Skip to main content

File Upload

4034 CVEs technique

Monthly

CVE-2019-10478 HIGH POC This Week

An issue was discovered on Glory RBW-100 devices with firmware ISP-K05-02 7.0.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Rbw 100 Firmware
NVD GitHub
CVSS 3.0
7.2
EPSS
1.9%
CVE-2019-10874 PHP HIGH POC PATCH This Week

Cross Site Request Forgery (CSRF) in the bolt/upload File Upload feature in Bolt CMS 3.6.6 allows remote attackers to execute arbitrary code by uploading a JavaScript file to include executable. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE CSRF Bolt
NVD GitHub Exploit-DB
CVSS 3.0
8.8
EPSS
4.5%
CVE-2019-3489 HIGH This Week

An unauthenticated file upload vulnerability has been identified in the Web Client component of Micro Focus Content Manager 9.1, 9.2, and 9.3 when configured to use the ADFS authentication method. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Content Manager
NVD
CVSS 3.0
7.5
EPSS
1.7%
CVE-2019-10652 HIGH POC This Week

An issue was discovered in flatCore 1.4.7. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Flatcore
NVD GitHub Exploit-DB
CVSS 3.0
7.2
EPSS
7.1%
CVE-2019-10647 CRITICAL POC Act Now

ZZZCMS zzzphp v1.6.3 allows remote attackers to execute arbitrary PHP code via a .php URL in the plugins/ueditor/php/controller.php?action=catchimage source[] parameter because of a lack of. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Zzzphp
NVD GitHub
CVSS 3.0
9.8
EPSS
6.6%
CVE-2019-10276 CRITICAL POC Act Now

Western Bridge Cobub Razor 0.8.0 has a file upload vulnerability via the web/assets/swf/uploadify.php URI, as demonstrated by a .php file with the image/jpeg content type. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Razor
NVD GitHub
CVSS 3.0
9.8
EPSS
1.8%
CVE-2019-10012 HIGH POC This Week

Jenzabar JICS (aka Internet Campus Solution) before 9 allows remote attackers to upload and execute arbitrary .aspx code by placing it in a ZIP archive and using the MoxieManager (for .NET) plugin. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

File Upload Internet Campus Solution Moxiemanager
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2019-3495 HIGH POC This Week

An issue was discovered on Wifi-soft UniBox controller 0.x through 2.x devices. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Unibox Firmware
NVD
CVSS 3.1
8.8
EPSS
4.9%
CVE-2019-9825 CRITICAL Act Now

FeiFeiCMS 4.1.190209 allows remote attackers to upload and execute arbitrary PHP code by visiting index.php?s=Admin-Index to modify the set of allowable file extensions, as demonstrated by adding php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP File Upload Feifeicms
NVD GitHub
CVSS 3.0
9.8
EPSS
2.2%
CVE-2019-9692 MEDIUM POC PATCH THREAT This Month

class.showtime2_image.php in CMS Made Simple (CMSMS) before 2.2.10 does not ensure that a watermark file has a standard image file extension (GIF, JPG, JPEG, or PNG). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP File Upload Cms Made Simple
NVD Exploit-DB
CVSS 3.0
6.5
EPSS
45.9%
CVE-2019-9185 PHP HIGH POC PATCH This Week

Controller/Async/FilesystemManager.php in the filemanager in Bolt before 3.6.5 allows remote attackers to execute arbitrary PHP code by renaming a previously uploaded file to have a .php extension. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP File Upload Bolt
NVD GitHub
CVSS 3.0
8.8
EPSS
2.7%
CVE-2019-9623 CRITICAL POC Act Now

Feng Office 3.7.0.5 allows remote attackers to execute arbitrary code via "<!--#exec cmd=" in a .shtml file to ck_upload_handler.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Microsoft RCE Feng Office
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
8.1%
CVE-2019-9617 HIGH POC This Week

An issue was discovered in OFCMS before 1.1.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Ofcms
NVD
CVSS 3.0
8.8
EPSS
2.7%
CVE-2019-9613 HIGH POC This Week

An issue was discovered in OFCMS before 1.1.3. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Ofcms
NVD
CVSS 3.0
7.2
EPSS
2.7%
CVE-2019-9612 HIGH POC This Week

An issue was discovered in OFCMS before 1.1.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Ofcms
NVD
CVSS 3.0
8.8
EPSS
2.7%
CVE-2019-9609 HIGH POC This Week

An issue was discovered in OFCMS before 1.1.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Ofcms
NVD
CVSS 3.0
8.8
EPSS
2.7%
CVE-2019-9608 HIGH POC This Week

An issue was discovered in OFCMS before 1.1.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Ofcms
NVD
CVSS 3.0
8.8
EPSS
2.7%
CVE-2019-9581 HIGH POC PATCH THREAT This Week

phpscheduleit Booked Scheduler 2.7.5 allows arbitrary file upload via the Favicon field, leading to execution of arbitrary Web/custom-favicon.php PHP code, because. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP File Upload Booked
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
13.5%
CVE-2019-9572 HIGH POC This Week

SchoolCMS version 2.3.1 allows file upload via the theme upload feature at admin.php?m=admin&c=theme&a=upload by using the .zip extension along with the _Static substring, changing the Content-Type. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Schoolcms
NVD GitHub
CVSS 3.0
7.2
EPSS
2.0%
CVE-2019-9181 HIGH POC This Week

SchoolCMS version 2.3.1 allows file upload via the logo upload feature at admin.php?m=admin&c=site&a=save by using the .jpg extension, changing the Content-Type to image/php, and placing PHP code. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Schoolcms
NVD
CVSS 3.0
7.2
EPSS
2.0%
CVE-2019-9050 HIGH POC This Week

An issue was discovered in Pluck 4.7.9-dev1. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Pluck
NVD GitHub
CVSS 3.0
7.2
EPSS
2.0%
CVE-2019-9042 HIGH POC This Week

An issue was discovered in Sitemagic CMS v4.4. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload RCE Sitemagic Cms
NVD
CVSS 3.0
7.2
EPSS
2.0%
CVE-2019-8942 HIGH POC THREAT Act Now

WordPress before 4.9.9 and 5.x before 5.0.1 allows remote code execution because an _wp_attached_file Post Meta entry can be changed to an arbitrary string, such as one ending with a .jpg?file.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload WordPress RCE Debian Linux
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
82.7%
CVE-2019-8933 HIGH POC This Week

In DedeCMS 5.7SP2, attackers can upload a .php file to the uploads/ directory (without being blocked by the Web Application Firewall), and then execute this file, via this sequence of steps: visiting. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Dedecms
NVD
CVSS 3.0
8.8
EPSS
3.4%
CVE-2019-8433 HIGH POC This Week

JTBC(PHP) 3.0.1.8 allows Arbitrary File Upload via the console/#/console/file/manage.php?type=list URI, as demonstrated by a .php file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Jtbc Php
NVD GitHub
CVSS 3.0
7.5
EPSS
1.2%
CVE-2019-8394 MEDIUM POC KEV THREAT This Month

Zoho ManageEngine ServiceDesk Plus (SDP) before 10.0 build 10012 allows remote attackers to upload arbitrary files via login page customization. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Zoho Manageengine Servicedesk Plus
NVD Exploit-DB
CVSS 3.1
6.5
EPSS
64.1%
CVE-2019-8362 HIGH POC This Week

DedeCMS through V5.7SP2 allows arbitrary file upload in dede/album_edit.php or dede/album_add.php, as demonstrated by a dede/album_edit.php?dopost=save&formzip=1 request with a ZIP archive that. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Dedecms
NVD
CVSS 3.0
7.5
EPSS
1.5%
CVE-2019-0259 CRITICAL Act Now

SAP BusinessObjects, versions 4.2 and 4.3, (Visual Difference) allows an attacker to upload any file (including script files) without proper file format validation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload SAP Businessobjects
NVD
CVSS 3.0
9.8
EPSS
2.0%
CVE-2019-7721 HIGH POC This Week

lib/NCCms.class.php in nc-cms 3.5 allows upload of .php files via the index.php?action=save name and editordata parameters. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Nc Cms
NVD GitHub
CVSS 3.0
7.5
EPSS
1.2%
CVE-2019-7684 CRITICAL POC Act Now

inxedu through 2018-12-24 has a vulnerability that can lead to the upload of a malicious JSP file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Inxedu
NVD
CVSS 3.0
9.8
EPSS
2.1%
CVE-2019-6139 CRITICAL Act Now

Forcepoint User ID (FUID) server versions up to 1.2 have a remote arbitrary file upload vulnerability on TCP port 5001. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload RCE User Id
NVD
CVSS 3.1
9.8
EPSS
2.4%
CVE-2019-0018 MEDIUM PATCH This Month

A persistent cross-site scripting (XSS) vulnerability in the file upload menu of Juniper ATP may allow an authenticated user to inject arbitrary scripts and steal sensitive data and credentials from. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Juniper XSS File Upload Information Disclosure Advanced Threat Prevention
NVD
CVSS 3.0
5.4
EPSS
0.5%
CVE-2019-0017 HIGH This Week

The Junos Space application, which allows Device Image files to be uploaded, has insufficient validity checking which may allow uploading of malicious images or scripts, or other content types. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Juniper File Upload Junos Space
NVD
CVSS 3.0
8.8
EPSS
1.1%
CVE-2019-5009 HIGH POC PATCH This Week

Vtiger CRM 7.1.0 before Hotfix2 allows uploading files with the extension "php3" in the logo upload field, if the uploaded file is in PNG format and has a size of 150x40. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP File Upload Vtiger Crm
NVD Exploit-DB
CVSS 3.1
7.2
EPSS
9.9%
CVE-2018-5204 CRITICAL Act Now

ML Report version Between 2.00.000.0000 and 2.18.628.5980 contains a vulnerability that could allow remote attacker to download and execute remote arbitrary file by setting the arguments to the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload RCE Ml Report
NVD
CVSS 3.0
9.8
EPSS
2.3%
CVE-2018-15333 MEDIUM This Month

On versions 11.2.1. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

File Upload Big Ip Local Traffic Manager Big Ip Advanced Firewall Manager Big Ip Application Acceleration Manager Big Ip Analytics +9
NVD
CVSS 3.0
5.5
EPSS
0.4%
CVE-2018-7836 CRITICAL Act Now

An unrestricted Upload of File with Dangerous Type vulnerability exists on numerous methods of the IIoT Monitor 3.1.38 software that could allow upload and execution of malicious files. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Iiot Monitor
NVD
CVSS 3.0
9.8
EPSS
32.0%
CVE-2018-1000839 HIGH POC This Week

LH-EHR version REL-2_0_0 contains a Arbitrary File Upload vulnerability in Profile picture upload that can result in Remote Code Execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE PHP Librehealth Ehr
NVD GitHub
CVSS 3.0
8.8
EPSS
3.1%
CVE-2018-1000811 HIGH POC THREAT This Week

bludit version 3.0.0 contains a Unrestricted Upload of File with Dangerous Type vulnerability in Content Upload in Pages Editor that can result in Remote Command Execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Bludit
NVD GitHub Exploit-DB
CVSS 3.0
8.8
EPSS
47.6%
CVE-2018-19789 PHP MEDIUM PATCH This Month

An issue was discovered in Symfony 2.7.x before 2.7.50, 2.8.x before 2.8.49, 3.x before 3.4.20, 4.0.x before 4.0.15, 4.1.x before 4.1.9, and 4.2.x before 4.2.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload RCE Symfony Debian Linux
NVD
CVSS 3.0
5.3
EPSS
3.6%
CVE-2018-6152 CRITICAL Act Now

The implementation of the Page.downloadBehavior backend unconditionally marked downloaded files as safe, regardless of file type in Google Chrome prior to 66.0.3359.117 allowed an attacker who. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google File Upload Chrome Enterprise Linux Desktop Enterprise Linux Server +2
NVD
CVSS 3.0
9.6
EPSS
1.3%
CVE-2018-16097 MEDIUM PATCH This Month

LXCI for VMware versions prior to 5.5 and LXCI for Microsoft System Center versions prior to 3.5, allow an authenticated user to write to any system file due to insufficient sanitization during the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload Microsoft VMware Xclarity Integrator
NVD
CVSS 3.0
6.5
EPSS
0.5%
CVE-2018-16093 MEDIUM PATCH This Month

In versions prior to 5.5, LXCI for VMware allows an authenticated user to write to any system file due to insufficient sanitization during the upload of a backup file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload VMware Xclarity Integrator
NVD
CVSS 3.0
6.5
EPSS
0.7%
CVE-2018-15537 HIGH This Week

Unrestricted file upload (with remote code execution) in OCS Inventory NG ocsreports allows a privileged user to gain access to the server via crafted HTTP requests. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload RCE Ocsinventory Ng
NVD
CVSS 3.0
8.8
EPSS
5.0%
CVE-2018-19692 CRITICAL POC Act Now

An issue was discovered in tp5cms through 2017-05-25. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Tp5Cms
NVD GitHub
CVSS 3.0
9.8
EPSS
1.5%
CVE-2018-17936 CRITICAL POC THREAT Emergency

NUUO CMS All versions 3.3 and prior the application allows the upload of arbitrary files that can modify or overwrite configuration files to the server, which could allow remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload RCE Nuuo Cms
NVD GitHub
CVSS 3.0
9.8
EPSS
15.3%
CVE-2018-19562 HIGH POC This Week

An issue was discovered in PHPok 4.9.015. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE PHP Phpok
NVD
CVSS 3.0
8.8
EPSS
2.2%
CVE-2018-19550 HIGH POC This Week

Interspire Email Marketer through 6.1.6 allows arbitrary file upload via a surveys_submit.php "create survey and submit survey" operation, which can cause a .php file to be accessible under a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload PHP Email Marketer
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
6.0%
CVE-2018-19537 HIGH POC This Week

TP-Link Archer C5 devices through V2_160201_US allow remote command execution via shell metacharacters on the wan_dyn_hostname line of a configuration file that is encrypted with the 478DA50BF9E3D2CF. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload TP-Link Archer C5 Firmware
NVD GitHub
CVSS 3.0
7.2
EPSS
6.0%
CVE-2018-19457 HIGH POC This Week

Logicspice FAQ Script 2.9.7 allows uploading arbitrary files, which leads to remote command execution via admin/faqs/faqimages with a .php file. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Faq Script
NVD Exploit-DB
CVSS 3.0
7.2
EPSS
3.9%
CVE-2018-19424 HIGH This Week

ClipperCMS 1.3.3 allows remote authenticated administrators to upload .htaccess files. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Clippercms
NVD GitHub
CVSS 3.0
7.2
EPSS
1.8%
CVE-2018-19423 HIGH POC THREAT This Week

Codiad 2.8.4 allows remote authenticated administrators to execute arbitrary code by uploading an executable file. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Codiad
NVD GitHub Exploit-DB
CVSS 3.1
7.2
EPSS
18.0%
CVE-2018-19422 PHP HIGH POC PATCH THREAT Act Now

/panel/uploads in Subrion CMS 4.2.1 allows remote attackers to execute arbitrary PHP code via a .pht or .phar file, because the .htaccess file omits these. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Subrion Cms
NVD GitHub Exploit-DB
CVSS 3.1
7.2
EPSS
64.3%
CVE-2018-19421 LOW POC Monitor

In GetSimpleCMS 3.3.15, admin/upload.php blocks .html uploads but Internet Explorer render HTML elements in a .eml file, because of admin/upload-uploadify.php, and validate_safe_file in. Rated low severity (CVSS 3.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Getsimple Cms
NVD GitHub
CVSS 3.0
3.8
EPSS
0.8%
CVE-2018-19420 LOW POC Monitor

In GetSimpleCMS 3.3.15, admin/upload.php blocks .html uploads but there are several alternative cases in which HTML can be executed, such as a file with no extension or an unrecognized extension. Rated low severity (CVSS 3.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Getsimple Cms
NVD GitHub
CVSS 3.0
3.8
EPSS
0.8%
CVE-2018-18565 MEDIUM This Month

An issue was discovered in Roche Accu-Chek Inform II Instrument before 03.06.00 (Serial number below 14000) and 04.x before 04.03.00 (Serial Number above 14000), CoaguChek Pro II before 04.03.00,. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

File Upload Accu Chek Inform Ii Firmware Cobas H 232 Firmware Coaguchek Pro Ii Firmware Coaguchek Xs Plus Firmware +1
NVD
CVSS 3.0
6.8
EPSS
0.5%
CVE-2018-18563 CRITICAL Act Now

An issue was discovered in Roche Accu-Chek Inform II Instrument before 03.06.00 (Serial number below 14000) and 04.x before 04.03.00 (Serial Number above 14000), CoaguChek Pro II before 04.03.00,. Rated critical severity (CVSS 9.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

File Upload RCE Accu Chek Inform Ii Firmware Cobas H 232 Firmware Coaguchek Pro Ii Firmware +2
NVD
CVSS 3.0
9.6
EPSS
1.0%
CVE-2018-9209 PHP CRITICAL POC Act Now

Unauthenticated arbitrary file upload vulnerability in FineUploader php-traditional-server <= v1.2.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Php Traditional Server
NVD
CVSS 3.0
9.8
EPSS
1.8%
CVE-2018-9207 npm CRITICAL POC PATCH Act Now

Arbitrary file upload in jQuery Upload File <= 4.0.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Jquery Upload File
NVD
CVSS 3.0
9.8
EPSS
3.5%
CVE-2018-19355 CRITICAL POC Act Now

modules/orderfiles/ajax/upload.php in the Customer Files Upload addon 2018-08-01 for PrestaShop (1.5 through 1.7) allows remote attackers to execute arbitrary code by uploading a php file via. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE PHP Prestashop Customer Files Upload
NVD
CVSS 3.1
9.8
EPSS
3.5%
CVE-2018-18793 CRITICAL POC Act Now

School Event Management System 1.0 allows Arbitrary File Upload via event/controller.php?action=photos. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP School Event Management System
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
9.5%
CVE-2018-0686 HIGH This Week

Denbun by NEOJAPAN Inc. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Debun Imap Debun Pop
NVD
CVSS 3.0
8.8
EPSS
1.5%
CVE-2018-19135 HIGH POC This Week

ClipperCMS 1.3.3 does not have CSRF protection on its kcfinder file upload (enabled by default). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload CSRF Clippercms
NVD GitHub Exploit-DB
CVSS 3.0
8.8
EPSS
3.0%
CVE-2018-19126 CRITICAL POC PATCH THREAT Act Now

PrestaShop 1.6.x before 1.6.1.23 and 1.7.x before 1.7.4.4 allows remote attackers to execute arbitrary code via a file upload. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

File Upload RCE Prestashop
NVD GitHub Exploit-DB
CVSS 3.0
9.8
EPSS
22.5%
CVE-2018-9208 CRITICAL POC Act Now

Unauthenticated arbitrary file upload vulnerability in jQuery Picture Cut <= v1.1Beta. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Jquery Picture Cut
NVD
CVSS 3.0
9.8
EPSS
2.7%
CVE-2018-18942 PHP HIGH POC PATCH This Week

In baserCMS before 4.1.4, lib\Baser\Model\ThemeConfig.php allows remote attackers to execute arbitrary PHP code via the admin/theme_configs/form data[ThemeConfig][logo] parameter. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Basercms
NVD GitHub
CVSS 3.0
7.2
EPSS
2.4%
CVE-2018-1552 HIGH PATCH This Week

IBM Robotic Process Automation with Automation Anywhere 10.0 and 11.0 allows a remote attacker to execute arbitrary code on the system, caused by a missing restriction in which file types can be. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload IBM RCE Robotic Process Automation With Automation Anywhere
NVD
CVSS 3.0
8.8
EPSS
2.9%
CVE-2018-18888 CRITICAL POC Act Now

An issue was discovered in laravelCMS through 2018-04-02. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Laravelcms
NVD GitHub
CVSS 3.0
9.8
EPSS
1.3%
CVE-2018-18874 CRITICAL POC Act Now

nc-cms through 2017-03-10 allows remote attackers to execute arbitrary PHP code via the "Upload File or Image" feature, with a .php filename and "Content-Type: application/octet-stream" to the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Nc Cms
NVD GitHub
CVSS 3.0
9.8
EPSS
2.1%
CVE-2018-18830 Maven CRITICAL Act Now

An issue was discovered in com\mingsoft\basic\action\web\FileAction.java in MCMS 4.6.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java File Upload Mcms
NVD
CVSS 3.0
9.8
EPSS
1.2%
CVE-2018-18771 HIGH This Week

An issue was discovered in LuLu CMS through 2015-05-14. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload PHP Lulu Cms
NVD GitHub
CVSS 3.0
7.5
EPSS
0.9%
CVE-2018-18752 CRITICAL POC Act Now

Webiness Inventory 2.3 suffers from an Arbitrary File upload vulnerability via PHP code in the protected/library/ajax/WsSaveToModel.php logo parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Webiness Inventory
NVD
CVSS 3.0
9.8
EPSS
2.3%
CVE-2018-18475 CRITICAL Act Now

Zoho ManageEngine OpManager before 12.3 build 123214 allows Unrestricted Arbitrary File Upload. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zoho File Upload Manageengine Opmanager
NVD
CVSS 3.0
9.8
EPSS
22.1%
CVE-2018-18373 MEDIUM This Month

In the Schiocco "Support Board - Chat And Help Desk" plugin 1.2.3 for WordPress, a Stored XSS vulnerability has been discovered in file upload areas in the Chat and Help Desk sections via the msg. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload WordPress XSS PHP Support Board Chat And Help Desk
NVD
CVSS 3.0
5.4
EPSS
0.8%
CVE-2018-3244 MEDIUM PATCH This Month

Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: Attachments / File Upload). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle File Upload Application Object Library
NVD
CVSS 3.0
5.3
EPSS
1.9%
CVE-2018-3138 HIGH PATCH This Week

Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: Attachments / File Upload). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass File Upload Application Object Library
NVD
CVSS 3.0
8.2
EPSS
2.0%
CVE-2018-18382 HIGH POC This Week

Advanced HRM 1.6 allows Remote Code Execution via PHP code in a .php file to the user/update-user-avatar URI, which can be accessed through an "Update Profile" "Change Picture" (aka. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE PHP Advanced Hrm
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
2.7%
CVE-2018-18315 HIGH This Week

com/mossle/cdn/CdnController.java in lemon 1.9.0 allows attackers to upload arbitrary files because the copyMultipartFileToFile method in CdnUtils only checks for a ../ substring, and does not. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java File Upload Lemon
NVD GitHub
CVSS 3.0
7.5
EPSS
1.2%
CVE-2018-9206 npm CRITICAL POC PATCH THREAT Act Now

Unauthenticated arbitrary file upload vulnerability in Blueimp jQuery-File-Upload <= v9.22.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

File Upload Jquery File Upload
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
97.1%
CVE-2018-18086 HIGH POC This Week

EmpireCMS v7.5 has an arbitrary file upload vulnerability in the LoadInMod function in e/class/moddofun.php, exploitable by logged-in users. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Empirecms
NVD GitHub
CVSS 3.0
8.8
EPSS
1.5%
CVE-2018-17442 HIGH POC PATCH THREAT This Week

An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

File Upload D-Link PHP Central Wifimanager
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
14.2%
CVE-2018-17440 CRITICAL POC PATCH THREAT Act Now

An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

File Upload D-Link PHP Central Wifimanager
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
36.9%
CVE-2018-5402 HIGH This Week

The Auto-Maskin DCU 210E, RP-210E, and Marine Pro Observer Android App use an embedded webserver that uses unencrypted plaintext for the transmission of the administrator PIN Impact: An attacker once. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Google File Upload Rp 210E Firmware Dcu 210E Firmware Marine Pro Observer
NVD
CVSS 3.0
8.8
EPSS
0.9%
CVE-2018-17849 MEDIUM POC This Month

Navigate CMS 2.8 has Stored XSS via a navigate_upload.php (aka File Upload) request with a multipart/form-data JavaScript payload. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload XSS PHP Navigate Cms
NVD
CVSS 3.0
5.4
EPSS
0.5%
CVE-2018-17553 HIGH POC PATCH THREAT Act Now

An "Unrestricted Upload of File with Dangerous Type" issue with directory traversal in navigate_upload.php in Naviwebs Navigate CMS 2.8 allows authenticated attackers to achieve remote code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

File Upload RCE Path Traversal PHP Navigate Cms
NVD GitHub Exploit-DB
CVSS 3.0
8.8
EPSS
79.0%
CVE-2018-9074 MEDIUM This Month

For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the file upload functionality of the Content Explorer application is vulnerable to path traversal. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Lenovo File Upload Path Traversal Lenovoemc Firmware
NVD
CVSS 3.0
6.5
EPSS
1.0%
CVE-2018-17573 CRITICAL POC Act Now

The Wp-Insert plugin through 2.4.2 for WordPress allows upload of arbitrary PHP code because of the exposure and configuration of FCKeditor under. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload WordPress PHP Wp Insert
NVD
CVSS 3.0
9.8
EPSS
3.4%
CVE-2018-17055 HIGH POC This Week

An arbitrary file upload vulnerability in Progress Sitefinity CMS versions 4.0 through 11.0 related to image uploads. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Sitefinity
NVD
CVSS 3.0
7.5
EPSS
1.0%
CVE-2018-15961 CRITICAL POC KEV THREAT Emergency

Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have an unrestricted file upload vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Adobe RCE Coldfusion
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
100.0%
CVE-2018-16821 MEDIUM POC This Month

SeaCMS 6.64 allows arbitrary directory listing via upload/admin/admin_template.php?path=../templets/../../ requests. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Seacms
NVD
CVSS 3.0
5.3
EPSS
1.0%
EPSS 2% CVSS 7.2
HIGH POC This Week

An issue was discovered on Glory RBW-100 devices with firmware ISP-K05-02 7.0.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Rbw 100 Firmware
NVD GitHub
EPSS 5% CVSS 8.8
HIGH POC PATCH This Week

Cross Site Request Forgery (CSRF) in the bolt/upload File Upload feature in Bolt CMS 3.6.6 allows remote attackers to execute arbitrary code by uploading a JavaScript file to include executable. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE CSRF +1
NVD GitHub Exploit-DB
EPSS 2% CVSS 7.5
HIGH This Week

An unauthenticated file upload vulnerability has been identified in the Web Client component of Micro Focus Content Manager 9.1, 9.2, and 9.3 when configured to use the ADFS authentication method. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Content Manager
NVD
EPSS 7% CVSS 7.2
HIGH POC This Week

An issue was discovered in flatCore 1.4.7. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Flatcore
NVD GitHub Exploit-DB
EPSS 7% CVSS 9.8
CRITICAL POC Act Now

ZZZCMS zzzphp v1.6.3 allows remote attackers to execute arbitrary PHP code via a .php URL in the plugins/ueditor/php/controller.php?action=catchimage source[] parameter because of a lack of. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Zzzphp
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

Western Bridge Cobub Razor 0.8.0 has a file upload vulnerability via the web/assets/swf/uploadify.php URI, as demonstrated by a .php file with the image/jpeg content type. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Razor
NVD GitHub
EPSS 2% CVSS 7.5
HIGH POC This Week

Jenzabar JICS (aka Internet Campus Solution) before 9 allows remote attackers to upload and execute arbitrary .aspx code by placing it in a ZIP archive and using the MoxieManager (for .NET) plugin. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

File Upload Internet Campus Solution Moxiemanager
NVD
EPSS 5% CVSS 8.8
HIGH POC This Week

An issue was discovered on Wifi-soft UniBox controller 0.x through 2.x devices. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Unibox Firmware
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

FeiFeiCMS 4.1.190209 allows remote attackers to upload and execute arbitrary PHP code by visiting index.php?s=Admin-Index to modify the set of allowable file extensions, as demonstrated by adding php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP File Upload Feifeicms
NVD GitHub
EPSS 46% CVSS 6.5
MEDIUM POC PATCH THREAT This Month

class.showtime2_image.php in CMS Made Simple (CMSMS) before 2.2.10 does not ensure that a watermark file has a standard image file extension (GIF, JPG, JPEG, or PNG). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP File Upload Cms Made Simple
NVD Exploit-DB
EPSS 3% CVSS 8.8
HIGH POC PATCH This Week

Controller/Async/FilesystemManager.php in the filemanager in Bolt before 3.6.5 allows remote attackers to execute arbitrary PHP code by renaming a previously uploaded file to have a .php extension. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP File Upload Bolt
NVD GitHub
EPSS 8% CVSS 9.8
CRITICAL POC Act Now

Feng Office 3.7.0.5 allows remote attackers to execute arbitrary code via "<!--#exec cmd=" in a .shtml file to ck_upload_handler.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Microsoft +2
NVD Exploit-DB
EPSS 3% CVSS 8.8
HIGH POC This Week

An issue was discovered in OFCMS before 1.1.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Ofcms
NVD
EPSS 3% CVSS 7.2
HIGH POC This Week

An issue was discovered in OFCMS before 1.1.3. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Ofcms
NVD
EPSS 3% CVSS 8.8
HIGH POC This Week

An issue was discovered in OFCMS before 1.1.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Ofcms
NVD
EPSS 3% CVSS 8.8
HIGH POC This Week

An issue was discovered in OFCMS before 1.1.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Ofcms
NVD
EPSS 3% CVSS 8.8
HIGH POC This Week

An issue was discovered in OFCMS before 1.1.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Ofcms
NVD
EPSS 13% CVSS 8.8
HIGH POC PATCH THREAT This Week

phpscheduleit Booked Scheduler 2.7.5 allows arbitrary file upload via the Favicon field, leading to execution of arbitrary Web/custom-favicon.php PHP code, because. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP File Upload Booked
NVD Exploit-DB
EPSS 2% CVSS 7.2
HIGH POC This Week

SchoolCMS version 2.3.1 allows file upload via the theme upload feature at admin.php?m=admin&c=theme&a=upload by using the .zip extension along with the _Static substring, changing the Content-Type. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Schoolcms
NVD GitHub
EPSS 2% CVSS 7.2
HIGH POC This Week

SchoolCMS version 2.3.1 allows file upload via the logo upload feature at admin.php?m=admin&c=site&a=save by using the .jpg extension, changing the Content-Type to image/php, and placing PHP code. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Schoolcms
NVD
EPSS 2% CVSS 7.2
HIGH POC This Week

An issue was discovered in Pluck 4.7.9-dev1. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Pluck
NVD GitHub
EPSS 2% CVSS 7.2
HIGH POC This Week

An issue was discovered in Sitemagic CMS v4.4. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload RCE +1
NVD
EPSS 83% CVSS 8.8
HIGH POC THREAT Act Now

WordPress before 4.9.9 and 5.x before 5.0.1 allows remote code execution because an _wp_attached_file Post Meta entry can be changed to an arbitrary string, such as one ending with a .jpg?file.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload WordPress +2
NVD Exploit-DB
EPSS 3% CVSS 8.8
HIGH POC This Week

In DedeCMS 5.7SP2, attackers can upload a .php file to the uploads/ directory (without being blocked by the Web Application Firewall), and then execute this file, via this sequence of steps: visiting. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Dedecms
NVD
EPSS 1% CVSS 7.5
HIGH POC This Week

JTBC(PHP) 3.0.1.8 allows Arbitrary File Upload via the console/#/console/file/manage.php?type=list URI, as demonstrated by a .php file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Jtbc Php
NVD GitHub
EPSS 64% CVSS 6.5
MEDIUM POC KEV THREAT This Month

Zoho ManageEngine ServiceDesk Plus (SDP) before 10.0 build 10012 allows remote attackers to upload arbitrary files via login page customization. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Zoho Manageengine Servicedesk Plus
NVD Exploit-DB
EPSS 1% CVSS 7.5
HIGH POC This Week

DedeCMS through V5.7SP2 allows arbitrary file upload in dede/album_edit.php or dede/album_add.php, as demonstrated by a dede/album_edit.php?dopost=save&formzip=1 request with a ZIP archive that. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Dedecms
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

SAP BusinessObjects, versions 4.2 and 4.3, (Visual Difference) allows an attacker to upload any file (including script files) without proper file format validation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload SAP Businessobjects
NVD
EPSS 1% CVSS 7.5
HIGH POC This Week

lib/NCCms.class.php in nc-cms 3.5 allows upload of .php files via the index.php?action=save name and editordata parameters. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Nc Cms
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

inxedu through 2018-12-24 has a vulnerability that can lead to the upload of a malicious JSP file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Inxedu
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

Forcepoint User ID (FUID) server versions up to 1.2 have a remote arbitrary file upload vulnerability on TCP port 5001. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload RCE User Id
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

A persistent cross-site scripting (XSS) vulnerability in the file upload menu of Juniper ATP may allow an authenticated user to inject arbitrary scripts and steal sensitive data and credentials from. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Juniper XSS File Upload +2
NVD
EPSS 1% CVSS 8.8
HIGH This Week

The Junos Space application, which allows Device Image files to be uploaded, has insufficient validity checking which may allow uploading of malicious images or scripts, or other content types. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Juniper File Upload Junos Space
NVD
EPSS 10% CVSS 7.2
HIGH POC PATCH This Week

Vtiger CRM 7.1.0 before Hotfix2 allows uploading files with the extension "php3" in the logo upload field, if the uploaded file is in PNG format and has a size of 150x40. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP File Upload Vtiger Crm
NVD Exploit-DB
EPSS 2% CVSS 9.8
CRITICAL Act Now

ML Report version Between 2.00.000.0000 and 2.18.628.5980 contains a vulnerability that could allow remote attacker to download and execute remote arbitrary file by setting the arguments to the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload RCE Ml Report
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

On versions 11.2.1. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

File Upload Big Ip Local Traffic Manager Big Ip Advanced Firewall Manager +11
NVD
EPSS 32% CVSS 9.8
CRITICAL Act Now

An unrestricted Upload of File with Dangerous Type vulnerability exists on numerous methods of the IIoT Monitor 3.1.38 software that could allow upload and execution of malicious files. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Iiot Monitor
NVD
EPSS 3% CVSS 8.8
HIGH POC This Week

LH-EHR version REL-2_0_0 contains a Arbitrary File Upload vulnerability in Profile picture upload that can result in Remote Code Execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE PHP +1
NVD GitHub
EPSS 48% CVSS 8.8
HIGH POC THREAT This Week

bludit version 3.0.0 contains a Unrestricted Upload of File with Dangerous Type vulnerability in Content Upload in Pages Editor that can result in Remote Command Execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Bludit
NVD GitHub Exploit-DB
EPSS 4% CVSS 5.3
MEDIUM PATCH This Month

An issue was discovered in Symfony 2.7.x before 2.7.50, 2.8.x before 2.8.49, 3.x before 3.4.20, 4.0.x before 4.0.15, 4.1.x before 4.1.9, and 4.2.x before 4.2.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload RCE Symfony +1
NVD
EPSS 1% CVSS 9.6
CRITICAL Act Now

The implementation of the Page.downloadBehavior backend unconditionally marked downloaded files as safe, regardless of file type in Google Chrome prior to 66.0.3359.117 allowed an attacker who. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google File Upload Chrome +4
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

LXCI for VMware versions prior to 5.5 and LXCI for Microsoft System Center versions prior to 3.5, allow an authenticated user to write to any system file due to insufficient sanitization during the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload Microsoft VMware +1
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

In versions prior to 5.5, LXCI for VMware allows an authenticated user to write to any system file due to insufficient sanitization during the upload of a backup file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload VMware Xclarity Integrator
NVD
EPSS 5% CVSS 8.8
HIGH This Week

Unrestricted file upload (with remote code execution) in OCS Inventory NG ocsreports allows a privileged user to gain access to the server via crafted HTTP requests. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload RCE Ocsinventory Ng
NVD
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

An issue was discovered in tp5cms through 2017-05-25. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Tp5Cms
NVD GitHub
EPSS 15% CVSS 9.8
CRITICAL POC THREAT Emergency

NUUO CMS All versions 3.3 and prior the application allows the upload of arbitrary files that can modify or overwrite configuration files to the server, which could allow remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload RCE Nuuo Cms
NVD GitHub
EPSS 2% CVSS 8.8
HIGH POC This Week

An issue was discovered in PHPok 4.9.015. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE PHP +1
NVD
EPSS 6% CVSS 8.8
HIGH POC This Week

Interspire Email Marketer through 6.1.6 allows arbitrary file upload via a surveys_submit.php "create survey and submit survey" operation, which can cause a .php file to be accessible under a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload PHP Email Marketer
NVD Exploit-DB
EPSS 6% CVSS 7.2
HIGH POC This Week

TP-Link Archer C5 devices through V2_160201_US allow remote command execution via shell metacharacters on the wan_dyn_hostname line of a configuration file that is encrypted with the 478DA50BF9E3D2CF. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload TP-Link Archer C5 Firmware
NVD GitHub
EPSS 4% CVSS 7.2
HIGH POC This Week

Logicspice FAQ Script 2.9.7 allows uploading arbitrary files, which leads to remote command execution via admin/faqs/faqimages with a .php file. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Faq Script
NVD Exploit-DB
EPSS 2% CVSS 7.2
HIGH This Week

ClipperCMS 1.3.3 allows remote authenticated administrators to upload .htaccess files. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Clippercms
NVD GitHub
EPSS 18% CVSS 7.2
HIGH POC THREAT This Week

Codiad 2.8.4 allows remote authenticated administrators to execute arbitrary code by uploading an executable file. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Codiad
NVD GitHub Exploit-DB
EPSS 64% CVSS 7.2
HIGH POC PATCH THREAT Act Now

/panel/uploads in Subrion CMS 4.2.1 allows remote attackers to execute arbitrary PHP code via a .pht or .phar file, because the .htaccess file omits these. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Subrion Cms
NVD GitHub Exploit-DB
EPSS 1% CVSS 3.8
LOW POC Monitor

In GetSimpleCMS 3.3.15, admin/upload.php blocks .html uploads but Internet Explorer render HTML elements in a .eml file, because of admin/upload-uploadify.php, and validate_safe_file in. Rated low severity (CVSS 3.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Getsimple Cms
NVD GitHub
EPSS 1% CVSS 3.8
LOW POC Monitor

In GetSimpleCMS 3.3.15, admin/upload.php blocks .html uploads but there are several alternative cases in which HTML can be executed, such as a file with no extension or an unrecognized extension. Rated low severity (CVSS 3.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Getsimple Cms
NVD GitHub
EPSS 0% CVSS 6.8
MEDIUM This Month

An issue was discovered in Roche Accu-Chek Inform II Instrument before 03.06.00 (Serial number below 14000) and 04.x before 04.03.00 (Serial Number above 14000), CoaguChek Pro II before 04.03.00,. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

File Upload Accu Chek Inform Ii Firmware Cobas H 232 Firmware +3
NVD
EPSS 1% CVSS 9.6
CRITICAL Act Now

An issue was discovered in Roche Accu-Chek Inform II Instrument before 03.06.00 (Serial number below 14000) and 04.x before 04.03.00 (Serial Number above 14000), CoaguChek Pro II before 04.03.00,. Rated critical severity (CVSS 9.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

File Upload RCE Accu Chek Inform Ii Firmware +4
NVD
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

Unauthenticated arbitrary file upload vulnerability in FineUploader php-traditional-server <= v1.2.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Php Traditional Server
NVD
EPSS 3% CVSS 9.8
CRITICAL POC PATCH Act Now

Arbitrary file upload in jQuery Upload File <= 4.0.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Jquery Upload File
NVD
EPSS 3% CVSS 9.8
CRITICAL POC Act Now

modules/orderfiles/ajax/upload.php in the Customer Files Upload addon 2018-08-01 for PrestaShop (1.5 through 1.7) allows remote attackers to execute arbitrary code by uploading a php file via. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE PHP +2
NVD
EPSS 10% CVSS 9.8
CRITICAL POC Act Now

School Event Management System 1.0 allows Arbitrary File Upload via event/controller.php?action=photos. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP School Event Management System
NVD Exploit-DB
EPSS 1% CVSS 8.8
HIGH This Week

Denbun by NEOJAPAN Inc. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Debun Imap Debun Pop
NVD
EPSS 3% CVSS 8.8
HIGH POC This Week

ClipperCMS 1.3.3 does not have CSRF protection on its kcfinder file upload (enabled by default). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload CSRF Clippercms
NVD GitHub Exploit-DB
EPSS 23% CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

PrestaShop 1.6.x before 1.6.1.23 and 1.7.x before 1.7.4.4 allows remote attackers to execute arbitrary code via a file upload. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

File Upload RCE Prestashop
NVD GitHub Exploit-DB
EPSS 3% CVSS 9.8
CRITICAL POC Act Now

Unauthenticated arbitrary file upload vulnerability in jQuery Picture Cut <= v1.1Beta. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Jquery Picture Cut
NVD
EPSS 2% CVSS 7.2
HIGH POC PATCH This Week

In baserCMS before 4.1.4, lib\Baser\Model\ThemeConfig.php allows remote attackers to execute arbitrary PHP code via the admin/theme_configs/form data[ThemeConfig][logo] parameter. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Basercms
NVD GitHub
EPSS 3% CVSS 8.8
HIGH PATCH This Week

IBM Robotic Process Automation with Automation Anywhere 10.0 and 11.0 allows a remote attacker to execute arbitrary code on the system, caused by a missing restriction in which file types can be. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload IBM RCE +1
NVD
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

An issue was discovered in laravelCMS through 2018-04-02. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Laravelcms
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

nc-cms through 2017-03-10 allows remote attackers to execute arbitrary PHP code via the "Upload File or Image" feature, with a .php filename and "Content-Type: application/octet-stream" to the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Nc Cms
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

An issue was discovered in com\mingsoft\basic\action\web\FileAction.java in MCMS 4.6.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java File Upload Mcms
NVD
EPSS 1% CVSS 7.5
HIGH This Week

An issue was discovered in LuLu CMS through 2015-05-14. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload PHP Lulu Cms
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

Webiness Inventory 2.3 suffers from an Arbitrary File upload vulnerability via PHP code in the protected/library/ajax/WsSaveToModel.php logo parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Webiness Inventory
NVD
EPSS 22% CVSS 9.8
CRITICAL Act Now

Zoho ManageEngine OpManager before 12.3 build 123214 allows Unrestricted Arbitrary File Upload. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zoho File Upload Manageengine Opmanager
NVD
EPSS 1% CVSS 5.4
MEDIUM This Month

In the Schiocco "Support Board - Chat And Help Desk" plugin 1.2.3 for WordPress, a Stored XSS vulnerability has been discovered in file upload areas in the Chat and Help Desk sections via the msg. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload WordPress XSS +2
NVD
EPSS 2% CVSS 5.3
MEDIUM PATCH This Month

Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: Attachments / File Upload). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle File Upload Application Object Library
NVD
EPSS 2% CVSS 8.2
HIGH PATCH This Week

Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: Attachments / File Upload). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass File Upload +1
NVD
EPSS 3% CVSS 8.8
HIGH POC This Week

Advanced HRM 1.6 allows Remote Code Execution via PHP code in a .php file to the user/update-user-avatar URI, which can be accessed through an "Update Profile" "Change Picture" (aka. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE PHP +1
NVD Exploit-DB
EPSS 1% CVSS 7.5
HIGH This Week

com/mossle/cdn/CdnController.java in lemon 1.9.0 allows attackers to upload arbitrary files because the copyMultipartFileToFile method in CdnUtils only checks for a ../ substring, and does not. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java File Upload Lemon
NVD GitHub
EPSS 97% CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

Unauthenticated arbitrary file upload vulnerability in Blueimp jQuery-File-Upload <= v9.22.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

File Upload Jquery File Upload
NVD Exploit-DB
EPSS 1% CVSS 8.8
HIGH POC This Week

EmpireCMS v7.5 has an arbitrary file upload vulnerability in the LoadInMod function in e/class/moddofun.php, exploitable by logged-in users. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Empirecms
NVD GitHub
EPSS 14% CVSS 8.8
HIGH POC PATCH THREAT This Week

An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

File Upload D-Link PHP +1
NVD Exploit-DB
EPSS 37% CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

File Upload D-Link PHP +1
NVD Exploit-DB
EPSS 1% CVSS 8.8
HIGH This Week

The Auto-Maskin DCU 210E, RP-210E, and Marine Pro Observer Android App use an embedded webserver that uses unencrypted plaintext for the transmission of the administrator PIN Impact: An attacker once. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Google File Upload Rp 210E Firmware +2
NVD
EPSS 1% CVSS 5.4
MEDIUM POC This Month

Navigate CMS 2.8 has Stored XSS via a navigate_upload.php (aka File Upload) request with a multipart/form-data JavaScript payload. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload XSS PHP +1
NVD
EPSS 79% CVSS 8.8
HIGH POC PATCH THREAT Act Now

An "Unrestricted Upload of File with Dangerous Type" issue with directory traversal in navigate_upload.php in Naviwebs Navigate CMS 2.8 allows authenticated attackers to achieve remote code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

File Upload RCE Path Traversal +2
NVD GitHub Exploit-DB
EPSS 1% CVSS 6.5
MEDIUM This Month

For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the file upload functionality of the Content Explorer application is vulnerable to path traversal. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Lenovo File Upload Path Traversal +1
NVD
EPSS 3% CVSS 9.8
CRITICAL POC Act Now

The Wp-Insert plugin through 2.4.2 for WordPress allows upload of arbitrary PHP code because of the exposure and configuration of FCKeditor under. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload WordPress PHP +1
NVD
EPSS 1% CVSS 7.5
HIGH POC This Week

An arbitrary file upload vulnerability in Progress Sitefinity CMS versions 4.0 through 11.0 related to image uploads. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Sitefinity
NVD
EPSS 100% CVSS 9.8
CRITICAL POC KEV THREAT Emergency

Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have an unrestricted file upload vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Adobe RCE +1
NVD Exploit-DB
EPSS 1% CVSS 5.3
MEDIUM POC This Month

SeaCMS 6.64 allows arbitrary directory listing via upload/admin/admin_template.php?path=../templets/../../ requests. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Seacms
NVD
Prev Page 41 of 45 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy