An issue was discovered in CKFinder through 2.6.2.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Ckfinder
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2019-16720 HIGH POC This Week

ZZZCMS zzzphp v1.7.2 does not properly restrict file upload in plugins/ueditor/php/controller.php?upfolder=news&action=catchimage, as demonstrated by uploading a .htaccess or .php5 file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Zzzphp
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2019-14916 MEDIUM POC This Month

An issue was discovered in PRiSE adAS 1.7.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Adas
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2019-14252 HIGH POC This Week

An issue was discovered in the secure portal in Publisure 2.1.2. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Publisure
NVD GitHub
CVSS 3.1
7.2
EPSS
1.5%
CVE-2019-15843 HIGH This Week

A malicious file upload vulnerability was discovered in Xiaomi Millet mobile phones 1-6.3.9.3. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

File Upload Xiaomi Millet Firmware
NVD
CVSS 3.1
7.4
EPSS
0.8%
CVE-2019-6839 HIGH This Week

A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists in U.motion Server (MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 -. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Meg6501 0001 Firmware Meg6501 0002 Firmware Meg6260 0410 Firmware Meg6260 0415 Firmware
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2019-15131 CRITICAL Act Now

In Code42 Enterprise 6.7.5 and earlier, 6.8.4 through 6.8.8, and 7.0.0 a vulnerability has been identified that may allow arbitrary files to be uploaded to Code42 servers and executed. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload RCE Code42
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2019-8371 HIGH POC This Week

OpenEMR v5.0.1-6 allows code execution. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Openemr
NVD
CVSS 3.1
7.2
EPSS
2.6%
CVE-2019-16318 PHP HIGH PATCH This Week

In Pimcore before 5.7.1, an attacker with limited privileges can bypass file-extension restrictions via a 256-character filename, as demonstrated by the failure of automatic renaming of .php to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

PHP File Upload Pimcore
NVD GitHub
CVSS 3.1
8.8
EPSS
1.4%
CVE-2019-16192 CRITICAL POC Act Now

upload_model() in /admini/controllers/system/managemodel.php in DocCms 2016.5.17 allow remote attackers to execute arbitrary PHP code through module management files, as demonstrated by a .php file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Doccms
NVD GitHub
CVSS 3.1
9.8
EPSS
2.1%
CVE-2019-16131 HIGH POC This Week

framework/admin/modulec_control.php in OKLite v1.2.25 has an Arbitrary File Upload Vulnerability because a .php file from a ZIP archive can be written to /data/cache/. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Oklite
NVD
CVSS 3.1
8.8
EPSS
6.5%
CVE-2019-13187 CRITICAL POC Act Now

The Rich Text Formatter (Redactor) extension through v1.1.1 for Symphony CMS has an Unauthenticated arbitrary file upload vulnerability in content.fileupload.php and content.imageupload.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Rich Text Formatter
NVD
CVSS 3.0
9.8
EPSS
1.8%
CVE-2019-13976 CRITICAL Act Now

eGain Chat 15.0.3 allows unrestricted file upload. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Chat
NVD
CVSS 3.0
9.8
EPSS
1.7%
CVE-2019-15813 HIGH POC THREAT This Week

Multiple file upload restriction bypass vulnerabilities in Sentrifugo 3.2 could allow authenticated users to execute arbitrary code via a webshell. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Sentrifugo
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
33.2%
CVE-2019-15866 HIGH POC This Week

The crelly-slider plugin before 1.3.5 for WordPress has arbitrary file upload via a PHP file inside a ZIP archive to wp_ajax_crellyslider_importSlider. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload WordPress Crelly Slider
NVD
CVSS 3.0
8.8
EPSS
2.0%
CVE-2019-15649 HIGH This Week

The insert-or-embed-articulate-content-into-wordpress plugin before 4.2999 for WordPress has insufficient restrictions on file upload. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload WordPress Insert Or Embed Articulate Content
NVD
CVSS 3.0
8.8
EPSS
1.7%
CVE-2019-15524 CRITICAL Act Now

CSZ CMS 1.2.3 allows arbitrary file upload, as demonstrated by a .php file to admin/filemanager in the File Management Module, which leads to remote code execution by visiting a photo/upload/2019/. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP File Upload RCE Csz Cms
NVD
CVSS 3.0
9.8
EPSS
3.1%
CVE-2019-11031 CRITICAL Act Now

Mirasys VMS before V7.6.1 and 8.x before V8.3.2 mishandles the auto-update feature of IDVRUpdateService2 in DVRServer.exe. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Mirasys Vms
NVD
CVSS 3.0
9.8
EPSS
1.9%
CVE-2019-12889 HIGH POC This Week

An unauthenticated privilege escalation exists in SailPoint Desktop Password Reset 7.2. Rated high severity (CVSS 7.0). Public exploit code available and no vendor patch available.

Privilege Escalation File Upload Microsoft Desktop Password Reset
NVD GitHub
CVSS 3.0
7.0
EPSS
0.6%
CVE-2019-15091 CRITICAL Act Now

filemgr.php in Artica Integria IMS 5.0.86 allows index.php?sec=wiki&sec2=operation/wiki/wiki&action=upload arbitrary file upload. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP File Upload Integria Ims
NVD
CVSS 3.0
9.8
EPSS
1.6%
CVE-2019-14755 HIGH This Week

The profile photo upload feature in Leaf Admin 61.9.0212.10 f allows Unrestricted Upload of a File with a Dangerous Type. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Leaf Admin
NVD GitHub
CVSS 3.0
8.8
EPSS
1.7%
CVE-2019-0340 MEDIUM This Month

The XML parser, which is being used by SAP Enable Now, before version 1902, has not been hardened correctly, leading to Missing XML Validation vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE File Upload SAP Enable Now
NVD
CVSS 3.0
5.4
EPSS
0.7%
CVE-2019-5395 HIGH This Week

A remote arbitrary file upload vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to 5.0.5.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload 3Par Service Processor Firmware
NVD
CVSS 3.0
8.8
EPSS
2.3%
CVE-2019-14521 HIGH POC PATCH This Week

The api/admin/logoupload Logo File upload feature in EMCA Energy Logserver 6.1.2 allows attackers to send any kind of file to any location on the server via path traversal in the filename parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

File Upload Path Traversal Energy Logserver
NVD GitHub
CVSS 3.0
7.5
EPSS
2.4%
CVE-2019-7930 PHP HIGH PATCH This Week

A file upload restriction bypass exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE File Upload Adobe Magento
NVD
CVSS 3.0
7.2
EPSS
2.4%
CVE-2019-7912 PHP HIGH PATCH This Week

A file upload filter bypass exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Adobe Magento
NVD
CVSS 3.0
7.2
EPSS
1.6%
CVE-2019-7861 PHP HIGH PATCH This Week

Insufficient server-side validation of user input could allow an attacker to bypass file upload restrictions in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Adobe Magento
NVD
CVSS 3.0
7.5
EPSS
2.0%
CVE-2019-3960 HIGH POC This Week

Unrestricted upload of file with dangerous type in WallacePOS 1.4.3 allows a remote, authenticated attacker to execute arbitrary code by uploading a malicious PHP file. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload RCE Wallacepos
NVD
CVSS 3.0
7.2
EPSS
3.0%
CVE-2019-10267 HIGH POC THREAT Act Now

An insecure file upload and code execution issue was discovered in Ahsay Cloud Backup Suite 8.1.0.50. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Cloud Backup Suite
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
75.2%
CVE-2019-2761 LOW PATCH Monitor

Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: Attachments / File Upload). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

File Upload Oracle Application Object Library
NVD
CVSS 3.0
3.7
EPSS
1.1%
CVE-2019-1010209 HIGH POC PATCH This Week

GoUrl.io GoURL Wordpress Plugin 1.4.13 and earlier is affected by: CWE-434. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP File Upload WordPress Gourl
NVD GitHub
CVSS 3.0
7.5
EPSS
2.1%
CVE-2019-1010123 HIGH POC This Week

MODX Revolution Gallery 1.7.0 is affected by: CWE-434: Unrestricted Upload of File with Dangerous Type. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Modx Revolution
NVD
CVSS 3.0
7.5
EPSS
1.2%
CVE-2019-12326 CRITICAL POC Act Now

Missing file and path validation in the ringtone upload function of the Akuvox R50P VoIP phone 50.0.6.156 allows an attacker to upload a manipulated ringtone file, with an executable payload (shell. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Sp R50P Firmware
NVD
CVSS 3.0
9.8
EPSS
3.0%
CVE-2019-13984 HIGH POC This Week

Directus 7 API before 2.3.0 does not validate uploaded files. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Directus 7 Api
NVD GitHub
CVSS 3.0
8.8
EPSS
1.6%
CVE-2019-13980 HIGH POC This Week

In Directus 7 API through 2.3.0, uploading of PHP files is blocked only when the Apache HTTP Server is used, leading to uploads/_/originals remote code execution with nginx. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Nginx Apache RCE +1
NVD GitHub
CVSS 3.0
8.8
EPSS
2.5%
CVE-2019-13979 HIGH POC This Week

In Directus 7 API before 2.2.1, uploading of PHP files is not blocked, leading to uploads/_/originals remote code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload RCE Directus 7 Api
NVD GitHub
CVSS 3.0
8.8
EPSS
2.6%
CVE-2019-13973 CRITICAL POC Act Now

LayerBB 1.1.3 allows admin/general.php arbitrary file upload because the custom_logo filename suffix is not restricted, and .php may be used. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Layerbb
NVD
CVSS 3.0
9.8
EPSS
1.8%
CVE-2019-13359 HIGH POC THREAT This Week

In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.836, a cwpsrv-xxx cookie allows a normal user to craft and upload a session file to the /tmp directory, and use it to become the root user. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

File Upload Webpanel
NVD GitHub Exploit-DB
CVSS 3.0
7.5
EPSS
25.8%
CVE-2019-1010062 CRITICAL PATCH Act Now

PluckCMS 4.7.4 and earlier is affected by: CWE-434 Unrestricted Upload of File with Dangerous Type. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

PHP File Upload Pluckcms
NVD GitHub
CVSS 3.0
9.8
EPSS
1.8%
CVE-2019-10935 HIGH PATCH This Week

A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier (All versions), SIMATIC PCS 7 V8.1 (All versions < V8.1 with WinCC V7.3 Upd 19), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1 with. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload Simatic Pcs 7 Simatic Wincc Simatic Wincc Runtime
NVD
CVSS 3.0
7.2
EPSS
1.3%
CVE-2019-12803 CRITICAL Act Now

In Hunesion i-oneNet version 3.0.7 ~ 3.0.53 and 4.0.4 ~ 4.0.16, the specific upload web module doesn't verify the file extension and type, and an attacker can upload a webshell. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload I Onenet
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2019-0327 HIGH This Week

SAP NetWeaver for Java Application Server - Web Container, (engineapi, versions 7.1, 7.2, 7.3, 7.31, 7.4 and 7.5), (servercode, versions 7.2, 7.3, 7.31, 7.4, 7.5), allows an attacker to upload files. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java File Upload SAP Netweaver Application Server Java
NVD
CVSS 3.0
7.2
EPSS
2.1%
CVE-2019-13464 HIGH POC This Week

An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) 3.0.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Owasp Modsecurity Core Rule Set
NVD GitHub
CVSS 3.0
7.5
EPSS
1.5%
CVE-2019-12971 CRITICAL POC Act Now

BKS EBK Ethernet-Buskoppler Pro before 3.01 allows Unrestricted Upload of a File with a Dangerous Type. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Bks Ebk Ethernet Buskoppler Pro Firmware
NVD
CVSS 3.0
9.8
EPSS
2.2%
CVE-2019-7257 CRITICAL POC THREAT Act Now

Linear eMerge E3-Series devices allow Unrestricted File Upload. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Linear Emerge Essential Firmware Linear Emerge Elite Firmware
NVD Exploit-DB
CVSS 3.1
10.0
EPSS
70.0%
CVE-2019-7268 CRITICAL POC Act Now

Linear eMerge 50P/5000P devices allow Unauthenticated File Upload. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Linear Emerge 50P Firmware Linear Emerge 5000P Firmware
NVD
CVSS 3.1
10.0
EPSS
6.5%
CVE-2019-4292 HIGH PATCH This Week

IBM Security Guardium 10.5 could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable web server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload IBM RCE Security Guardium
NVD
CVSS 3.1
8.8
EPSS
3.7%
CVE-2019-7274 CRITICAL POC THREAT Act Now

Optergy Proton/Enterprise devices allow Authenticated File Upload with Code Execution as root. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Enterprise Proton
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
29.0%
CVE-2019-7669 HIGH POC THREAT This Week

Prima Systems FlexAir, Versions 2.3.38 and prior. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Flexair
NVD
CVSS 3.1
8.8
EPSS
31.4%
CVE-2019-13082 CRITICAL POC Act Now

Chamilo LMS 1.11.8 and 2.x allows remote code execution through an lp_upload.php unauthenticated file upload feature. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload RCE Chamilo Lms
NVD
CVSS 3.0
9.8
EPSS
4.0%
CVE-2019-12744 HIGH POC THREAT This Week

SeedDMS before 5.1.11 allows Remote Command Execution (RCE) because of unvalidated file upload of PHP scripts, a different vulnerability than CVE-2018-12940. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

PHP File Upload Seeddms
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
11.7%
CVE-2019-9842 HIGH POC This Week

madskristensen MiniBlog through 2018-05-18 allows remote attackers to execute arbitrary ASPX code via an IMG element with a data: URL, because SaveFilesToDisk in app_code/handlers/PostHandler.cs. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Miniblog
NVD GitHub
CVSS 3.0
7.2
EPSS
2.2%
CVE-2019-10959 CRITICAL Act Now

BD Alaris Gateway Workstation Versions, 1.1.3 Build 10, 1.1.3 MR Build 11, 1.2 Build 15, 1.3.0 Build 14, 1.3.1 Build 13, This does not impact the latest firmware Versions 1.3.2 and 1.6.1,. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Alaris Gateway Workstation Firmware Alaris Gs Syringe Pump Firmware Alaris Gh Syringe Pump Firmware Alaris Cc Syringe Pump Firmware +1
NVD
CVSS 3.0
10.0
EPSS
2.5%
CVE-2019-7838 CRITICAL Act Now

ColdFusion versions Update 3 and earlier, Update 10 and earlier, and Update 18 and earlier have a file extension blacklist bypass vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload RCE Coldfusion
NVD
CVSS 3.0
9.8
EPSS
17.4%
CVE-2019-4069 HIGH This Week

IBM Intelligent Operations Center (IOC) 5.1.0 through 5.2.0 does not properly validate file types, allowing an attacker to upload malicious content. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload IBM Intelligent Operations Center Intelligent Operations Center For Emergency Management Water Operations For Waternamics
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2019-4056 MEDIUM PATCH This Month

IBM Maximo Asset Management 7.6 Work Centers' application does not validate file type upon upload, allowing attackers to upload malicious files. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload IBM Control Desk Maximo Asset Management Maximo For Aviation +7
NVD
CVSS 3.1
4.3
EPSS
0.9%
CVE-2019-9189 HIGH POC THREAT This Week

Prima Systems FlexAir, Versions 2.4.9api3 and prior. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Python RCE Flexair
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
11.6%
CVE-2019-5357 HIGH This Week

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload RCE Intelligent Management Center
NVD
CVSS 3.0
8.8
EPSS
3.5%
CVE-2019-12548 HIGH PATCH This Week

Bludit before 3.9.0 allows remote code execution for an authenticated user by uploading a php file while changing the logo through /admin/ajax/upload-logo. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

PHP File Upload RCE Bludit
NVD GitHub
CVSS 3.0
8.8
EPSS
3.0%
CVE-2019-11185 CRITICAL POC Act Now

The WP Live Chat Support Pro plugin through 8.0.26 for WordPress contains an arbitrary file upload vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload WordPress Live Chat
NVD
CVSS 3.0
9.8
EPSS
4.3%
CVE-2019-12377 CRITICAL POC Act Now

A vulnerable upl/async_upload.asp web API endpoint in Ivanti LANDESK Management Suite (LDMS, aka Endpoint Manager) 10.0.1.168 Service Update 5 allows arbitrary file upload, which may lead to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Ivanti File Upload RCE Landesk Management Suite
NVD
CVSS 3.0
9.8
EPSS
5.5%
CVE-2019-12169 HIGH POC THREAT Act Now

ATutor 2.2.4 allows Arbitrary File Upload and Directory Traversal, resulting in remote code execution via a ".." pathname in a ZIP archive to the mods/_core/languages/language_import.php (aka Import. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Path Traversal RCE Atutor
NVD GitHub
CVSS 3.1
8.8
EPSS
73.3%
CVE-2019-10047 PyPI MEDIUM POC This Month

A stored XSS vulnerability exists in the web application of Pydio through 8.2.2 that can be exploited by levering the file upload and file preview features of the application. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS File Upload Pydio
NVD
CVSS 3.0
5.4
EPSS
0.7%
CVE-2019-7816 CRITICAL Act Now

ColdFusion versions Update 2 and earlier, Update 9 and earlier, and Update 17 and earlier have a file upload restriction bypass vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload RCE Coldfusion
NVD
CVSS 3.0
9.8
EPSS
67.1%
CVE-2019-12150 CRITICAL POC Act Now

Karamasoft UltimateEditor 1 does not ensure that an uploaded file is an image or document (neither file types nor extensions are restricted). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Ultimateeditor
NVD GitHub
CVSS 3.0
9.8
EPSS
1.7%
CVE-2019-6513 MEDIUM This Month

An issue was discovered in WSO2 API Manager 2.6.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Api Manager
NVD
CVSS 3.0
5.4
EPSS
1.4%
CVE-2019-12185 HIGH POC THREAT This Week

eLabFTW 1.8.5 is vulnerable to arbitrary file uploads via the /app/controllers/EntityController.php component. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Elabftw
NVD GitHub Exploit-DB
CVSS 3.0
8.8
EPSS
18.1%
CVE-2019-12170 HIGH POC This Week

ATutor through 2.2.4 is vulnerable to arbitrary file uploads via the mods/_core/backups/upload.php (aka backup) component. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Atutor
NVD GitHub
CVSS 3.0
8.8
EPSS
8.7%
CVE-2019-11887 CRITICAL Act Now

SimplyBook.me through 2019-05-11 does not properly restrict File Upload which could allow remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload RCE Simplybook
NVD
CVSS 3.0
9.8
EPSS
2.3%
CVE-2019-12099 HIGH POC PATCH THREAT This Week

In PHP-Fusion 9.03.00, edit_profile.php allows remote authenticated users to execute arbitrary code because includes/dynamics/includes/form_fileinput.php and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP File Upload RCE Php Fusion
NVD GitHub Exploit-DB
CVSS 3.0
8.8
EPSS
17.5%
CVE-2019-8404 MEDIUM POC This Month

An issue was discovered in Webiness Inventory 2.3. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Webiness Inventory
NVD Exploit-DB
CVSS 3.0
6.5
EPSS
8.0%
CVE-2019-10869 HIGH POC THREAT This Week

Path Traversal and Unrestricted File Upload exists in the Ninja Forms plugin before 3.0.23 for WordPress (when the Uploads add-on is activated). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

PHP File Upload Path Traversal WordPress Ninja Forms File Uploads
NVD
CVSS 3.1
8.1
EPSS
13.0%
CVE-2019-11807 HIGH POC This Week

The WooCommerce Checkout Manager plugin before 4.3 for WordPress allows media deletion via the wp-admin/admin-ajax.php?action=update_attachment_wccm wccm_default_keys_load parameter because of a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload WordPress Woocommerce Checkout Manager
NVD
CVSS 3.0
7.5
EPSS
1.5%
CVE-2019-11615 HIGH POC This Week

/fileman/php/upload.php in doorGets 7.0 has an arbitrary file upload vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Doorgets Cms
NVD GitHub
CVSS 3.0
8.8
EPSS
1.5%
CVE-2019-11568 HIGH POC This Week

An issue was discovered in AikCms v2.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Aikcms
NVD GitHub
CVSS 3.0
8.8
EPSS
1.4%
CVE-2019-8992 HIGH This Week

The administrative server component of TIBCO Software Inc.'s TIBCO ActiveMatrix BPM, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric, TIBCO ActiveMatrix Policy Director, TIBCO. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload RCE Activematrix Bpm Activematrix Policy Director Activematrix Service Bus +2
NVD
CVSS 3.1
8.8
EPSS
2.2%
CVE-2019-9951 CRITICAL Act Now

Western Digital My Cloud, My Cloud Mirror Gen2, My Cloud EX2 Ultra, My Cloud EX2100, My Cloud EX4100, My Cloud DL2100, My Cloud DL4100, My Cloud PR2100 and My Cloud PR4100 firmware before 2.31.174 is. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP File Upload My Cloud Mirror Gen 2 Firmware My Cloud Ex2 Ultra Firmware My Cloud Ex2100 Firmware +6
NVD GitHub
CVSS 3.0
9.8
EPSS
1.7%
CVE-2019-2682 HIGH PATCH This Week

Vulnerability in the Oracle Applications Framework component of Oracle E-Business Suite (subcomponent: Attachments / File Upload). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass File Upload Oracle Applications Framework
NVD
CVSS 3.0
8.2
EPSS
1.3%
CVE-2019-11447 HIGH POC THREAT This Week

An issue was discovered in CutePHP CuteNews 2.1.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload RCE Cutenews
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
52.9%
CVE-2019-11446 HIGH POC This Week

An issue was discovered in ATutor through 2.2.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Atutor
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
7.9%
CVE-2019-11445 HIGH POC THREAT This Week

OpenKM 6.3.2 through 6.3.7 allows an attacker to upload a malicious JSP file into the /okm:root directories and move that file to the home directory of the site, via frontend/FileUpload and. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Openkm
NVD Exploit-DB
CVSS 3.0
7.2
EPSS
14.5%
CVE-2019-11401 NuGet HIGH POC PATCH This Week

A issue was discovered in SiteServer CMS 6.9.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Siteserver Cms
NVD GitHub
CVSS 3.0
7.2
EPSS
2.9%
CVE-2019-11377 HIGH POC This Week

wcms/wex/finder/action.php in WCMS v0.3.2 has a Arbitrary File Upload Vulnerability via developer/finder because .php is a valid extension according to the fm_get_text_exts function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Wcms
NVD GitHub
CVSS 3.0
8.8
EPSS
1.8%
CVE-2019-11344 CRITICAL POC Act Now

data/inc/files.php in Pluck 4.7.8 allows remote attackers to execute arbitrary code by uploading a .htaccess file that specifies SetHandler x-httpd-php for a .txt file, because only certain. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload RCE Pluck
NVD GitHub
CVSS 3.0
9.8
EPSS
3.6%
CVE-2019-11223 CRITICAL POC Act Now

An Unrestricted File Upload Vulnerability in the SupportCandy plugin through 2.0.0 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload WordPress RCE Supportcandy
NVD
CVSS 3.0
9.8
EPSS
8.8%
CVE-2019-4013 CRITICAL POC THREAT Act Now

IBM BigFix Platform 9.5 could allow any authenticated user to upload any file to any location on the server with root privileges. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload IBM RCE Bigfix Platform
NVD Exploit-DB
CVSS 3.0
9.9
EPSS
14.1%
CVE-2019-3940 CRITICAL Act Now

Advantech WebAccess 8.3.4 is vulnerable to file upload attacks via unauthenticated RPC call. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload RCE Webaccess
NVD
CVSS 3.0
9.8
EPSS
4.1%
CVE-2019-11028 HIGH This Week

GAT-Ship Web Module before 1.40 suffers from a vulnerability allowing authenticated attackers to upload any file type to the server via the "Documents" area. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Web Module
NVD VulDB
CVSS 3.0
8.8
EPSS
2.8%
EPSS 3% CVSS 8.8
HIGH POC This Week

The KSLABS KSWEB (aka ru.kslabs.ksweb) application 3.93 for Android allows authenticated remote code execution via a POST request to the AJAX handler with the configFile parameter set to the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Google File Upload RCE +2
NVD
EPSS 4% CVSS 7.2
HIGH POC This Week

Ilch 2.1.22 allows remote code execution because php is listed under "Allowed files" on the index.php/admin/media/settings/index page. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload RCE +1
NVD
EPSS 2% CVSS 7.5
HIGH This Week

An issue was discovered in CKFinder through 2.6.2.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Ckfinder
NVD
EPSS 1% CVSS 7.5
HIGH POC This Week

ZZZCMS zzzphp v1.7.2 does not properly restrict file upload in plugins/ueditor/php/controller.php?upfolder=news&action=catchimage, as demonstrated by uploading a .htaccess or .php5 file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Zzzphp
NVD
EPSS 1% CVSS 6.5
MEDIUM POC This Month

An issue was discovered in PRiSE adAS 1.7.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Adas
NVD
EPSS 2% CVSS 7.2
HIGH POC This Week

An issue was discovered in the secure portal in Publisure 2.1.2. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Publisure
NVD GitHub
EPSS 1% CVSS 7.4
HIGH This Week

A malicious file upload vulnerability was discovered in Xiaomi Millet mobile phones 1-6.3.9.3. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

File Upload Xiaomi Millet Firmware
NVD
EPSS 1% CVSS 8.8
HIGH This Week

A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists in U.motion Server (MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 -. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Meg6501 0001 Firmware Meg6501 0002 Firmware +2
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

In Code42 Enterprise 6.7.5 and earlier, 6.8.4 through 6.8.8, and 7.0.0 a vulnerability has been identified that may allow arbitrary files to be uploaded to Code42 servers and executed. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload RCE Code42
NVD
EPSS 3% CVSS 7.2
HIGH POC This Week

OpenEMR v5.0.1-6 allows code execution. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Openemr
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

In Pimcore before 5.7.1, an attacker with limited privileges can bypass file-extension restrictions via a 256-character filename, as demonstrated by the failure of automatic renaming of .php to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

PHP File Upload Pimcore
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

upload_model() in /admini/controllers/system/managemodel.php in DocCms 2016.5.17 allow remote attackers to execute arbitrary PHP code through module management files, as demonstrated by a .php file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Doccms
NVD GitHub
EPSS 7% CVSS 8.8
HIGH POC This Week

framework/admin/modulec_control.php in OKLite v1.2.25 has an Arbitrary File Upload Vulnerability because a .php file from a ZIP archive can be written to /data/cache/. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Oklite
NVD
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

The Rich Text Formatter (Redactor) extension through v1.1.1 for Symphony CMS has an Unauthenticated arbitrary file upload vulnerability in content.fileupload.php and content.imageupload.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Rich Text Formatter
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

eGain Chat 15.0.3 allows unrestricted file upload. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Chat
NVD
EPSS 33% CVSS 8.8
HIGH POC THREAT This Week

Multiple file upload restriction bypass vulnerabilities in Sentrifugo 3.2 could allow authenticated users to execute arbitrary code via a webshell. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Sentrifugo
NVD Exploit-DB
EPSS 2% CVSS 8.8
HIGH POC This Week

The crelly-slider plugin before 1.3.5 for WordPress has arbitrary file upload via a PHP file inside a ZIP archive to wp_ajax_crellyslider_importSlider. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload WordPress +1
NVD
EPSS 2% CVSS 8.8
HIGH This Week

The insert-or-embed-articulate-content-into-wordpress plugin before 4.2999 for WordPress has insufficient restrictions on file upload. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload WordPress Insert Or Embed Articulate Content
NVD
EPSS 3% CVSS 9.8
CRITICAL Act Now

CSZ CMS 1.2.3 allows arbitrary file upload, as demonstrated by a .php file to admin/filemanager in the File Management Module, which leads to remote code execution by visiting a photo/upload/2019/. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP File Upload RCE +1
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

Mirasys VMS before V7.6.1 and 8.x before V8.3.2 mishandles the auto-update feature of IDVRUpdateService2 in DVRServer.exe. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Mirasys Vms
NVD
EPSS 1% CVSS 7.0
HIGH POC This Week

An unauthenticated privilege escalation exists in SailPoint Desktop Password Reset 7.2. Rated high severity (CVSS 7.0). Public exploit code available and no vendor patch available.

Privilege Escalation File Upload Microsoft +1
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL Act Now

filemgr.php in Artica Integria IMS 5.0.86 allows index.php?sec=wiki&sec2=operation/wiki/wiki&action=upload arbitrary file upload. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP File Upload Integria Ims
NVD
EPSS 2% CVSS 8.8
HIGH This Week

The profile photo upload feature in Leaf Admin 61.9.0212.10 f allows Unrestricted Upload of a File with a Dangerous Type. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Leaf Admin
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM This Month

The XML parser, which is being used by SAP Enable Now, before version 1902, has not been hardened correctly, leading to Missing XML Validation vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE File Upload SAP +1
NVD
EPSS 2% CVSS 8.8
HIGH This Week

A remote arbitrary file upload vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to 5.0.5.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload 3Par Service Processor Firmware
NVD
EPSS 2% CVSS 7.5
HIGH POC PATCH This Week

The api/admin/logoupload Logo File upload feature in EMCA Energy Logserver 6.1.2 allows attackers to send any kind of file to any location on the server via path traversal in the filename parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

File Upload Path Traversal Energy Logserver
NVD GitHub
EPSS 2% CVSS 7.2
HIGH PATCH This Week

A file upload restriction bypass exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE File Upload Adobe +1
NVD
EPSS 2% CVSS 7.2
HIGH PATCH This Week

A file upload filter bypass exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Adobe Magento
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

Insufficient server-side validation of user input could allow an attacker to bypass file upload restrictions in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Adobe Magento
NVD
EPSS 3% CVSS 7.2
HIGH POC This Week

Unrestricted upload of file with dangerous type in WallacePOS 1.4.3 allows a remote, authenticated attacker to execute arbitrary code by uploading a malicious PHP file. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload RCE +1
NVD
EPSS 75% CVSS 8.8
HIGH POC THREAT Act Now

An insecure file upload and code execution issue was discovered in Ahsay Cloud Backup Suite 8.1.0.50. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Cloud Backup Suite
NVD Exploit-DB
EPSS 1% CVSS 3.7
LOW PATCH Monitor

Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: Attachments / File Upload). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

File Upload Oracle Application Object Library
NVD
EPSS 2% CVSS 7.5
HIGH POC PATCH This Week

GoUrl.io GoURL Wordpress Plugin 1.4.13 and earlier is affected by: CWE-434. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP File Upload WordPress +1
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC This Week

MODX Revolution Gallery 1.7.0 is affected by: CWE-434: Unrestricted Upload of File with Dangerous Type. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Modx Revolution
NVD
EPSS 3% CVSS 9.8
CRITICAL POC Act Now

Missing file and path validation in the ringtone upload function of the Akuvox R50P VoIP phone 50.0.6.156 allows an attacker to upload a manipulated ringtone file, with an executable payload (shell. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Sp R50P Firmware
NVD
EPSS 2% CVSS 8.8
HIGH POC This Week

Directus 7 API before 2.3.0 does not validate uploaded files. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Directus 7 Api
NVD GitHub
EPSS 2% CVSS 8.8
HIGH POC This Week

In Directus 7 API through 2.3.0, uploading of PHP files is blocked only when the Apache HTTP Server is used, leading to uploads/_/originals remote code execution with nginx. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Nginx +3
NVD GitHub
EPSS 3% CVSS 8.8
HIGH POC This Week

In Directus 7 API before 2.2.1, uploading of PHP files is not blocked, leading to uploads/_/originals remote code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload RCE +1
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

LayerBB 1.1.3 allows admin/general.php arbitrary file upload because the custom_logo filename suffix is not restricted, and .php may be used. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Layerbb
NVD
EPSS 26% CVSS 7.5
HIGH POC THREAT This Week

In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.836, a cwpsrv-xxx cookie allows a normal user to craft and upload a session file to the /tmp directory, and use it to become the root user. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

File Upload Webpanel
NVD GitHub Exploit-DB
EPSS 2% CVSS 9.8
CRITICAL PATCH Act Now

PluckCMS 4.7.4 and earlier is affected by: CWE-434 Unrestricted Upload of File with Dangerous Type. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

PHP File Upload Pluckcms
NVD GitHub
EPSS 1% CVSS 7.2
HIGH PATCH This Week

A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier (All versions), SIMATIC PCS 7 V8.1 (All versions < V8.1 with WinCC V7.3 Upd 19), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1 with. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload Simatic Pcs 7 Simatic Wincc +1
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

In Hunesion i-oneNet version 3.0.7 ~ 3.0.53 and 4.0.4 ~ 4.0.16, the specific upload web module doesn't verify the file extension and type, and an attacker can upload a webshell. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload I Onenet
NVD
EPSS 2% CVSS 7.2
HIGH This Week

SAP NetWeaver for Java Application Server - Web Container, (engineapi, versions 7.1, 7.2, 7.3, 7.31, 7.4 and 7.5), (servercode, versions 7.2, 7.3, 7.31, 7.4, 7.5), allows an attacker to upload files. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java File Upload SAP +1
NVD
EPSS 1% CVSS 7.5
HIGH POC This Week

An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) 3.0.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Owasp Modsecurity Core Rule Set
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

BKS EBK Ethernet-Buskoppler Pro before 3.01 allows Unrestricted Upload of a File with a Dangerous Type. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Bks Ebk Ethernet Buskoppler Pro Firmware
NVD
EPSS 70% CVSS 10.0
CRITICAL POC THREAT Act Now

Linear eMerge E3-Series devices allow Unrestricted File Upload. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Linear Emerge Essential Firmware Linear Emerge Elite Firmware
NVD Exploit-DB
EPSS 6% CVSS 10.0
CRITICAL POC Act Now

Linear eMerge 50P/5000P devices allow Unauthenticated File Upload. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Linear Emerge 50P Firmware Linear Emerge 5000P Firmware
NVD
EPSS 4% CVSS 8.8
HIGH PATCH This Week

IBM Security Guardium 10.5 could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable web server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload IBM RCE +1
NVD
EPSS 29% CVSS 9.8
CRITICAL POC THREAT Act Now

Optergy Proton/Enterprise devices allow Authenticated File Upload with Code Execution as root. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Enterprise +1
NVD Exploit-DB
EPSS 31% CVSS 8.8
HIGH POC THREAT This Week

Prima Systems FlexAir, Versions 2.3.38 and prior. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Flexair
NVD
EPSS 4% CVSS 9.8
CRITICAL POC Act Now

Chamilo LMS 1.11.8 and 2.x allows remote code execution through an lp_upload.php unauthenticated file upload feature. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload RCE +1
NVD
EPSS 12% CVSS 7.5
HIGH POC THREAT This Week

SeedDMS before 5.1.11 allows Remote Command Execution (RCE) because of unvalidated file upload of PHP scripts, a different vulnerability than CVE-2018-12940. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

PHP File Upload Seeddms
NVD Exploit-DB
EPSS 2% CVSS 7.2
HIGH POC This Week

madskristensen MiniBlog through 2018-05-18 allows remote attackers to execute arbitrary ASPX code via an IMG element with a data: URL, because SaveFilesToDisk in app_code/handlers/PostHandler.cs. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Miniblog
NVD GitHub
EPSS 3% CVSS 10.0
CRITICAL Act Now

BD Alaris Gateway Workstation Versions, 1.1.3 Build 10, 1.1.3 MR Build 11, 1.2 Build 15, 1.3.0 Build 14, 1.3.1 Build 13, This does not impact the latest firmware Versions 1.3.2 and 1.6.1,. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Alaris Gateway Workstation Firmware Alaris Gs Syringe Pump Firmware +3
NVD
EPSS 17% CVSS 9.8
CRITICAL Act Now

ColdFusion versions Update 3 and earlier, Update 10 and earlier, and Update 18 and earlier have a file extension blacklist bypass vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload RCE Coldfusion
NVD
EPSS 1% CVSS 8.8
HIGH This Week

IBM Intelligent Operations Center (IOC) 5.1.0 through 5.2.0 does not properly validate file types, allowing an attacker to upload malicious content. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload IBM Intelligent Operations Center +2
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

IBM Maximo Asset Management 7.6 Work Centers' application does not validate file type upon upload, allowing attackers to upload malicious files. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload IBM Control Desk +9
NVD
EPSS 12% CVSS 8.8
HIGH POC THREAT This Week

Prima Systems FlexAir, Versions 2.4.9api3 and prior. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Python RCE +1
NVD Exploit-DB
EPSS 3% CVSS 8.8
HIGH This Week

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload RCE Intelligent Management Center
NVD
EPSS 3% CVSS 8.8
HIGH PATCH This Week

Bludit before 3.9.0 allows remote code execution for an authenticated user by uploading a php file while changing the logo through /admin/ajax/upload-logo. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

PHP File Upload RCE +1
NVD GitHub
EPSS 4% CVSS 9.8
CRITICAL POC Act Now

The WP Live Chat Support Pro plugin through 8.0.26 for WordPress contains an arbitrary file upload vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload WordPress Live Chat
NVD
EPSS 6% CVSS 9.8
CRITICAL POC Act Now

A vulnerable upl/async_upload.asp web API endpoint in Ivanti LANDESK Management Suite (LDMS, aka Endpoint Manager) 10.0.1.168 Service Update 5 allows arbitrary file upload, which may lead to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Ivanti File Upload RCE +1
NVD
EPSS 73% CVSS 8.8
HIGH POC THREAT Act Now

ATutor 2.2.4 allows Arbitrary File Upload and Directory Traversal, resulting in remote code execution via a ".." pathname in a ZIP archive to the mods/_core/languages/language_import.php (aka Import. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Path Traversal +2
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC This Month

A stored XSS vulnerability exists in the web application of Pydio through 8.2.2 that can be exploited by levering the file upload and file preview features of the application. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS File Upload Pydio
NVD
EPSS 67% CVSS 9.8
CRITICAL Act Now

ColdFusion versions Update 2 and earlier, Update 9 and earlier, and Update 17 and earlier have a file upload restriction bypass vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload RCE Coldfusion
NVD
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

Karamasoft UltimateEditor 1 does not ensure that an uploaded file is an image or document (neither file types nor extensions are restricted). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Ultimateeditor
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM This Month

An issue was discovered in WSO2 API Manager 2.6.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Api Manager
NVD
EPSS 18% CVSS 8.8
HIGH POC THREAT This Week

eLabFTW 1.8.5 is vulnerable to arbitrary file uploads via the /app/controllers/EntityController.php component. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Elabftw
NVD GitHub Exploit-DB
EPSS 9% CVSS 8.8
HIGH POC This Week

ATutor through 2.2.4 is vulnerable to arbitrary file uploads via the mods/_core/backups/upload.php (aka backup) component. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Atutor
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL Act Now

SimplyBook.me through 2019-05-11 does not properly restrict File Upload which could allow remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload RCE Simplybook
NVD
EPSS 18% CVSS 8.8
HIGH POC PATCH THREAT This Week

In PHP-Fusion 9.03.00, edit_profile.php allows remote authenticated users to execute arbitrary code because includes/dynamics/includes/form_fileinput.php and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP File Upload RCE +1
NVD GitHub Exploit-DB
EPSS 8% CVSS 6.5
MEDIUM POC This Month

An issue was discovered in Webiness Inventory 2.3. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Webiness Inventory
NVD Exploit-DB
EPSS 13% CVSS 8.1
HIGH POC THREAT This Week

Path Traversal and Unrestricted File Upload exists in the Ninja Forms plugin before 3.0.23 for WordPress (when the Uploads add-on is activated). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

PHP File Upload Path Traversal +2
NVD
EPSS 1% CVSS 7.5
HIGH POC This Week

The WooCommerce Checkout Manager plugin before 4.3 for WordPress allows media deletion via the wp-admin/admin-ajax.php?action=update_attachment_wccm wccm_default_keys_load parameter because of a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload WordPress +1
NVD
EPSS 2% CVSS 8.8
HIGH POC This Week

/fileman/php/upload.php in doorGets 7.0 has an arbitrary file upload vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Doorgets Cms
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

An issue was discovered in AikCms v2.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Aikcms
NVD GitHub
EPSS 2% CVSS 8.8
HIGH This Week

The administrative server component of TIBCO Software Inc.'s TIBCO ActiveMatrix BPM, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric, TIBCO ActiveMatrix Policy Director, TIBCO. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload RCE Activematrix Bpm +4
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

Western Digital My Cloud, My Cloud Mirror Gen2, My Cloud EX2 Ultra, My Cloud EX2100, My Cloud EX4100, My Cloud DL2100, My Cloud DL4100, My Cloud PR2100 and My Cloud PR4100 firmware before 2.31.174 is. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP File Upload My Cloud Mirror Gen 2 Firmware +8
NVD GitHub
EPSS 1% CVSS 8.2
HIGH PATCH This Week

Vulnerability in the Oracle Applications Framework component of Oracle E-Business Suite (subcomponent: Attachments / File Upload). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass File Upload Oracle +1
NVD
EPSS 53% CVSS 8.8
HIGH POC THREAT This Week

An issue was discovered in CutePHP CuteNews 2.1.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload RCE +1
NVD Exploit-DB
EPSS 8% CVSS 8.8
HIGH POC This Week

An issue was discovered in ATutor through 2.2.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Atutor
NVD Exploit-DB
EPSS 14% CVSS 7.2
HIGH POC THREAT This Week

OpenKM 6.3.2 through 6.3.7 allows an attacker to upload a malicious JSP file into the /okm:root directories and move that file to the home directory of the site, via frontend/FileUpload and. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Openkm
NVD Exploit-DB
EPSS 3% CVSS 7.2
HIGH POC PATCH This Week

A issue was discovered in SiteServer CMS 6.9.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Siteserver Cms
NVD GitHub
EPSS 2% CVSS 8.8
HIGH POC This Week

wcms/wex/finder/action.php in WCMS v0.3.2 has a Arbitrary File Upload Vulnerability via developer/finder because .php is a valid extension according to the fm_get_text_exts function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Wcms
NVD GitHub
EPSS 4% CVSS 9.8
CRITICAL POC Act Now

data/inc/files.php in Pluck 4.7.8 allows remote attackers to execute arbitrary code by uploading a .htaccess file that specifies SetHandler x-httpd-php for a .txt file, because only certain. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload RCE +1
NVD GitHub
EPSS 9% CVSS 9.8
CRITICAL POC Act Now

An Unrestricted File Upload Vulnerability in the SupportCandy plugin through 2.0.0 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload WordPress RCE +1
NVD
EPSS 14% CVSS 9.9
CRITICAL POC THREAT Act Now

IBM BigFix Platform 9.5 could allow any authenticated user to upload any file to any location on the server with root privileges. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload IBM RCE +1
NVD Exploit-DB
EPSS 4% CVSS 9.8
CRITICAL Act Now

Advantech WebAccess 8.3.4 is vulnerable to file upload attacks via unauthenticated RPC call. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload RCE Webaccess
NVD
EPSS 3% CVSS 8.8
HIGH This Week

GAT-Ship Web Module before 1.40 suffers from a vulnerability allowing authenticated attackers to upload any file type to the server via the "Documents" area. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Web Module
NVD VulDB
Prev Page 40 of 45 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy