Skip to main content

File Upload

4034 CVEs technique

Monthly

CVE-2014-10021 HIGH POC THREAT Act Now

Unrestricted file upload vulnerability in UploadHandler.php in the WP Symposium plugin 14.11 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 78.5%.

RCE WordPress PHP File Upload Wp Symposium
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
78.5%
Threat
5.4
CVE-2014-9580 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in ProjectSend (formerly cFTP) r561 allows remote attackers to inject arbitrary web script or HTML via the Description field in a file upload. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS File Upload Projectsend
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
3.8%
CVE-2014-9473 HIGH POC THREAT Act Now

Unrestricted file upload vulnerability in lib_nonajax.php in the CformsII plugin 14.7 and earlier for WordPress allows remote attackers to execute arbitrary code by uploading a file with an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 39.4%.

RCE WordPress PHP File Upload Cformsii
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
39.4%
Threat
4.2
CVE-2014-9567 HIGH POC THREAT Act Now

Unrestricted file upload vulnerability in process-upload.php in ProjectSend (formerly cFTP) r100 through r561 allows remote attackers to execute arbitrary PHP code by uploading a file with a PHP. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 82.9%.

RCE PHP Code Injection File Upload Projectsend
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
82.9%
Threat
5.5
CVE-2014-9521 HIGH This Week

Unrestricted file upload vulnerability in uploadScript.php in InfiniteWP Admin Panel before 2.4.4, when the allWPFiles query parameter is set, allows remote attackers to execute arbitrary code by. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE PHP Code Injection File Upload Infinitewp
NVD
CVSS 2.0
7.5
EPSS
1.6%
CVE-2014-8085 MEDIUM This Month

Unrestricted file upload vulnerability in the CWebContact::doModel method in oc-includes/osclass/controller/contact.php in OSClass before 3.4.3 allows remote attackers to execute arbitrary PHP code. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

PHP File Upload Osclass
NVD
CVSS 2.0
6.8
EPSS
1.0%
CVE-2014-1905 CRITICAL POC THREAT Emergency

Unrestricted file upload vulnerability in ls/vw_snapshots.php in the VideoWhisper Live Streaming Integration plugin before 4.29.5 for WordPress allows remote attackers to execute arbitrary PHP code. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 18.0%.

Command Injection WordPress PHP File Upload Videowhisper Live Streaming Integration
NVD Exploit-DB
CVSS 2.0
10.0
EPSS
18.0%
Threat
4.0
CVE-2013-6227 HIGH POC PATCH THREAT Act Now

Unrestricted file upload vulnerability in plugins/editor.zoho/agent/save_zoho.php in the Zoho plugin in Pydio (formerly AjaXplorer) before 5.0.4 allows remote attackers to execute arbitrary code by. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 19.4%.

Zoho RCE PHP File Upload Ajaxplorer +1
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
19.4%
CVE-2014-7260 HIGH This Week

The Server Side Includes (SSI) implementation in the File Upload BBS component in ULTRAPOP.JP i-HTTPD allows remote attackers to execute arbitrary commands by uploading files containing commands in. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection File Upload I Httpd
NVD
CVSS 2.0
7.5
EPSS
0.9%
CVE-2014-9134 CRITICAL Act Now

Unrestricted file upload vulnerability in Huawei Honor Cube Wireless Router WS860s before V100R001C02B222 allows remote attackers to execute arbitrary code by uploading a file with an executable. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Huawei File Upload Honor Cube Wireless Router Ws860S Firewall Honor Cube Wireless Router Ws860S
NVD
CVSS 2.0
10.0
EPSS
3.8%
CVE-2014-7835 PHP LOW PATCH Monitor

webservice/upload.php in Moodle 2.6.x before 2.6.6 and 2.7.x before 2.7.3 does not ensure that a file upload is for a private or draft area, which allows remote authenticated users to upload files. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP File Upload Moodle
NVD
CVSS 2.0
2.1
EPSS
0.2%
CVE-2014-8997 HIGH POC This Week

Unrestricted file upload vulnerability in the Photo functionality in DigitalVidhya Digi Online Examination System 2.0 allows remote attackers to execute arbitrary code by uploading a file with an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection File Upload Digi Online Examination System
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
7.0%
CVE-2014-8770 PHP CRITICAL POC THREAT Emergency

Unrestricted file upload vulnerability in magmi/web/magmi.php in the MAGMI (aka Magento Mass Importer) plugin 0.7.17a and earlier for Magento Community Edition (CE) allows remote authenticated users. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 13.2%.

RCE Code Injection File Upload PHP Adobe +1
NVD Exploit-DB
CVSS 2.0
9.0
EPSS
13.2%
CVE-2014-3863 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the JChatSocial component before 2.3 for Joomla!. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS File Upload Jchatsocial
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-2278 MEDIUM This Month

Unrestricted file upload vulnerability in op/op.AddFile2.php in SeedDMS (formerly LetoDMS and MyDMS) before 4.3.4 allows remote attackers to execute arbitrary code by uploading a file with an. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable. No vendor patch available.

RCE PHP File Upload Seeddms
NVD
CVSS 2.0
5.1
EPSS
2.4%
CVE-2014-5298 MEDIUM This Month

FileUploadsFilter.php in X2Engine 4.1.7 and earlier, when running on case-insensitive file systems, allows remote attackers to bypass the upload blacklist and conduct unrestricted file upload attacks. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Privilege Escalation File Upload X2Engine
NVD GitHub
CVSS 2.0
5.0
EPSS
1.2%
CVE-2014-6298 HIGH PATCH This Week

Unrestricted file upload vulnerability in the mm_forum extension before 1.9.3 for TYPO3 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection File Upload Mm Forum
NVD
CVSS 2.0
7.5
EPSS
1.9%
CVE-2014-3947 PHP HIGH PATCH This Week

Unrestricted file upload vulnerability in the powermail extension before 1.6.11 and 2.x before 2.0.14 for TYPO3 allows remote attackers to execute arbitrary code by uploading a file with a crafted. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection File Upload Powermail
NVD
CVSS 2.0
7.5
EPSS
1.7%
CVE-2014-5324 MEDIUM This Month

Unrestricted file upload vulnerability in the N-Media file uploader plugin before 3.4 for WordPress allows remote authenticated users to execute arbitrary PHP code by leveraging Author privileges to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Code Injection File Upload PHP RCE +1
NVD
CVSS 2.0
6.5
EPSS
0.5%
CVE-2013-4444 Maven MEDIUM PATCH This Month

Unrestricted file upload vulnerability in Apache Tomcat 7.x before 7.0.40, in certain situations involving outdated java.io.File code and a custom JMX configuration, allows remote attackers to. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Tomcat Code Injection File Upload RCE Apache
NVD
CVSS 2.0
6.8
EPSS
9.5%
CVE-2014-5460 MEDIUM POC PATCH THREAT This Month

Unrestricted file upload vulnerability in the Tribulant Slideshow Gallery plugin before 1.4.7 for WordPress allows remote authenticated users to execute arbitrary code by uploading a PHP file, then. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 64.7%.

RCE WordPress PHP File Upload Tibulant Slideshow Gallery
NVD Exploit-DB
CVSS 2.0
6.5
EPSS
64.7%
Threat
4.7
CVE-2014-2223 HIGH POC THREAT Act Now

Unrestricted file upload vulnerability in plog-admin/plog-upload.php in Plogger 1.0 RC1 and earlier allows remote authenticated users to execute arbitrary code by uploading a ZIP file that contains a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 10.4%.

RCE PHP Code Injection File Upload Plogger
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
10.4%
CVE-2014-0481 PyPI MEDIUM PATCH This Month

The default configuration for the file upload handling system in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 uses a sequential file name. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Denial Of Service Python File Upload Opensuse Django +1
NVD
CVSS 2.0
4.3
EPSS
1.1%
CVE-2014-5454 MEDIUM This Month

Unrestricted file upload vulnerability in the image upload module in SAS Visual Analytics 6.4M1 allows remote authenticated users to execute arbitrary code by uploading a file with an executable. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. No vendor patch available.

RCE File Upload Visual Analytics
NVD
CVSS 2.0
6.0
EPSS
1.4%
CVE-2014-5199 MEDIUM PATCH This Month

Cross-site request forgery (CSRF) vulnerability in the WordPress File Upload plugin (wp-file-upload) before 2.4.2 for WordPress allows remote attackers to hijack the authentication of administrators. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

CSRF WordPress File Upload Wordpress File Upload
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2014-0607 CRITICAL Act Now

Unrestricted file upload vulnerability in Attachmate Verastream Process Designer (VPD) before R6 SP1 Hotfix 1 allows remote attackers to execute arbitrary code by uploading and launching an. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE File Upload Verastream Process Designer
NVD
CVSS 2.0
10.0
EPSS
6.8%
CVE-2013-5353 MEDIUM This Month

Unrestricted file upload vulnerability in system/controllers/ajax/attachments.php in Sharetronix 3.1.1.3, 3.1.1, and earlier allows remote attackers to execute arbitrary code by uploading a file with. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

RCE PHP File Upload Sharetronix
NVD
CVSS 2.0
6.8
EPSS
1.6%
CVE-2013-4250 PHP MEDIUM PATCH This Month

The (1) file upload component and (2) File Abstraction Layer (FAL) in TYPO3 6.0.x before 6.0.8 and 6.1.x before 6.1.3 do not properly check file extensions, which allow remote authenticated editors. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

PHP File Upload Typo3
NVD
CVSS 2.0
6.5
EPSS
0.4%
CVE-2014-2042 HIGH This Week

Unrestricted file upload vulnerability in the Manage Project functionality in Livetecs Timelive before 6.5.1 allows remote authenticated users to execute arbitrary code by uploading a file with an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE File Upload Timeline
NVD VulDB
CVSS 2.0
7.5
EPSS
1.5%
CVE-2014-2867 CRITICAL Act Now

Unrestricted file upload vulnerability in PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote attackers to execute arbitrary code by uploading a ColdFusion page, and then accessing. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE File Upload Commonspot Content Server
NVD VulDB
CVSS 2.0
10.0
EPSS
4.1%
CVE-2014-0342 HIGH This Week

Multiple unrestricted file upload vulnerabilities in fileupload.php in PivotX before 2.3.9 allow remote authenticated users to execute arbitrary PHP code by uploading a file with a (1) .php or (2). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP File Upload Pivotx
NVD VulDB
CVSS 2.0
7.5
EPSS
1.5%
CVE-2014-2088 MEDIUM POC This Month

Unrestricted file upload vulnerability in ilias.php in ILIAS 4.4.1 allows remote authenticated users to execute arbitrary PHP code by using a .php filename in an upload_files action to the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Ilias
NVD Exploit-DB
CVSS 2.0
6.5
EPSS
3.6%
CVE-2013-6722 MEDIUM This Month

Unrestricted file upload vulnerability in the Registration/Edit My Profile portlet in IBM WebSphere Portal 7.x before 7.0.0.2 CF27 and 8.x through 8.0.0.1 CF09 allows remote attackers to cause a. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service File Upload IBM Websphere Portal
NVD
CVSS 2.0
5.8
EPSS
0.5%
CVE-2013-6332 HIGH This Week

Unrestricted file upload vulnerability in IBM Algo One UDS 4.7.0 through 5.0.0 allows remote authenticated users to execute arbitrary code by uploading a .jsp file and then launching it. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

RCE File Upload IBM Algo One
NVD
CVSS 2.0
8.5
EPSS
2.6%
CVE-2014-1610 MEDIUM POC THREAT This Month

MediaWiki 1.22.x before 1.22.2, 1.21.x before 1.21.5, and 1.19.x before 1.19.11, when DjVu or PDF file upload support is enabled, allows remote attackers to execute arbitrary commands via shell. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 48.0%.

PHP File Upload Mediawiki
NVD Exploit-DB
CVSS 2.0
6.0
EPSS
48.0%
Threat
4.1
CVE-2013-4898 MEDIUM POC This Month

Unrestricted file upload vulnerability in the user profile page feature in the Timeline Plugin 4.2.5p9 for SocialEngine allows remote authenticated users to execute arbitrary code by uploading a file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Timeline
NVD Exploit-DB
CVSS 2.0
6.5
EPSS
8.8%
CVE-2013-7274 LOW POC Monitor

Cross-site scripting (XSS) vulnerability in Wallpaper Script 3.5.0082 allows remote authenticated users to inject arbitrary web script or HTML via the title field in a wallpaper file upload. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

File Upload XSS Wallpaperscript
NVD Exploit-DB
CVSS 2.0
3.5
EPSS
0.6%
CVE-2013-7102 MEDIUM POC THREAT This Month

Multiple unrestricted file upload vulnerabilities in (1) media-upload.php, (2) media-upload-lncthumb.php, and (3) media-upload-sq_button.php in lib/admin/ in the OptimizePress theme before 1.61 for. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 63.3%.

WordPress PHP File Upload RCE Optimizepress
NVD
CVSS 2.0
6.8
EPSS
63.3%
Threat
4.8
CVE-2013-6820 CRITICAL Act Now

Unrestricted file upload vulnerability in the SAP NetWeaver Development Infrastructure (NWDI) allows remote attackers to execute arbitrary code by uploading a file with an executable extension via. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

SAP File Upload RCE Netweaver Development Infrastructure
NVD
CVSS 2.0
9.3
EPSS
3.8%
CVE-2013-2114 MEDIUM PATCH This Month

Unrestricted file upload vulnerability in the chunk upload API in MediaWiki 1.19 through 1.19.6 and 1.20.x before 1.20.6 allows remote attackers to execute arbitrary code by uploading a file with an. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

File Upload RCE Mediawiki
NVD
CVSS 2.0
6.8
EPSS
1.4%
CVE-2013-4465 MEDIUM This Month

Unrestricted file upload vulnerability in the avatar upload functionality in Simple Machines Forum before 2.0.6 and 2.1 allows remote authenticated users to execute arbitrary code by uploading a file. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable. No vendor patch available.

File Upload RCE Simple Machines Forum
NVD GitHub
CVSS 2.0
4.6
EPSS
1.1%
CVE-2013-2580 HIGH POC This Week

Unrestricted file upload vulnerability in cgi-bin/uploadfile in TP-Link IP Cameras TL-SC3130, TL-SC3130G, TL-SC3171, TL-SC3171G, and possibly other models before beta firmware LM.1.6.18P12_sign6,. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

File Upload TP-Link Tl Sc3130 Tl Sc3130G Tl Sc3171 +2
NVD Exploit-DB
CVSS 2.0
7.1
EPSS
7.8%
CVE-2013-5963 MEDIUM POC This Month

Unrestricted file upload vulnerability in multi.php in Simple Dropbox Upload plugin before 1.8.8.1 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

WordPress PHP File Upload RCE Simple Dropbox Upload Form
NVD
CVSS 2.0
6.8
EPSS
2.7%
CVE-2013-5962 MEDIUM POC THREAT This Month

Unrestricted file upload vulnerability in frames/upload-images.php in the Complete Gallery Manager plugin before 3.3.4 rev40279 for WordPress allows remote attackers to execute arbitrary code by. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 26.6%.

WordPress PHP File Upload RCE Complete Gallery Manager Plugin
NVD Exploit-DB
CVSS 2.0
5.1
EPSS
26.6%
CVE-2013-5961 MEDIUM POC This Month

Unrestricted file upload vulnerability in lazyseo.php in the Lazy SEO plugin 1.1.9 for WordPress allows remote attackers to execute arbitrary PHP code by uploading a PHP file, then accessing it via a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

WordPress PHP File Upload Lazy Seo
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
7.0%
CVE-2013-4049 HIGH This Week

Unrestricted file upload vulnerability in IBM SPSS Analytical Decision Management 6.1 before IF1, 6.2 before IF1, and 7.0 before FP1 IF6 allows remote authenticated users to execute arbitrary code by. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

RCE File Upload IBM Spss Analytical Decision Management
NVD
CVSS 2.0
8.5
EPSS
2.6%
CVE-2013-3590 MEDIUM This Month

Unrestricted file upload vulnerability in admin/uploadImage.html in SearchBlox before 7.5 build 1 allows remote attackers to execute arbitrary code by uploading an executable file with the image/jpeg. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

File Upload RCE Searchblox
NVD
CVSS 2.0
6.8
EPSS
3.8%
CVE-2013-4949 MEDIUM POC This Month

Unrestricted file upload vulnerability in view.php in Machform 2 allows remote attackers to execute arbitrary PHP code by uploading a PHP file, then accessing it via a direct request to the file in. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

PHP File Upload Machform
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
8.9%
CVE-2013-0206 MEDIUM PATCH This Month

Unrestricted file upload vulnerability in the Live CSS module 6.x-2.x before 6.x-2.1 and 7.x-2.x before 7.x-2.7 for Drupal allows remote authenticated users with the "administer CSS" permissions to. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable.

File Upload RCE Live Css
NVD
CVSS 2.0
6.0
EPSS
1.5%
CVE-2012-6509 HIGH POC This Week

Unrestricted file upload vulnerability in NetArt Media Car Portal 3.0 allows remote attackers to execute arbitrary PHP code by uploading a file a double extension, as demonstrated by .php%00.jpg. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Car Portal
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
4.9%
CVE-2012-6498 MEDIUM POC This Month

Unrestricted file upload vulnerability in index.php in Atomymaxsite 2.5 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

PHP File Upload RCE Atomymaxsite
NVD
CVSS 2.0
6.8
EPSS
2.5%
CVE-2012-6081 PyPI MEDIUM POC PATCH THREAT This Month

Multiple unrestricted file upload vulnerabilities in the (1) twikidraw (action/twikidraw.py) and (2) anywikidraw (action/anywikidraw.py) actions in MoinMoin before 1.9.6 allow remote authenticated. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 73.6%.

File Upload RCE Moinmoin
NVD Exploit-DB
CVSS 2.0
6.0
EPSS
73.6%
Threat
4.9
CVE-2012-5653 MEDIUM POC PATCH This Month

The file upload feature in Drupal 6.x before 6.27 and 7.x before 7.18 allows remote authenticated users to bypass the protection mechanism and execute arbitrary PHP code via a null byte in a file. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. Public exploit code available.

PHP File Upload Drupal Debian Linux
NVD
CVSS 2.0
6.0
EPSS
0.6%
CVE-2012-4472 MEDIUM POC PATCH This Month

Unrestricted file upload vulnerability in upload.php in the Drag & Drop Gallery module 6.x-1.5 and earlier for Drupal allows remote attackers to execute arbitrary PHP code by uploading a file with an. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable. Public exploit code available.

PHP File Upload Drag Drop Gallery
NVD
CVSS 2.0
5.1
EPSS
0.7%
CVE-2012-4944 CRITICAL Act Now

Multiple unrestricted file upload vulnerabilities in Agile FleetCommander and FleetCommander Kiosk before 4.08 allow remote attackers to execute arbitrary code by uploading a file via an unspecified. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload RCE Fleetcommander Fleetcommander Kiosk
NVD
CVSS 2.0
10.0
EPSS
5.7%
CVE-2012-5893 MEDIUM POC This Month

Unrestricted file upload vulnerability in hava_upload.php in Havalite CMS 1.1.0 and earlier allows remote attackers to execute arbitrary code by uploading a file with a .php;.gif extension, then. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

PHP File Upload RCE Cms
NVD
CVSS 2.0
6.8
EPSS
2.2%
CVE-2012-5318 MEDIUM POC THREAT This Month

Unrestricted file upload vulnerability in uploadify/scripts/uploadify.php in the Kish Guest Posting plugin 1.2 for WordPress allows remote attackers to execute arbitrary code by uploading a file with. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 11.0%.

WordPress PHP File Upload RCE Kish Guest Posting Plugin
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
11.0%
CVE-2012-1125 MEDIUM POC THREAT This Month

Unrestricted file upload vulnerability in uploadify/scripts/uploadify.php in the Kish Guest Posting plugin before 1.2 for WordPress allows remote attackers to execute arbitrary code by uploading a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 37.9%.

WordPress PHP File Upload RCE Kish Guest Posting Plugin
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
37.9%
Threat
4.0
CVE-2012-1153 MEDIUM POC THREAT This Month

Unrestricted file upload vulnerability in addons/uploadify/uploadify.php in appRain CMF 0.1.5 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 80.7%.

PHP File Upload RCE Apprain
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
80.7%
Threat
5.3
CVE-2012-4036 MEDIUM POC This Month

Unrestricted file upload vulnerability in admin.php in PBBoard 2.1.4 allows remote administrators to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

PHP File Upload Pbboard
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
6.7%
CVE-2012-4269 MEDIUM POC This Month

Unrestricted file upload vulnerability in eFront 3.6.11 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension via an attachment in a message. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

File Upload RCE Efront
NVD
CVSS 2.0
6.0
EPSS
1.6%
CVE-2012-3387 PHP MEDIUM PATCH This Month

Moodle 2.3.x before 2.3.1 uses only a client-side check for whether references are permitted in a file upload, which allows remote authenticated users to bypass intended alias (aka shortcut). Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation File Upload Moodle
NVD
CVSS 2.0
4.0
EPSS
0.2%
CVE-2012-3811 CRITICAL POC THREAT Emergency

Unrestricted file upload vulnerability in ImageUpload.ashx in the Wallboard application in Avaya IP Office Customer Call Reporter 7.0 before 7.0.5.8 Q1 2012 Maintenance Release and 8.0 before. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 79.0%.

Microsoft File Upload RCE Ip Office Customer Call Reporter
NVD Exploit-DB
CVSS 2.0
10.0
EPSS
79.0%
Threat
5.9
CVE-2012-3814 HIGH POC THREAT Act Now

Unrestricted file upload vulnerability in font-upload.php in the Font Uploader plugin 1.2.4 for WordPress allows remote attackers to execute arbitrary PHP code by uploading a PHP file with a .php.ttf. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 10.7%.

WordPress Privilege Escalation PHP File Upload Font Uploader
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
10.7%
CVE-2012-3578 MEDIUM POC THREAT This Month

Unrestricted file upload vulnerability in html/Upload.php in the FCChat Widget plugin 2.2.13.1 and earlier for WordPress allows remote attackers to execute arbitrary code by uploading a file with a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 19.0%.

Privilege Escalation WordPress File Upload PHP RCE +1
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
19.0%
CVE-2012-3577 HIGH POC THREAT Act Now

Unrestricted file upload vulnerability in doupload.php in the Nmedia Member Conversation plugin before 1.4 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 27.1%.

Privilege Escalation WordPress File Upload PHP RCE +1
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
27.1%
CVE-2012-3576 CRITICAL POC THREAT Emergency

Unrestricted file upload vulnerability in php/upload.php in the wpStoreCart plugin before 2.5.30 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 39.3%.

Privilege Escalation WordPress File Upload PHP RCE +1
NVD Exploit-DB
CVSS 2.0
10.0
EPSS
39.3%
Threat
4.7
CVE-2012-3575 CRITICAL POC THREAT Emergency

Unrestricted file upload vulnerability in uploader.php in the RBX Gallery plugin 2.1 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension,. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 36.3%.

Privilege Escalation WordPress File Upload PHP RCE +1
NVD Exploit-DB
CVSS 2.0
10.0
EPSS
36.3%
Threat
4.6
CVE-2012-3574 HIGH POC THREAT Act Now

Unrestricted file upload vulnerability in includes/doajaxfileupload.php in the MM Forms Community plugin 2.2.5 and 2.2.6 for WordPress allows remote attackers to execute arbitrary code by uploading a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 23.2%.

WordPress PHP File Upload RCE Mm Forms Community
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
23.2%
CVE-2012-2939 MEDIUM POC This Month

Multiple unrestricted file upload vulnerabilities in Travelon Express 6.2.2 allow remote authenticated users to execute arbitrary code by uploading a file with an executable extension using (1). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload RCE Travelon Express
NVD Exploit-DB
CVSS 2.0
6.5
EPSS
6.2%
CVE-2012-2902 MEDIUM This Month

Unrestricted file upload vulnerability in editor/extensions/browser/file.php in the Joomla Content Editor (JCE) component before 2.1 for Joomla!, when chunking is set to greater than zero, allows. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. No vendor patch available.

PHP File Upload Joomla Content Editor
NVD
CVSS 2.0
6.0
EPSS
0.6%
CVE-2012-0729 MEDIUM This Month

Unrestricted file upload vulnerability in IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 allows remote authenticated users to execute arbitrary ASP.NET code by uploading a .aspx file, and. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. No vendor patch available.

File Upload IBM Rational Appscan
NVD
CVSS 2.0
6.0
EPSS
0.5%
CVE-2012-1195 HIGH POC THREAT Act Now

Unrestricted file upload vulnerability in andesk/managementsuite/core/core.anonymous/ServerSetup.asmx in the ServerSetup web service in Lenovo ThinkManagement Console 9.0.3 allows remote attackers to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 86.5%.

Privilege Escalation File Upload Lenovo RCE Lenovo Thinkmanagement Console
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
86.5%
Threat
5.6
CVE-2012-1010 HIGH POC This Week

Unrestricted file upload vulnerability in actions.php in the AllWebMenus plugin before 1.1.8 for WordPress allows remote attackers to execute arbitrary PHP code by uploading a ZIP file containing a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress PHP File Upload Allwebmenus Plugin
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
8.7%
EPSS 78% 5.4 CVSS 7.5
HIGH POC THREAT Act Now

Unrestricted file upload vulnerability in UploadHandler.php in the WP Symposium plugin 14.11 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 78.5%.

RCE WordPress PHP +2
NVD Exploit-DB
EPSS 4% CVSS 4.3
MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in ProjectSend (formerly cFTP) r561 allows remote attackers to inject arbitrary web script or HTML via the Description field in a file upload. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS File Upload Projectsend
NVD Exploit-DB
EPSS 39% 4.2 CVSS 7.5
HIGH POC THREAT Act Now

Unrestricted file upload vulnerability in lib_nonajax.php in the CformsII plugin 14.7 and earlier for WordPress allows remote attackers to execute arbitrary code by uploading a file with an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 39.4%.

RCE WordPress PHP +2
NVD Exploit-DB
EPSS 83% 5.5 CVSS 7.5
HIGH POC THREAT Act Now

Unrestricted file upload vulnerability in process-upload.php in ProjectSend (formerly cFTP) r100 through r561 allows remote attackers to execute arbitrary PHP code by uploading a file with a PHP. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 82.9%.

RCE PHP Code Injection +2
NVD Exploit-DB
EPSS 2% CVSS 7.5
HIGH This Week

Unrestricted file upload vulnerability in uploadScript.php in InfiniteWP Admin Panel before 2.4.4, when the allWPFiles query parameter is set, allows remote attackers to execute arbitrary code by. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE PHP Code Injection +2
NVD
EPSS 1% CVSS 6.8
MEDIUM This Month

Unrestricted file upload vulnerability in the CWebContact::doModel method in oc-includes/osclass/controller/contact.php in OSClass before 3.4.3 allows remote attackers to execute arbitrary PHP code. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

PHP File Upload Osclass
NVD
EPSS 18% 4.0 CVSS 10.0
CRITICAL POC THREAT Emergency

Unrestricted file upload vulnerability in ls/vw_snapshots.php in the VideoWhisper Live Streaming Integration plugin before 4.29.5 for WordPress allows remote attackers to execute arbitrary PHP code. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 18.0%.

Command Injection WordPress PHP +2
NVD Exploit-DB
EPSS 19% CVSS 7.5
HIGH POC PATCH THREAT Act Now

Unrestricted file upload vulnerability in plugins/editor.zoho/agent/save_zoho.php in the Zoho plugin in Pydio (formerly AjaXplorer) before 5.0.4 allows remote attackers to execute arbitrary code by. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 19.4%.

Zoho RCE PHP +3
NVD Exploit-DB
EPSS 1% CVSS 7.5
HIGH This Week

The Server Side Includes (SSI) implementation in the File Upload BBS component in ULTRAPOP.JP i-HTTPD allows remote attackers to execute arbitrary commands by uploading files containing commands in. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection File Upload +1
NVD
EPSS 4% CVSS 10.0
CRITICAL Act Now

Unrestricted file upload vulnerability in Huawei Honor Cube Wireless Router WS860s before V100R001C02B222 allows remote attackers to execute arbitrary code by uploading a file with an executable. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Huawei File Upload +2
NVD
EPSS 0% CVSS 2.1
LOW PATCH Monitor

webservice/upload.php in Moodle 2.6.x before 2.6.6 and 2.7.x before 2.7.3 does not ensure that a file upload is for a private or draft area, which allows remote authenticated users to upload files. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP File Upload +1
NVD
EPSS 7% CVSS 7.5
HIGH POC This Week

Unrestricted file upload vulnerability in the Photo functionality in DigitalVidhya Digi Online Examination System 2.0 allows remote attackers to execute arbitrary code by uploading a file with an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection File Upload +1
NVD Exploit-DB
EPSS 13% CVSS 9.0
CRITICAL POC THREAT Emergency

Unrestricted file upload vulnerability in magmi/web/magmi.php in the MAGMI (aka Magento Mass Importer) plugin 0.7.17a and earlier for Magento Community Edition (CE) allows remote authenticated users. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 13.2%.

RCE Code Injection File Upload +3
NVD Exploit-DB
EPSS 0% CVSS 4.3
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the JChatSocial component before 2.3 for Joomla!. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS File Upload Jchatsocial
NVD
EPSS 2% CVSS 5.1
MEDIUM This Month

Unrestricted file upload vulnerability in op/op.AddFile2.php in SeedDMS (formerly LetoDMS and MyDMS) before 4.3.4 allows remote attackers to execute arbitrary code by uploading a file with an. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable. No vendor patch available.

RCE PHP File Upload +1
NVD
EPSS 1% CVSS 5.0
MEDIUM This Month

FileUploadsFilter.php in X2Engine 4.1.7 and earlier, when running on case-insensitive file systems, allows remote attackers to bypass the upload blacklist and conduct unrestricted file upload attacks. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Privilege Escalation File Upload +1
NVD GitHub
EPSS 2% CVSS 7.5
HIGH PATCH This Week

Unrestricted file upload vulnerability in the mm_forum extension before 1.9.3 for TYPO3 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection File Upload +1
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

Unrestricted file upload vulnerability in the powermail extension before 1.6.11 and 2.x before 2.0.14 for TYPO3 allows remote attackers to execute arbitrary code by uploading a file with a crafted. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection File Upload +1
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Unrestricted file upload vulnerability in the N-Media file uploader plugin before 3.4 for WordPress allows remote authenticated users to execute arbitrary PHP code by leveraging Author privileges to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Code Injection File Upload +3
NVD
EPSS 9% CVSS 6.8
MEDIUM PATCH This Month

Unrestricted file upload vulnerability in Apache Tomcat 7.x before 7.0.40, in certain situations involving outdated java.io.File code and a custom JMX configuration, allows remote attackers to. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Tomcat Code Injection File Upload +2
NVD
EPSS 65% 4.7 CVSS 6.5
MEDIUM POC PATCH THREAT This Month

Unrestricted file upload vulnerability in the Tribulant Slideshow Gallery plugin before 1.4.7 for WordPress allows remote authenticated users to execute arbitrary code by uploading a PHP file, then. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 64.7%.

RCE WordPress PHP +2
NVD Exploit-DB
EPSS 10% CVSS 7.5
HIGH POC THREAT Act Now

Unrestricted file upload vulnerability in plog-admin/plog-upload.php in Plogger 1.0 RC1 and earlier allows remote authenticated users to execute arbitrary code by uploading a ZIP file that contains a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 10.4%.

RCE PHP Code Injection +2
NVD Exploit-DB
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

The default configuration for the file upload handling system in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 uses a sequential file name. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Denial Of Service Python File Upload +3
NVD
EPSS 1% CVSS 6.0
MEDIUM This Month

Unrestricted file upload vulnerability in the image upload module in SAS Visual Analytics 6.4M1 allows remote authenticated users to execute arbitrary code by uploading a file with an executable. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. No vendor patch available.

RCE File Upload Visual Analytics
NVD
EPSS 0% CVSS 6.8
MEDIUM PATCH This Month

Cross-site request forgery (CSRF) vulnerability in the WordPress File Upload plugin (wp-file-upload) before 2.4.2 for WordPress allows remote attackers to hijack the authentication of administrators. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

CSRF WordPress File Upload +1
NVD
EPSS 7% CVSS 10.0
CRITICAL Act Now

Unrestricted file upload vulnerability in Attachmate Verastream Process Designer (VPD) before R6 SP1 Hotfix 1 allows remote attackers to execute arbitrary code by uploading and launching an. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE File Upload Verastream Process Designer
NVD
EPSS 2% CVSS 6.8
MEDIUM This Month

Unrestricted file upload vulnerability in system/controllers/ajax/attachments.php in Sharetronix 3.1.1.3, 3.1.1, and earlier allows remote attackers to execute arbitrary code by uploading a file with. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

RCE PHP File Upload +1
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

The (1) file upload component and (2) File Abstraction Layer (FAL) in TYPO3 6.0.x before 6.0.8 and 6.1.x before 6.1.3 do not properly check file extensions, which allow remote authenticated editors. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

PHP File Upload Typo3
NVD
EPSS 2% CVSS 7.5
HIGH This Week

Unrestricted file upload vulnerability in the Manage Project functionality in Livetecs Timelive before 6.5.1 allows remote authenticated users to execute arbitrary code by uploading a file with an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE File Upload Timeline
NVD VulDB
EPSS 4% CVSS 10.0
CRITICAL Act Now

Unrestricted file upload vulnerability in PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote attackers to execute arbitrary code by uploading a ColdFusion page, and then accessing. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE File Upload Commonspot Content Server
NVD VulDB
EPSS 1% CVSS 7.5
HIGH This Week

Multiple unrestricted file upload vulnerabilities in fileupload.php in PivotX before 2.3.9 allow remote authenticated users to execute arbitrary PHP code by uploading a file with a (1) .php or (2). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP File Upload Pivotx
NVD VulDB
EPSS 4% CVSS 6.5
MEDIUM POC This Month

Unrestricted file upload vulnerability in ilias.php in ILIAS 4.4.1 allows remote authenticated users to execute arbitrary PHP code by using a .php filename in an upload_files action to the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Ilias
NVD Exploit-DB
EPSS 1% CVSS 5.8
MEDIUM This Month

Unrestricted file upload vulnerability in the Registration/Edit My Profile portlet in IBM WebSphere Portal 7.x before 7.0.0.2 CF27 and 8.x through 8.0.0.1 CF09 allows remote attackers to cause a. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service File Upload IBM +1
NVD
EPSS 3% CVSS 8.5
HIGH This Week

Unrestricted file upload vulnerability in IBM Algo One UDS 4.7.0 through 5.0.0 allows remote authenticated users to execute arbitrary code by uploading a .jsp file and then launching it. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

RCE File Upload IBM +1
NVD
EPSS 48% 4.1 CVSS 6.0
MEDIUM POC THREAT This Month

MediaWiki 1.22.x before 1.22.2, 1.21.x before 1.21.5, and 1.19.x before 1.19.11, when DjVu or PDF file upload support is enabled, allows remote attackers to execute arbitrary commands via shell. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 48.0%.

PHP File Upload Mediawiki
NVD Exploit-DB
EPSS 9% CVSS 6.5
MEDIUM POC This Month

Unrestricted file upload vulnerability in the user profile page feature in the Timeline Plugin 4.2.5p9 for SocialEngine allows remote authenticated users to execute arbitrary code by uploading a file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Timeline
NVD Exploit-DB
EPSS 1% CVSS 3.5
LOW POC Monitor

Cross-site scripting (XSS) vulnerability in Wallpaper Script 3.5.0082 allows remote authenticated users to inject arbitrary web script or HTML via the title field in a wallpaper file upload. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

File Upload XSS Wallpaperscript
NVD Exploit-DB
EPSS 63% 4.8 CVSS 6.8
MEDIUM POC THREAT This Month

Multiple unrestricted file upload vulnerabilities in (1) media-upload.php, (2) media-upload-lncthumb.php, and (3) media-upload-sq_button.php in lib/admin/ in the OptimizePress theme before 1.61 for. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 63.3%.

WordPress PHP File Upload +2
NVD
EPSS 4% CVSS 9.3
CRITICAL Act Now

Unrestricted file upload vulnerability in the SAP NetWeaver Development Infrastructure (NWDI) allows remote attackers to execute arbitrary code by uploading a file with an executable extension via. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

SAP File Upload RCE +1
NVD
EPSS 1% CVSS 6.8
MEDIUM PATCH This Month

Unrestricted file upload vulnerability in the chunk upload API in MediaWiki 1.19 through 1.19.6 and 1.20.x before 1.20.6 allows remote attackers to execute arbitrary code by uploading a file with an. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

File Upload RCE Mediawiki
NVD
EPSS 1% CVSS 4.6
MEDIUM This Month

Unrestricted file upload vulnerability in the avatar upload functionality in Simple Machines Forum before 2.0.6 and 2.1 allows remote authenticated users to execute arbitrary code by uploading a file. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable. No vendor patch available.

File Upload RCE Simple Machines Forum
NVD GitHub
EPSS 8% CVSS 7.1
HIGH POC This Week

Unrestricted file upload vulnerability in cgi-bin/uploadfile in TP-Link IP Cameras TL-SC3130, TL-SC3130G, TL-SC3171, TL-SC3171G, and possibly other models before beta firmware LM.1.6.18P12_sign6,. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

File Upload TP-Link Tl Sc3130 +4
NVD Exploit-DB
EPSS 3% CVSS 6.8
MEDIUM POC This Month

Unrestricted file upload vulnerability in multi.php in Simple Dropbox Upload plugin before 1.8.8.1 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

WordPress PHP File Upload +2
NVD
EPSS 27% CVSS 5.1
MEDIUM POC THREAT This Month

Unrestricted file upload vulnerability in frames/upload-images.php in the Complete Gallery Manager plugin before 3.3.4 rev40279 for WordPress allows remote attackers to execute arbitrary code by. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 26.6%.

WordPress PHP File Upload +2
NVD Exploit-DB
EPSS 7% CVSS 6.8
MEDIUM POC This Month

Unrestricted file upload vulnerability in lazyseo.php in the Lazy SEO plugin 1.1.9 for WordPress allows remote attackers to execute arbitrary PHP code by uploading a PHP file, then accessing it via a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

WordPress PHP File Upload +1
NVD Exploit-DB
EPSS 3% CVSS 8.5
HIGH This Week

Unrestricted file upload vulnerability in IBM SPSS Analytical Decision Management 6.1 before IF1, 6.2 before IF1, and 7.0 before FP1 IF6 allows remote authenticated users to execute arbitrary code by. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

RCE File Upload IBM +1
NVD
EPSS 4% CVSS 6.8
MEDIUM This Month

Unrestricted file upload vulnerability in admin/uploadImage.html in SearchBlox before 7.5 build 1 allows remote attackers to execute arbitrary code by uploading an executable file with the image/jpeg. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

File Upload RCE Searchblox
NVD
EPSS 9% CVSS 6.8
MEDIUM POC This Month

Unrestricted file upload vulnerability in view.php in Machform 2 allows remote attackers to execute arbitrary PHP code by uploading a PHP file, then accessing it via a direct request to the file in. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

PHP File Upload Machform
NVD Exploit-DB
EPSS 1% CVSS 6.0
MEDIUM PATCH This Month

Unrestricted file upload vulnerability in the Live CSS module 6.x-2.x before 6.x-2.1 and 7.x-2.x before 7.x-2.7 for Drupal allows remote authenticated users with the "administer CSS" permissions to. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable.

File Upload RCE Live Css
NVD
EPSS 5% CVSS 7.5
HIGH POC This Week

Unrestricted file upload vulnerability in NetArt Media Car Portal 3.0 allows remote attackers to execute arbitrary PHP code by uploading a file a double extension, as demonstrated by .php%00.jpg. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Car Portal
NVD Exploit-DB
EPSS 2% CVSS 6.8
MEDIUM POC This Month

Unrestricted file upload vulnerability in index.php in Atomymaxsite 2.5 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

PHP File Upload RCE +1
NVD
EPSS 74% 4.9 CVSS 6.0
MEDIUM POC PATCH THREAT This Month

Multiple unrestricted file upload vulnerabilities in the (1) twikidraw (action/twikidraw.py) and (2) anywikidraw (action/anywikidraw.py) actions in MoinMoin before 1.9.6 allow remote authenticated. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 73.6%.

File Upload RCE Moinmoin
NVD Exploit-DB
EPSS 1% CVSS 6.0
MEDIUM POC PATCH This Month

The file upload feature in Drupal 6.x before 6.27 and 7.x before 7.18 allows remote authenticated users to bypass the protection mechanism and execute arbitrary PHP code via a null byte in a file. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. Public exploit code available.

PHP File Upload Drupal +1
NVD
EPSS 1% CVSS 5.1
MEDIUM POC PATCH This Month

Unrestricted file upload vulnerability in upload.php in the Drag & Drop Gallery module 6.x-1.5 and earlier for Drupal allows remote attackers to execute arbitrary PHP code by uploading a file with an. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable. Public exploit code available.

PHP File Upload Drag Drop Gallery
NVD
EPSS 6% CVSS 10.0
CRITICAL Act Now

Multiple unrestricted file upload vulnerabilities in Agile FleetCommander and FleetCommander Kiosk before 4.08 allow remote attackers to execute arbitrary code by uploading a file via an unspecified. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload RCE Fleetcommander +1
NVD
EPSS 2% CVSS 6.8
MEDIUM POC This Month

Unrestricted file upload vulnerability in hava_upload.php in Havalite CMS 1.1.0 and earlier allows remote attackers to execute arbitrary code by uploading a file with a .php;.gif extension, then. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

PHP File Upload RCE +1
NVD
EPSS 11% CVSS 6.8
MEDIUM POC THREAT This Month

Unrestricted file upload vulnerability in uploadify/scripts/uploadify.php in the Kish Guest Posting plugin 1.2 for WordPress allows remote attackers to execute arbitrary code by uploading a file with. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 11.0%.

WordPress PHP File Upload +2
NVD Exploit-DB
EPSS 38% 4.0 CVSS 6.8
MEDIUM POC THREAT This Month

Unrestricted file upload vulnerability in uploadify/scripts/uploadify.php in the Kish Guest Posting plugin before 1.2 for WordPress allows remote attackers to execute arbitrary code by uploading a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 37.9%.

WordPress PHP File Upload +2
NVD Exploit-DB
EPSS 81% 5.3 CVSS 6.8
MEDIUM POC THREAT This Month

Unrestricted file upload vulnerability in addons/uploadify/uploadify.php in appRain CMF 0.1.5 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 80.7%.

PHP File Upload RCE +1
NVD Exploit-DB
EPSS 7% CVSS 6.8
MEDIUM POC This Month

Unrestricted file upload vulnerability in admin.php in PBBoard 2.1.4 allows remote administrators to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

PHP File Upload Pbboard
NVD Exploit-DB
EPSS 2% CVSS 6.0
MEDIUM POC This Month

Unrestricted file upload vulnerability in eFront 3.6.11 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension via an attachment in a message. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

File Upload RCE Efront
NVD
EPSS 0% CVSS 4.0
MEDIUM PATCH This Month

Moodle 2.3.x before 2.3.1 uses only a client-side check for whether references are permitted in a file upload, which allows remote authenticated users to bypass intended alias (aka shortcut). Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation File Upload Moodle
NVD
EPSS 79% 5.9 CVSS 10.0
CRITICAL POC THREAT Emergency

Unrestricted file upload vulnerability in ImageUpload.ashx in the Wallboard application in Avaya IP Office Customer Call Reporter 7.0 before 7.0.5.8 Q1 2012 Maintenance Release and 8.0 before. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 79.0%.

Microsoft File Upload RCE +1
NVD Exploit-DB
EPSS 11% CVSS 7.5
HIGH POC THREAT Act Now

Unrestricted file upload vulnerability in font-upload.php in the Font Uploader plugin 1.2.4 for WordPress allows remote attackers to execute arbitrary PHP code by uploading a PHP file with a .php.ttf. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 10.7%.

WordPress Privilege Escalation PHP +2
NVD Exploit-DB
EPSS 19% CVSS 6.8
MEDIUM POC THREAT This Month

Unrestricted file upload vulnerability in html/Upload.php in the FCChat Widget plugin 2.2.13.1 and earlier for WordPress allows remote attackers to execute arbitrary code by uploading a file with a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 19.0%.

Privilege Escalation WordPress File Upload +3
NVD Exploit-DB
EPSS 27% CVSS 7.5
HIGH POC THREAT Act Now

Unrestricted file upload vulnerability in doupload.php in the Nmedia Member Conversation plugin before 1.4 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 27.1%.

Privilege Escalation WordPress File Upload +3
NVD Exploit-DB
EPSS 39% 4.7 CVSS 10.0
CRITICAL POC THREAT Emergency

Unrestricted file upload vulnerability in php/upload.php in the wpStoreCart plugin before 2.5.30 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 39.3%.

Privilege Escalation WordPress File Upload +3
NVD Exploit-DB
EPSS 36% 4.6 CVSS 10.0
CRITICAL POC THREAT Emergency

Unrestricted file upload vulnerability in uploader.php in the RBX Gallery plugin 2.1 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension,. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 36.3%.

Privilege Escalation WordPress File Upload +3
NVD Exploit-DB
EPSS 23% CVSS 7.5
HIGH POC THREAT Act Now

Unrestricted file upload vulnerability in includes/doajaxfileupload.php in the MM Forms Community plugin 2.2.5 and 2.2.6 for WordPress allows remote attackers to execute arbitrary code by uploading a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 23.2%.

WordPress PHP File Upload +2
NVD Exploit-DB
EPSS 6% CVSS 6.5
MEDIUM POC This Month

Multiple unrestricted file upload vulnerabilities in Travelon Express 6.2.2 allow remote authenticated users to execute arbitrary code by uploading a file with an executable extension using (1). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload RCE +1
NVD Exploit-DB
EPSS 1% CVSS 6.0
MEDIUM This Month

Unrestricted file upload vulnerability in editor/extensions/browser/file.php in the Joomla Content Editor (JCE) component before 2.1 for Joomla!, when chunking is set to greater than zero, allows. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. No vendor patch available.

PHP File Upload Joomla Content Editor
NVD
EPSS 0% CVSS 6.0
MEDIUM This Month

Unrestricted file upload vulnerability in IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 allows remote authenticated users to execute arbitrary ASP.NET code by uploading a .aspx file, and. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. No vendor patch available.

File Upload IBM Rational Appscan
NVD
EPSS 87% 5.6 CVSS 7.5
HIGH POC THREAT Act Now

Unrestricted file upload vulnerability in andesk/managementsuite/core/core.anonymous/ServerSetup.asmx in the ServerSetup web service in Lenovo ThinkManagement Console 9.0.3 allows remote attackers to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 86.5%.

Privilege Escalation File Upload Lenovo +2
NVD Exploit-DB
EPSS 9% CVSS 7.5
HIGH POC This Week

Unrestricted file upload vulnerability in actions.php in the AllWebMenus plugin before 1.1.8 for WordPress allows remote attackers to execute arbitrary PHP code by uploading a ZIP file containing a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress PHP File Upload +1
NVD Exploit-DB
Prev Page 45 of 45

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy