Skip to main content

File Upload

4034 CVEs technique

Monthly

CVE-2018-17139 HIGH POC This Week

UltimatePOS 2.5 allows users to upload arbitrary files, which leads to remote command execution by posting to a /products URI with PHP code in a .php file with the image/jpeg content type. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Ultimatepos
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
3.1%
CVE-2018-16287 CRITICAL POC THREAT Act Now

LG SuperSign CMS allows file upload via signEzUI/playlist/edit/upload/..%2f URIs. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Supersign Cms
NVD
CVSS 3.0
9.8
EPSS
19.6%
CVE-2018-16796 HIGH POC This Week

HiScout GRC Suite before 3.1.5 allows Unrestricted Upload of Files with Dangerous Types. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Grc Suite
NVD
CVSS 3.0
8.8
EPSS
2.5%
CVE-2018-16974 PHP CRITICAL POC PATCH Act Now

An issue was discovered in Elefant CMS before 2.0.7. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

File Upload RCE PHP Elefant
NVD GitHub
CVSS 3.0
9.8
EPSS
3.6%
CVE-2018-16388 HIGH POC PATCH This Week

e107_web/js/plupload/upload.php in e107 2.1.8 allows remote attackers to execute arbitrary PHP code by uploading a .php filename with the image/jpeg content type. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

File Upload PHP E107
NVD GitHub
CVSS 3.0
7.2
EPSS
2.2%
CVE-2018-16731 CRITICAL POC Act Now

CScms 4.1 allows arbitrary file upload by (for example) adding the php extension to the default filetype list (gif, jpg, png), and then providing a .php pathname within fileurl JSON data. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Cscms
NVD GitHub
CVSS 3.0
9.8
EPSS
1.5%
CVE-2018-0645 CRITICAL Act Now

MTAppjQuery 1.8.1 and earlier allows remote PHP code execution via unspecified vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload RCE PHP Mtappjquery
NVD
CVSS 3.0
9.8
EPSS
2.4%
CVE-2018-1000659 HIGH PATCH This Week

LimeSurvey version 3.14.4 and earlier contains a directory traversal in file upload that allows upload of webshell vulnerability in file upload functionality that can result in remote code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

File Upload RCE Path Traversal Limesurvey
NVD GitHub
CVSS 3.0
8.8
EPSS
3.6%
CVE-2018-1000658 HIGH PATCH This Week

LimeSurvey version prior to 3.14.4 contains a file upload vulnerability in upload functionality that can result in an attacker gaining code execution via webshell. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload RCE PHP Limesurvey
NVD GitHub
CVSS 3.0
8.8
EPSS
2.1%
CVE-2018-16397 MEDIUM This Month

In LimeSurvey before 3.14.7, an admin user can leverage a "file upload" question to read an arbitrary file,. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Limesurvey
NVD GitHub
CVSS 3.0
4.9
EPSS
1.0%
CVE-2018-16373 MEDIUM POC This Month

Frog CMS 0.9.5 has an Upload vulnerability that can create files via /admin/?/plugin/file_manager/save. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Frog Cms
NVD GitHub
CVSS 3.0
4.9
EPSS
1.1%
CVE-2018-16370 CRITICAL POC Act Now

In PESCMS Team 2.2.1, attackers may upload and execute arbitrary PHP code through /Public/?g=Team&m=Setting&a=upgrade by placing a .php file in a ZIP archive. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Pescms Team
NVD GitHub
CVSS 3.0
9.8
EPSS
1.8%
CVE-2018-16352 CRITICAL POC Act Now

There is a PHP code upload vulnerability in WeaselCMS 0.3.6 via index.php because code can be embedded at the end of a .png file when the image/png content type is used. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Weaselcms
NVD GitHub
CVSS 3.0
9.8
EPSS
1.4%
CVE-2018-15882 CRITICAL Act Now

An issue was discovered in Joomla!. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Joomla
NVD
CVSS 3.0
9.8
EPSS
2.9%
CVE-2018-3832 CRITICAL Act Now

An exploitable firmware update vulnerability exists in Insteon Hub running firmware version 1013. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Hub 2245 222 Firmware
NVD
CVSS 3.1
9.0
EPSS
1.7%
CVE-2018-1000646 HIGH POC This Week

LibreHealthIO LH-EHR version REL-2.0.0 contains an Authenticated Unrestricted File Write vulnerability in Import template that can result in write files with malicious content and may lead to remote. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Librehealth Ehr
NVD GitHub
CVSS 3.0
8.8
EPSS
3.3%
CVE-2018-15573 HIGH POC This Week

An issue was discovered in Reprise License Manager (RLM) through 12.2BL2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Reprise License Manager
NVD
CVSS 3.1
8.8
EPSS
2.1%
CVE-2018-12256 HIGH PATCH This Week

admin/vqmods.app/vqmods.inc.php in LiteCart before 2.1.3 allows remote authenticated attackers to upload a malicious file (resulting in remote code execution) by using the text/xml or application/xml. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload RCE PHP Litecart
NVD GitHub
CVSS 3.0
8.8
EPSS
2.6%
CVE-2018-15139 HIGH POC PATCH THREAT This Week

Unrestricted file upload in interface/super/manage_site_files.php in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary PHP code by uploading a file with a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

File Upload PHP Openemr
NVD GitHub Exploit-DB
CVSS 3.1
8.8
EPSS
19.3%
CVE-2018-14028 HIGH POC THREAT This Week

In WordPress 4.9.7, plugins uploaded via the admin area are not verified as being ZIP files. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload WordPress PHP
NVD GitHub
CVSS 3.0
7.2
EPSS
17.7%
CVE-2018-15137 CRITICAL POC THREAT Act Now

CeLa Link CLR-M20 devices allow unauthorized users to upload any file (e.g., asp, aspx, cfm, html, jhtml, jsp, or shtml), which causes remote code execution as well. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Clr M20 Firmware
NVD GitHub Exploit-DB
CVSS 3.0
9.8
EPSS
18.2%
CVE-2018-14857 HIGH This Week

Unrestricted file upload (with remote code execution) in require/mail/NotificationMail.php in Webconsole in OCS Inventory NG OCS Inventory Server through 2.5 allows a privileged user to gain access. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload RCE PHP Ocs Inventory Server
NVD GitHub
CVSS 3.0
8.8
EPSS
3.7%
CVE-2018-14911 HIGH POC This Week

A file upload vulnerability exists in ukcms v1.1.7 and earlier. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Ukcms
NVD GitHub
CVSS 3.0
7.2
EPSS
1.1%
CVE-2018-12468 HIGH This Week

A vulnerability in the administration console of Micro Focus GroupWise prior to version 18.0.2 may allow a remote attacker authenticated as an administrator to upload files to an arbitrary path on. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload RCE Groupwise
NVD
CVSS 3.0
7.2
EPSS
2.2%
CVE-2018-12940 HIGH This Week

Unrestricted file upload vulnerability in "op/op.UploadChunks.php" in SeedDMS (formerly LetoDMS and MyDMS) before 5.1.8 allows remote attackers to execute arbitrary code by uploading a file with an. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload RCE PHP Seeddms
NVD
CVSS 3.0
8.8
EPSS
2.5%
CVE-2018-14570 HIGH POC This Week

A file upload vulnerability in application/shop/controller/member.php in Niushop B2B2C Multi-business basic version V1.11 allows any remote member to upload a .php file to the web server via a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE PHP B2B2C Multi Business
NVD GitHub
CVSS 3.0
8.8
EPSS
1.8%
CVE-2018-14441 CRITICAL Act Now

An issue was discovered in cckevincyh SSH CompanyWebsite through 2018-05-03. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Ssh Companywebsite
NVD GitHub
CVSS 3.0
9.8
EPSS
1.2%
CVE-2018-2934 MEDIUM PATCH This Month

Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: Attachments / File Upload). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle File Upload E Business Suite
NVD
CVSS 3.1
5.3
EPSS
1.9%
CVE-2018-14334 CRITICAL POC Act Now

manager/editor/upload.php in joyplus-cms 1.6.0 allows arbitrary file upload because detection of a prohibited file extension simply sets the $errm value, and does not otherwise alter the flow of. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Joyplus Cms
NVD GitHub
CVSS 3.0
9.8
EPSS
1.7%
CVE-2018-13981 CRITICAL POC THREAT Act Now

The websites that were built from Zeta Producer Desktop CMS before 14.2.1 are vulnerable to unauthenticated remote code execution due to a default component that permits arbitrary upload of PHP. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE PHP Zeta Producer Desktop Cms
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
17.3%
CVE-2018-12980 HIGH POC THREAT This Week

An issue was discovered on WAGO e!DISPLAY 762-3000 through 762-3003 devices with firmware before FW 02. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload 762 3000 Firmware 762 3001 Firmware 762 3002 Firmware 762 3003 Firmware
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
30.1%
CVE-2018-12979 MEDIUM POC This Month

An issue was discovered on WAGO e!DISPLAY 762-3000 through 762-3003 devices with firmware before FW 02. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload 762 3000 Firmware 762 3001 Firmware 762 3002 Firmware 762 3003 Firmware
NVD Exploit-DB
CVSS 3.1
6.5
EPSS
7.9%
CVE-2018-1000619 HIGH This Week

Ovidentia version 8.4.3 and earlier contains a Unsanitized User Input vulnerability in utilit.php, bab_getAddonFilePathfromTg that can result in Authenticated Remote Code Execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload RCE PHP Ovidentia
NVD
CVSS 3.0
8.8
EPSS
2.3%
CVE-2018-11638 HIGH POC This Week

Unrestricted Upload of a File with a Dangerous Type in the administrative console in Dialogic PowerMedia XMS through 3.5 allows remote authenticated users to upload malicious code to the web root to. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Powermedia Xms
NVD
CVSS 3.0
7.2
EPSS
4.1%
CVE-2018-12426 CRITICAL POC Act Now

The WP Live Chat Support Pro plugin before 8.0.07 for WordPress is vulnerable to unauthenticated Remote Code Execution due to client-side validation of allowed file types, as demonstrated by a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload WordPress RCE PHP Live Chat
NVD GitHub
CVSS 3.0
9.8
EPSS
5.1%
CVE-2018-12528 HIGH POC This Week

An issue was discovered on Intex N150 devices. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload N150 Firmware
NVD Exploit-DB
CVSS 3.0
8.1
EPSS
1.5%
CVE-2018-13038 CRITICAL POC Act Now

OpenSID 18.06-pasca has an Unrestricted File Upload vulnerability via an Attachment Document in the article feature. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Opensid
NVD GitHub
CVSS 3.0
9.8
EPSS
1.8%
CVE-2018-13024 HIGH POC This Week

Metinfo v6.0.0 allows remote attackers to write code into a .php file, and execute that code, via the module parameter to admin/column/save.php in an editor upload action. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Metinfo
NVD
CVSS 3.0
7.2
EPSS
1.4%
CVE-2018-13021 HIGH POC This Week

An issue was discovered in HongCMS 3.0.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE PHP Hongcms
NVD GitHub
CVSS 3.0
7.2
EPSS
2.2%
CVE-2018-1306 Maven HIGH POC PATCH THREAT This Week

The PortletV3AnnotatedDemo Multipart Portlet war file code provided in Apache Pluto version 3.0.0 could allow a remote attacker to obtain sensitive information, caused by the failure to restrict path. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Apache Information Disclosure Pluto
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
43.9%
CVE-2018-12914 CRITICAL POC Act Now

A remote code execution issue was discovered in PublicCMS V4.0.20180210. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Path Traversal Publiccms
NVD GitHub
CVSS 3.0
9.8
EPSS
3.9%
CVE-2018-1000526 HIGH POC This Week

Openpsa contains a XML Injection vulnerability in RSS file upload feature that can result in Remote denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Denial Of Service Openpsa
NVD GitHub
CVSS 3.0
7.5
EPSS
2.1%
CVE-2018-0571 PHP MEDIUM PATCH This Month

baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers with a site operator privilege to upload arbitrary files. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Basercms
NVD
CVSS 3.0
4.3
EPSS
1.1%
CVE-2018-12519 HIGH POC This Week

An issue was discovered in ShopNx through 2017-11-17. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Node.js Shopnx
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
7.9%
CVE-2018-11221 CRITICAL Act Now

Unauthenticated untrusted file upload in Artica Pandora FMS through version 7.23 allows an attacker to upload an arbitrary plugin via include/ajax/update_manager.ajax in the update system. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Pandora Fms
NVD
CVSS 3.0
9.8
EPSS
5.0%
CVE-2018-12491 CRITICAL POC Act Now

PHPOK 4.9.032 has an arbitrary file upload vulnerability in the import_f function in framework/admin/modulec_control.php, as demonstrated by uploading a .php file within a .php.zip archive, a similar. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Phpok
NVD GitHub
CVSS 3.0
9.8
EPSS
1.7%
CVE-2018-12263 HIGH This Week

portfolioCMS 1.0.5 allows upload of arbitrary .php files via the admin/portfolio.php?newpage=true URI. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload PHP Portfoliocms
NVD GitHub
CVSS 3.0
8.8
EPSS
1.1%
CVE-2018-1453 HIGH PATCH This Week

IBM Security Identity Manager Virtual Appliance 7.0 allows an authenticated attacker to upload or transfer files of dangerous types that can be automatically processed within the environment. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload IBM Security Identity Manager
NVD
CVSS 3.0
8.8
EPSS
2.1%
CVE-2018-12051 CRITICAL POC Act Now

Arbitrary File Upload and Remote Code Execution exist in PHP Scripts Mall Schools Alert Management Script via $_FILE in /webmasterst/general.php, as demonstrated by a .php file with the image/jpeg. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE PHP Schools Alert Management Script
NVD GitHub
CVSS 3.0
9.8
EPSS
2.9%
CVE-2018-12045 CRITICAL POC Act Now

DedeCMS through V5.7SP2 allows arbitrary file upload in dede/file_manage_control.php via a dede/file_manage_view.php?fmdo=upload request with an upfile1 parameter, as demonstrated by uploading a .php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Dedecms
NVD GitHub
CVSS 3.0
9.8
EPSS
1.4%
CVE-2018-3758 npm HIGH POC PATCH THREAT This Week

Unrestricted file upload (RCE) in express-cart module before 1.1.7 allows a privileged user to gain access in the hosting machine. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Path Traversal Express Cart
NVD
CVSS 3.1
8.8
EPSS
27.5%
CVE-2018-1265 HIGH This Week

Cloud Foundry Diego, release versions prior to 2.8.0, does not properly sanitize file paths in tar and zip files headers. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Cf Deployment Cloud Foundry Diego
NVD
CVSS 3.0
7.2
EPSS
1.8%
CVE-2018-11736 CRITICAL POC Act Now

An issue was discovered in Pluck before 4.7.7-dev2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Pluck
NVD GitHub Exploit-DB
CVSS 3.0
9.8
EPSS
8.6%
CVE-2018-11196 HIGH PATCH This Week

Mahara 17.04 before 17.04.8 and 17.10 before 17.10.5 and 18.04 before 18.04.1 can be used as medium to transmit viruses by placing infected files into a Leap2A archive and uploading that to Mahara. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload Mahara
NVD
CVSS 3.0
7.5
EPSS
0.9%
CVE-2018-11392 HIGH This Week

An arbitrary file upload vulnerability in /classes/profile.class.php in Jigowatt "PHP Login & User Management" before 4.1.1, as distributed in the Envato Market, allows any remote authenticated user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload RCE PHP Php Login User Management
NVD
CVSS 3.0
8.8
EPSS
4.6%
CVE-2018-11523 CRITICAL POC Act Now

upload.php on NUUO NVRmini 2 devices allows Arbitrary File Upload, such as upload of .php files. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Nvrmini 2 Firmware
NVD GitHub Exploit-DB
CVSS 3.0
9.8
EPSS
9.9%
CVE-2018-11514 HIGH POC This Week

PHP Scripts Mall Naukri Clone Script through 3.0.3 allows Unrestricted Upload of a File with a Dangerous Type in edit_resume_det.php, as demonstrated by changing .docx to .php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Naukri Clone Script
NVD
CVSS 3.0
8.8
EPSS
1.1%
CVE-2018-6411 CRITICAL POC Act Now

An issue was discovered in Appnitro MachForm before 4.2.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi File Upload Machform
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
5.9%
CVE-2018-10648 CRITICAL Act Now

There are Unauthenticated File Upload Vulnerabilities in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Citrix Xenmobile Server
NVD
CVSS 3.0
9.8
EPSS
1.2%
CVE-2018-11322 HIGH This Week

An issue was discovered in Joomla!. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

File Upload PHP Joomla
NVD
CVSS 3.0
7.5
EPSS
2.1%
CVE-2018-11345 HIGH POC This Week

An unrestricted file upload vulnerability in upload.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to upload supplied data via the POST parameter filename. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Path Traversal As6202T Firmware
NVD GitHub
CVSS 3.0
8.8
EPSS
1.9%
CVE-2018-11340 HIGH POC This Week

An unrestricted file upload vulnerability in importuser.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to upload supplied data to a specified filename. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload As6202T Firmware
NVD GitHub
CVSS 3.0
7.2
EPSS
2.1%
CVE-2018-11331 CRITICAL PATCH Act Now

An issue was discovered in Pluck before 4.7.6. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload RCE PHP Pluck
NVD GitHub
CVSS 3.0
9.8
EPSS
2.3%
CVE-2018-4921 MEDIUM This Month

Adobe Connect versions 9.7 and earlier have an exploitable unrestricted SWF file upload vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Adobe Information Disclosure Connect
NVD
CVSS 3.0
6.1
EPSS
4.2%
CVE-2018-10760 HIGH This Week

Unrestricted file upload vulnerability in the Files plugin in ProjectPier 0.88 and earlier allows remote authenticated users to execute arbitrary PHP code by uploading a file with an executable. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload PHP Projectpier
NVD
CVSS 3.0
8.8
EPSS
1.2%
CVE-2018-11098 HIGH POC This Week

An issue was discovered in Frog CMS 0.9.5. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Frog Cms
NVD GitHub
CVSS 3.0
7.2
EPSS
1.4%
CVE-2018-11091 CRITICAL Act Now

An issue was discovered in MyBiz MyProcureNet 5.0.0. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Myprocurenet
NVD VulDB
CVSS 3.1
9.9
EPSS
1.7%
CVE-2018-0587 MEDIUM This Month

Unrestricted file upload vulnerability in Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote authenticated users to upload arbitrary image files via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload WordPress User Profile Membership
NVD
CVSS 3.0
4.3
EPSS
1.1%
CVE-2018-0568 HIGH This Week

Unrestricted file upload vulnerability in SiteBridge Inc. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload PHP Joruri Gw
NVD GitHub
CVSS 3.0
8.8
EPSS
1.7%
CVE-2018-10942 CRITICAL POC THREAT Act Now

modules/attributewizardpro/file_upload.php in the Attribute Wizard addon 1.6.9 for PrestaShop 1.4.0.1 through 1.6.1.18 allows remote attackers to execute arbitrary code by uploading a .phtml file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE PHP Attribute Wizard
NVD
CVSS 3.0
9.8
EPSS
12.7%
CVE-2018-2420 CRITICAL Act Now

SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, allows an attacker to upload any file (including script files) without proper file format validation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload SAP Internet Graphics Server
NVD
CVSS 3.0
9.8
EPSS
1.6%
CVE-2018-10795 HIGH POC This Week

Liferay 6.2.x and before has an FCKeditor configuration that allows an attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment via. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Liferay Portal
NVD
CVSS 3.0
8.8
EPSS
1.8%
CVE-2018-0258 CRITICAL Act Now

A vulnerability in the Cisco Prime File Upload servlet affecting multiple Cisco products could allow a remote attacker to upload arbitrary files to any directory of a vulnerable device (aka Path. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Path Traversal Cisco Prime Data Center Network Manager Prime Infrastructure
NVD
CVSS 3.0
9.8
EPSS
49.4%
CVE-2018-10577 HIGH POC This Week

An issue was discovered on WatchGuard AP100, AP102, and AP200 devices with firmware before 1.2.9.15, and AP300 devices with firmware before 2.0.0.10. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Watchguard Ap200 Firmware Ap102 Firmware Ap100 Firmware +1
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
6.6%
CVE-2018-10521 LOW POC Monitor

In CMS Made Simple (CMSMS) through 2.2.7, the "file move" operation in the admin dashboard contains an arbitrary file movement vulnerability that can cause DoS, exploitable by an admin user, because. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Cms Made Simple
NVD GitHub
CVSS 3.0
2.7
EPSS
0.9%
CVE-2018-10469 CRITICAL POC Act Now

b3log Symphony (aka Sym) 2.6.0 allows remote attackers to upload and execute arbitrary JSP files via the name[] parameter to the /upload URI. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Symphony
NVD GitHub
CVSS 3.0
9.8
EPSS
2.2%
CVE-2018-10375 CRITICAL Act Now

A file uploading vulnerability exists in /include/helpers/upload.helper.php in DedeCMS V5.7 SP2, which can be utilized by attackers to upload and execute arbitrary PHP code via the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload PHP Dedecms
NVD GitHub
CVSS 3.0
9.8
EPSS
1.2%
CVE-2018-10173 HIGH POC This Week

Digital Guardian Management Console 7.1.2.0015 allows authenticated remote code execution because of Arbitrary File Upload functionality. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Management Console
NVD
CVSS 3.0
8.8
EPSS
5.4%
CVE-2018-9153 HIGH This Week

The plugin upload component in Z-BlogPHP 1.5.1 allows remote attackers to execute arbitrary PHP code via the app_id parameter to zb_users/plugin/AppCentre/plugin_edit.php because of an unanchored. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload CSRF PHP Z Blogphp
NVD
CVSS 3.0
7.2
EPSS
1.2%
CVE-2018-9037 HIGH POC This Week

Monstra CMS 3.0.4 allows remote code execution via an upload_file request for a .zip file, which is automatically extracted and may contain .php files. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE PHP Monstra
NVD GitHub Exploit-DB
CVSS 3.0
8.8
EPSS
2.9%
CVE-2018-2404 CRITICAL Act Now

SAP Disclosure Management 10.1 allows an attacker to upload any file without proper file format validation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload SAP Disclosure Management
NVD
CVSS 3.0
9.8
EPSS
2.0%
CVE-2018-9844 MEDIUM POC This Month

The Iptanus WordPress File Upload plugin before 4.3.4 for WordPress mishandles Settings attributes, leading to XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload WordPress XSS Wordpress File Upload
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
3.8%
CVE-2018-9172 MEDIUM POC This Month

The Iptanus WordPress File Upload plugin before 4.3.3 for WordPress mishandles shortcode attributes. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload WordPress XSS Wordpress File Upload
NVD Exploit-DB
CVSS 3.0
5.4
EPSS
3.2%
CVE-2018-9157 HIGH This Week

An issue was discovered on AXIS M1033-W (IP camera) Firmware version 5.40.5.1 devices. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

File Upload Apache RCE M1033 W Firmware
NVD
CVSS 3.0
7.5
EPSS
3.2%
CVE-2018-9156 HIGH POC This Week

An issue was discovered on AXIS P1354 (IP camera) Firmware version 5.90.1.1 devices. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

File Upload Apache RCE P1354 Firmware
NVD
CVSS 3.0
7.5
EPSS
3.9%
CVE-2018-8944 CRITICAL Act Now

PHPOK 4.8.338 has an arbitrary file upload vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Phpok
NVD
CVSS 3.0
9.8
EPSS
1.2%
CVE-2018-1229 Maven MEDIUM This Month

Pivotal Spring Batch Admin, all versions, contains a stored XSS vulnerability in the file upload feature. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java XSS File Upload Spring Batch Admin
NVD
CVSS 3.0
6.1
EPSS
0.8%
CVE-2018-8766 CRITICAL POC Act Now

joyplus-cms 1.6.0 allows Remote Code Execution because of an Arbitrary File Upload issue in manager/editor/upload.php, related to manager/admin_vod.php?action=add. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE PHP Joyplus Cms
NVD GitHub
CVSS 3.0
9.8
EPSS
3.4%
CVE-2018-1000094 HIGH POC THREAT Act Now

CMS Made Simple version 2.2.5 contains a Remote Code Execution vulnerability in File Manager that can result in Allows an authenticated admin that has access to the file manager to execute code on. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Cms Made Simple
NVD Exploit-DB
CVSS 3.0
7.2
EPSS
40.5%
CVE-2018-1215 HIGH This Week

An arbitrary file upload vulnerability was discovered in vApp Manager which is embedded in Dell EMC Unisphere for VMAX, Dell EMC Solutions Enabler, Dell EMC VASA Virtual Appliances, and Dell EMC VMAX. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Dell Emc Solutions Enabler Virtual Appliance Emc Unisphere For Vmax Virtual Appliance Emc Vasa Virtual Appliance +1
NVD
CVSS 3.0
8.8
EPSS
4.4%
EPSS 3% CVSS 8.8
HIGH POC This Week

UltimatePOS 2.5 allows users to upload arbitrary files, which leads to remote command execution by posting to a /products URI with PHP code in a .php file with the image/jpeg content type. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Ultimatepos
NVD Exploit-DB
EPSS 20% CVSS 9.8
CRITICAL POC THREAT Act Now

LG SuperSign CMS allows file upload via signEzUI/playlist/edit/upload/..%2f URIs. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Supersign Cms
NVD
EPSS 3% CVSS 8.8
HIGH POC This Week

HiScout GRC Suite before 3.1.5 allows Unrestricted Upload of Files with Dangerous Types. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Grc Suite
NVD
EPSS 4% CVSS 9.8
CRITICAL POC PATCH Act Now

An issue was discovered in Elefant CMS before 2.0.7. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

File Upload RCE PHP +1
NVD GitHub
EPSS 2% CVSS 7.2
HIGH POC PATCH This Week

e107_web/js/plupload/upload.php in e107 2.1.8 allows remote attackers to execute arbitrary PHP code by uploading a .php filename with the image/jpeg content type. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

File Upload PHP E107
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

CScms 4.1 allows arbitrary file upload by (for example) adding the php extension to the default filetype list (gif, jpg, png), and then providing a .php pathname within fileurl JSON data. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Cscms
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL Act Now

MTAppjQuery 1.8.1 and earlier allows remote PHP code execution via unspecified vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload RCE PHP +1
NVD
EPSS 4% CVSS 8.8
HIGH PATCH This Week

LimeSurvey version 3.14.4 and earlier contains a directory traversal in file upload that allows upload of webshell vulnerability in file upload functionality that can result in remote code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

File Upload RCE Path Traversal +1
NVD GitHub
EPSS 2% CVSS 8.8
HIGH PATCH This Week

LimeSurvey version prior to 3.14.4 contains a file upload vulnerability in upload functionality that can result in an attacker gaining code execution via webshell. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload RCE PHP +1
NVD GitHub
EPSS 1% CVSS 4.9
MEDIUM This Month

In LimeSurvey before 3.14.7, an admin user can leverage a "file upload" question to read an arbitrary file,. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Limesurvey
NVD GitHub
EPSS 1% CVSS 4.9
MEDIUM POC This Month

Frog CMS 0.9.5 has an Upload vulnerability that can create files via /admin/?/plugin/file_manager/save. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Frog Cms
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

In PESCMS Team 2.2.1, attackers may upload and execute arbitrary PHP code through /Public/?g=Team&m=Setting&a=upgrade by placing a .php file in a ZIP archive. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Pescms Team
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

There is a PHP code upload vulnerability in WeaselCMS 0.3.6 via index.php because code can be embedded at the end of a .png file when the image/png content type is used. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Weaselcms
NVD GitHub
EPSS 3% CVSS 9.8
CRITICAL Act Now

An issue was discovered in Joomla!. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Joomla
NVD
EPSS 2% CVSS 9.0
CRITICAL Act Now

An exploitable firmware update vulnerability exists in Insteon Hub running firmware version 1013. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Hub 2245 222 Firmware
NVD
EPSS 3% CVSS 8.8
HIGH POC This Week

LibreHealthIO LH-EHR version REL-2.0.0 contains an Authenticated Unrestricted File Write vulnerability in Import template that can result in write files with malicious content and may lead to remote. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Librehealth Ehr
NVD GitHub
EPSS 2% CVSS 8.8
HIGH POC This Week

An issue was discovered in Reprise License Manager (RLM) through 12.2BL2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Reprise License Manager
NVD
EPSS 3% CVSS 8.8
HIGH PATCH This Week

admin/vqmods.app/vqmods.inc.php in LiteCart before 2.1.3 allows remote authenticated attackers to upload a malicious file (resulting in remote code execution) by using the text/xml or application/xml. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload RCE PHP +1
NVD GitHub
EPSS 19% CVSS 8.8
HIGH POC PATCH THREAT This Week

Unrestricted file upload in interface/super/manage_site_files.php in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary PHP code by uploading a file with a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

File Upload PHP Openemr
NVD GitHub Exploit-DB
EPSS 18% CVSS 7.2
HIGH POC THREAT This Week

In WordPress 4.9.7, plugins uploaded via the admin area are not verified as being ZIP files. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload WordPress PHP
NVD GitHub
EPSS 18% CVSS 9.8
CRITICAL POC THREAT Act Now

CeLa Link CLR-M20 devices allow unauthorized users to upload any file (e.g., asp, aspx, cfm, html, jhtml, jsp, or shtml), which causes remote code execution as well. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Clr M20 Firmware
NVD GitHub Exploit-DB
EPSS 4% CVSS 8.8
HIGH This Week

Unrestricted file upload (with remote code execution) in require/mail/NotificationMail.php in Webconsole in OCS Inventory NG OCS Inventory Server through 2.5 allows a privileged user to gain access. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload RCE PHP +1
NVD GitHub
EPSS 1% CVSS 7.2
HIGH POC This Week

A file upload vulnerability exists in ukcms v1.1.7 and earlier. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Ukcms
NVD GitHub
EPSS 2% CVSS 7.2
HIGH This Week

A vulnerability in the administration console of Micro Focus GroupWise prior to version 18.0.2 may allow a remote attacker authenticated as an administrator to upload files to an arbitrary path on. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload RCE Groupwise
NVD
EPSS 3% CVSS 8.8
HIGH This Week

Unrestricted file upload vulnerability in "op/op.UploadChunks.php" in SeedDMS (formerly LetoDMS and MyDMS) before 5.1.8 allows remote attackers to execute arbitrary code by uploading a file with an. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload RCE PHP +1
NVD
EPSS 2% CVSS 8.8
HIGH POC This Week

A file upload vulnerability in application/shop/controller/member.php in Niushop B2B2C Multi-business basic version V1.11 allows any remote member to upload a .php file to the web server via a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE PHP +1
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

An issue was discovered in cckevincyh SSH CompanyWebsite through 2018-05-03. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Ssh Companywebsite
NVD GitHub
EPSS 2% CVSS 5.3
MEDIUM PATCH This Month

Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: Attachments / File Upload). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle File Upload E Business Suite
NVD
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

manager/editor/upload.php in joyplus-cms 1.6.0 allows arbitrary file upload because detection of a prohibited file extension simply sets the $errm value, and does not otherwise alter the flow of. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Joyplus Cms
NVD GitHub
EPSS 17% CVSS 9.8
CRITICAL POC THREAT Act Now

The websites that were built from Zeta Producer Desktop CMS before 14.2.1 are vulnerable to unauthenticated remote code execution due to a default component that permits arbitrary upload of PHP. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE PHP +1
NVD Exploit-DB
EPSS 30% CVSS 8.8
HIGH POC THREAT This Week

An issue was discovered on WAGO e!DISPLAY 762-3000 through 762-3003 devices with firmware before FW 02. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload 762 3000 Firmware 762 3001 Firmware +2
NVD Exploit-DB
EPSS 8% CVSS 6.5
MEDIUM POC This Month

An issue was discovered on WAGO e!DISPLAY 762-3000 through 762-3003 devices with firmware before FW 02. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload 762 3000 Firmware 762 3001 Firmware +2
NVD Exploit-DB
EPSS 2% CVSS 8.8
HIGH This Week

Ovidentia version 8.4.3 and earlier contains a Unsanitized User Input vulnerability in utilit.php, bab_getAddonFilePathfromTg that can result in Authenticated Remote Code Execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload RCE PHP +1
NVD
EPSS 4% CVSS 7.2
HIGH POC This Week

Unrestricted Upload of a File with a Dangerous Type in the administrative console in Dialogic PowerMedia XMS through 3.5 allows remote authenticated users to upload malicious code to the web root to. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Powermedia Xms
NVD
EPSS 5% CVSS 9.8
CRITICAL POC Act Now

The WP Live Chat Support Pro plugin before 8.0.07 for WordPress is vulnerable to unauthenticated Remote Code Execution due to client-side validation of allowed file types, as demonstrated by a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload WordPress RCE +2
NVD GitHub
EPSS 1% CVSS 8.1
HIGH POC This Week

An issue was discovered on Intex N150 devices. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload N150 Firmware
NVD Exploit-DB
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

OpenSID 18.06-pasca has an Unrestricted File Upload vulnerability via an Attachment Document in the article feature. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Opensid
NVD GitHub
EPSS 1% CVSS 7.2
HIGH POC This Week

Metinfo v6.0.0 allows remote attackers to write code into a .php file, and execute that code, via the module parameter to admin/column/save.php in an editor upload action. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Metinfo
NVD
EPSS 2% CVSS 7.2
HIGH POC This Week

An issue was discovered in HongCMS 3.0.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE PHP +1
NVD GitHub
EPSS 44% CVSS 7.5
HIGH POC PATCH THREAT This Week

The PortletV3AnnotatedDemo Multipart Portlet war file code provided in Apache Pluto version 3.0.0 could allow a remote attacker to obtain sensitive information, caused by the failure to restrict path. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Apache Information Disclosure +1
NVD Exploit-DB
EPSS 4% CVSS 9.8
CRITICAL POC Act Now

A remote code execution issue was discovered in PublicCMS V4.0.20180210. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Path Traversal +1
NVD GitHub
EPSS 2% CVSS 7.5
HIGH POC This Week

Openpsa contains a XML Injection vulnerability in RSS file upload feature that can result in Remote denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Denial Of Service Openpsa
NVD GitHub
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers with a site operator privilege to upload arbitrary files. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Basercms
NVD
EPSS 8% CVSS 8.8
HIGH POC This Week

An issue was discovered in ShopNx through 2017-11-17. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Node.js Shopnx
NVD Exploit-DB
EPSS 5% CVSS 9.8
CRITICAL Act Now

Unauthenticated untrusted file upload in Artica Pandora FMS through version 7.23 allows an attacker to upload an arbitrary plugin via include/ajax/update_manager.ajax in the update system. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Pandora Fms
NVD
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

PHPOK 4.9.032 has an arbitrary file upload vulnerability in the import_f function in framework/admin/modulec_control.php, as demonstrated by uploading a .php file within a .php.zip archive, a similar. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Phpok
NVD GitHub
EPSS 1% CVSS 8.8
HIGH This Week

portfolioCMS 1.0.5 allows upload of arbitrary .php files via the admin/portfolio.php?newpage=true URI. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload PHP Portfoliocms
NVD GitHub
EPSS 2% CVSS 8.8
HIGH PATCH This Week

IBM Security Identity Manager Virtual Appliance 7.0 allows an authenticated attacker to upload or transfer files of dangerous types that can be automatically processed within the environment. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload IBM Security Identity Manager
NVD
EPSS 3% CVSS 9.8
CRITICAL POC Act Now

Arbitrary File Upload and Remote Code Execution exist in PHP Scripts Mall Schools Alert Management Script via $_FILE in /webmasterst/general.php, as demonstrated by a .php file with the image/jpeg. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE PHP +1
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

DedeCMS through V5.7SP2 allows arbitrary file upload in dede/file_manage_control.php via a dede/file_manage_view.php?fmdo=upload request with an upfile1 parameter, as demonstrated by uploading a .php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Dedecms
NVD GitHub
EPSS 27% CVSS 8.8
HIGH POC PATCH THREAT This Week

Unrestricted file upload (RCE) in express-cart module before 1.1.7 allows a privileged user to gain access in the hosting machine. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Path Traversal Express Cart
NVD
EPSS 2% CVSS 7.2
HIGH This Week

Cloud Foundry Diego, release versions prior to 2.8.0, does not properly sanitize file paths in tar and zip files headers. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Cf Deployment Cloud Foundry Diego
NVD
EPSS 9% CVSS 9.8
CRITICAL POC Act Now

An issue was discovered in Pluck before 4.7.7-dev2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Pluck
NVD GitHub Exploit-DB
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Mahara 17.04 before 17.04.8 and 17.10 before 17.10.5 and 18.04 before 18.04.1 can be used as medium to transmit viruses by placing infected files into a Leap2A archive and uploading that to Mahara. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload Mahara
NVD
EPSS 5% CVSS 8.8
HIGH This Week

An arbitrary file upload vulnerability in /classes/profile.class.php in Jigowatt "PHP Login & User Management" before 4.1.1, as distributed in the Envato Market, allows any remote authenticated user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload RCE PHP +1
NVD
EPSS 10% CVSS 9.8
CRITICAL POC Act Now

upload.php on NUUO NVRmini 2 devices allows Arbitrary File Upload, such as upload of .php files. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Nvrmini 2 Firmware
NVD GitHub Exploit-DB
EPSS 1% CVSS 8.8
HIGH POC This Week

PHP Scripts Mall Naukri Clone Script through 3.0.3 allows Unrestricted Upload of a File with a Dangerous Type in edit_resume_det.php, as demonstrated by changing .docx to .php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Naukri Clone Script
NVD
EPSS 6% CVSS 9.8
CRITICAL POC Act Now

An issue was discovered in Appnitro MachForm before 4.2.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi File Upload Machform
NVD Exploit-DB
EPSS 1% CVSS 9.8
CRITICAL Act Now

There are Unauthenticated File Upload Vulnerabilities in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Citrix Xenmobile Server
NVD
EPSS 2% CVSS 7.5
HIGH This Week

An issue was discovered in Joomla!. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

File Upload PHP Joomla
NVD
EPSS 2% CVSS 8.8
HIGH POC This Week

An unrestricted file upload vulnerability in upload.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to upload supplied data via the POST parameter filename. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Path Traversal As6202T Firmware
NVD GitHub
EPSS 2% CVSS 7.2
HIGH POC This Week

An unrestricted file upload vulnerability in importuser.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to upload supplied data to a specified filename. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload As6202T Firmware
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL PATCH Act Now

An issue was discovered in Pluck before 4.7.6. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload RCE PHP +1
NVD GitHub
EPSS 4% CVSS 6.1
MEDIUM This Month

Adobe Connect versions 9.7 and earlier have an exploitable unrestricted SWF file upload vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Adobe Information Disclosure +1
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Unrestricted file upload vulnerability in the Files plugin in ProjectPier 0.88 and earlier allows remote authenticated users to execute arbitrary PHP code by uploading a file with an executable. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload PHP Projectpier
NVD
EPSS 1% CVSS 7.2
HIGH POC This Week

An issue was discovered in Frog CMS 0.9.5. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Frog Cms
NVD GitHub
EPSS 2% CVSS 9.9
CRITICAL Act Now

An issue was discovered in MyBiz MyProcureNet 5.0.0. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Myprocurenet
NVD VulDB
EPSS 1% CVSS 4.3
MEDIUM This Month

Unrestricted file upload vulnerability in Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote authenticated users to upload arbitrary image files via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload WordPress User Profile Membership
NVD
EPSS 2% CVSS 8.8
HIGH This Week

Unrestricted file upload vulnerability in SiteBridge Inc. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload PHP Joruri Gw
NVD GitHub
EPSS 13% CVSS 9.8
CRITICAL POC THREAT Act Now

modules/attributewizardpro/file_upload.php in the Attribute Wizard addon 1.6.9 for PrestaShop 1.4.0.1 through 1.6.1.18 allows remote attackers to execute arbitrary code by uploading a .phtml file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE PHP +1
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, allows an attacker to upload any file (including script files) without proper file format validation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload SAP Internet Graphics Server
NVD
EPSS 2% CVSS 8.8
HIGH POC This Week

Liferay 6.2.x and before has an FCKeditor configuration that allows an attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment via. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Liferay Portal
NVD
EPSS 49% CVSS 9.8
CRITICAL Act Now

A vulnerability in the Cisco Prime File Upload servlet affecting multiple Cisco products could allow a remote attacker to upload arbitrary files to any directory of a vulnerable device (aka Path. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Path Traversal Cisco +2
NVD
EPSS 7% CVSS 8.8
HIGH POC This Week

An issue was discovered on WatchGuard AP100, AP102, and AP200 devices with firmware before 1.2.9.15, and AP300 devices with firmware before 2.0.0.10. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Watchguard Ap200 Firmware +3
NVD Exploit-DB
EPSS 1% CVSS 2.7
LOW POC Monitor

In CMS Made Simple (CMSMS) through 2.2.7, the "file move" operation in the admin dashboard contains an arbitrary file movement vulnerability that can cause DoS, exploitable by an admin user, because. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Cms Made Simple
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

b3log Symphony (aka Sym) 2.6.0 allows remote attackers to upload and execute arbitrary JSP files via the name[] parameter to the /upload URI. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Symphony
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

A file uploading vulnerability exists in /include/helpers/upload.helper.php in DedeCMS V5.7 SP2, which can be utilized by attackers to upload and execute arbitrary PHP code via the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload PHP Dedecms
NVD GitHub
EPSS 5% CVSS 8.8
HIGH POC This Week

Digital Guardian Management Console 7.1.2.0015 allows authenticated remote code execution because of Arbitrary File Upload functionality. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Management Console
NVD
EPSS 1% CVSS 7.2
HIGH This Week

The plugin upload component in Z-BlogPHP 1.5.1 allows remote attackers to execute arbitrary PHP code via the app_id parameter to zb_users/plugin/AppCentre/plugin_edit.php because of an unanchored. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload CSRF PHP +1
NVD
EPSS 3% CVSS 8.8
HIGH POC This Week

Monstra CMS 3.0.4 allows remote code execution via an upload_file request for a .zip file, which is automatically extracted and may contain .php files. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE PHP +1
NVD GitHub Exploit-DB
EPSS 2% CVSS 9.8
CRITICAL Act Now

SAP Disclosure Management 10.1 allows an attacker to upload any file without proper file format validation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload SAP Disclosure Management
NVD
EPSS 4% CVSS 6.1
MEDIUM POC This Month

The Iptanus WordPress File Upload plugin before 4.3.4 for WordPress mishandles Settings attributes, leading to XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload WordPress XSS +1
NVD Exploit-DB
EPSS 3% CVSS 5.4
MEDIUM POC This Month

The Iptanus WordPress File Upload plugin before 4.3.3 for WordPress mishandles shortcode attributes. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload WordPress XSS +1
NVD Exploit-DB
EPSS 3% CVSS 7.5
HIGH This Week

An issue was discovered on AXIS M1033-W (IP camera) Firmware version 5.40.5.1 devices. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

File Upload Apache RCE +1
NVD
EPSS 4% CVSS 7.5
HIGH POC This Week

An issue was discovered on AXIS P1354 (IP camera) Firmware version 5.90.1.1 devices. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

File Upload Apache RCE +1
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

PHPOK 4.8.338 has an arbitrary file upload vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Phpok
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

Pivotal Spring Batch Admin, all versions, contains a stored XSS vulnerability in the file upload feature. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java XSS File Upload +1
NVD
EPSS 3% CVSS 9.8
CRITICAL POC Act Now

joyplus-cms 1.6.0 allows Remote Code Execution because of an Arbitrary File Upload issue in manager/editor/upload.php, related to manager/admin_vod.php?action=add. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE PHP +1
NVD GitHub
EPSS 41% CVSS 7.2
HIGH POC THREAT Act Now

CMS Made Simple version 2.2.5 contains a Remote Code Execution vulnerability in File Manager that can result in Allows an authenticated admin that has access to the file manager to execute code on. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Cms Made Simple
NVD Exploit-DB
EPSS 4% CVSS 8.8
HIGH This Week

An arbitrary file upload vulnerability was discovered in vApp Manager which is embedded in Dell EMC Unisphere for VMAX, Dell EMC Solutions Enabler, Dell EMC VASA Virtual Appliances, and Dell EMC VMAX. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Dell Emc Solutions Enabler Virtual Appliance +3
NVD
Prev Page 42 of 45 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy