Search
Total
528 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-18643 | 1 Sparkdevnetwork | 1 Rock Rms | 2021-01-13 | 7.5 HIGH | 9.8 CRITICAL |
| Rock RMS versions before 8.10 and versions 9.0 through 9.3 fails to properly validate files uploaded in the application. The only protection mechanism is a file-extension blacklist that can be bypassed by adding multiple spaces and periods after the file name. This could allow an attacker to upload ASPX code and gain remote code execution on the application. The application typically runs as LocalSystem as mandated in the installation guide. Patched in versions 8.10 and 9.4. | |||||
| CVE-2020-25010 | 1 Kyland | 2 Kps2204 6 Port Managed Din-rail Programmable Serial Device, Kps2204 6 Port Managed Din-rail Programmable Serial Device Firmware | 2020-12-22 | 7.5 HIGH | 9.8 CRITICAL |
| An arbitrary code execution vulnerability in Kyland KPS2204 6 Port Managed Din-Rail Programmable Serial Device Servers Software Version:R0002.P05 allows remote attackers to upload a malicious script file by constructing a POST type request and writing a payload in the request parameters as an instruction to write a file. | |||||
| CVE-2020-35489 | 1 Rocklobster | 1 Contact Form 7 | 2020-12-22 | 10.0 HIGH | 10.0 CRITICAL |
| The contact-form-7 (aka Contact Form 7) plugin before 5.3.2 for WordPress allows Unrestricted File Upload and remote code execution because a filename may contain special characters. | |||||
| CVE-2020-26255 | 1 Getkirby | 2 Kirby, Panel | 2020-12-10 | 6.5 MEDIUM | 9.1 CRITICAL |
| Kirby is a CMS. In Kirby CMS (getkirby/cms) before version 3.4.5, and Kirby Panel before version 2.5.14 , an editor with full access to the Kirby Panel can upload a PHP .phar file and execute it on the server. This vulnerability is critical if you might have potential attackers in your group of authenticated Panel users, as they can gain access to the server with such a Phar file. Visitors without Panel access *cannot* use this attack vector. The problem has been patched in Kirby 2.5.14 and Kirby 3.4.5. Please update to one of these or a later version to fix the vulnerability. Note: Kirby 2 reaches end of life on December 31, 2020. We therefore recommend to upgrade your Kirby 2 sites to Kirby 3. If you cannot upgrade, we still recommend to update to Kirby 2.5.14. | |||||
| CVE-2017-1000081 | 1 Onosproject | 1 Onos | 2020-12-07 | 7.5 HIGH | 9.8 CRITICAL |
| Linux foundation ONOS 1.9.0 is vulnerable to unauthenticated upload of applications (.oar) resulting in remote code execution. | |||||
| CVE-2020-25537 | 1 Ucms Project | 1 Ucms | 2020-12-04 | 10.0 HIGH | 9.8 CRITICAL |
| File upload vulnerability exists in UCMS 1.5.0, and the attacker can take advantage of this vulnerability to obtain server management permission. | |||||
| CVE-2020-13774 | 1 Ivanti | 1 Endpoint Manager | 2020-12-02 | 9.0 HIGH | 9.9 CRITICAL |
| An unrestricted file-upload issue in EditLaunchPadDialog.aspx in Ivanti Endpoint Manager 2019.1 and 2020.1 allows an authenticated attacker to gain remote code execution by uploading a malicious aspx file. The issue is caused by insufficient file extension validation and insecure file operations on the uploaded image, which upon failure will leave the temporarily created files in an accessible location on the server. | |||||
| CVE-2020-28130 | 1 Online Library Management System Project | 1 Online Library Management System | 2020-11-23 | 10.0 HIGH | 9.8 CRITICAL |
| An Arbitrary File Upload in the Upload Image component in SourceCodester Online Library Management System 1.0 allows the user to conduct remote code execution via admin/borrower/index.php?view=add because .php files can be uploaded to admin/borrower/photos (under the web root). | |||||
| CVE-2020-28140 | 1 Online Clothing Store Project | 1 Online Clothing Store | 2020-11-23 | 7.5 HIGH | 9.8 CRITICAL |
| SourceCodester Online Clothing Store 1.0 is affected by an arbitrary file upload via the image upload feature of Products.php. | |||||
| CVE-2020-26553 | 1 Aviatrix | 1 Controller | 2020-11-23 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Aviatrix Controller before R6.0.2483. Several APIs contain functions that allow arbitrary files to be uploaded to the web tree. | |||||
| CVE-2020-23138 | 1 Microweber | 1 Microweber | 2020-11-20 | 7.5 HIGH | 9.8 CRITICAL |
| An unrestricted file upload vulnerability was discovered in the Microweber 1.1.18 admin account page. An attacker can upload PHP code or any extension (eg- .exe) to the web server by providing image data and the image/jpeg content type with a .php extension. | |||||
| CVE-2020-24407 | 1 Magento | 1 Magento | 2020-11-12 | 9.0 HIGH | 9.1 CRITICAL |
| Magento versions 2.4.0 and 2.3.5p1 (and earlier) are affected by an unsafe file upload vulnerability that could result in arbitrary code execution. This vulnerability could be abused by authenticated users with administrative permissions to the System/Data and Transfer/Import components. | |||||
| CVE-2020-11486 | 2 Intel, Nvidia | 2 Bmc Firmware, Dgx-1 | 2020-11-05 | 7.5 HIGH | 9.8 CRITICAL |
| NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30, contain a vulnerability in the AMI BMC firmware in which software allows an attacker to upload or transfer files that can be automatically processed within the product's environment, which may lead to remote code execution. | |||||
| CVE-2020-27956 | 1 Car Rental Management System Project | 1 Car Rental Management System | 2020-11-03 | 7.5 HIGH | 9.8 CRITICAL |
| An Arbitrary File Upload in the Upload Image component in SourceCodester Car Rental Management System 1.0 allows the user to conduct remote code execution via admin/index.php?page=manage_car because .php files can be uploaded to admin/assets/uploads/ (under the web root). | |||||
| CVE-2020-19672 | 1 Niushop | 1 Niushop | 2020-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| Niushop B2B2C Multi-business basic version V1.11, can bypass the administrator to obtain the background upload interface, through parameter upload, bypass the getimagesize function, upload php file, getshell. | |||||
| CVE-2020-25763 | 1 Seat Reservation System Project | 1 Seat Reservation System | 2020-10-08 | 7.5 HIGH | 9.8 CRITICAL |
| Seat Reservation System version 1.0 suffers from an Unauthenticated File Upload Vulnerability allowing Remote Attackers to gain Remote Code Execution (RCE) on the Hosting Webserver via uploading PHP files. | |||||
| CVE-2020-12843 | 1 Gogogate | 2 Ismartgate Pro, Ismartgate Pro Firmware | 2020-09-27 | 7.5 HIGH | 9.8 CRITICAL |
| ismartgate PRO 1.5.9 is vulnerable to malicious file uploads via the form for uploading sounds to garage doors. The magic bytes for WAV must be used. | |||||
| CVE-2020-23828 | 1 Online Course Registration Project | 1 Online Course Registration | 2020-09-21 | 7.5 HIGH | 9.8 CRITICAL |
| A File Upload vulnerability in SourceCodester Online Course Registration v1.0 allows remote attackers to achieve Remote Code Execution (RCE) on the hosting webserver by uploading a crafted PHP web-shell that bypasses the image upload filters. An attack uses /Online%20Course%20Registration/my-profile.php with the POST parameter photo. | |||||
| CVE-2020-24195 | 1 Online Bike Rental Project | 1 Online Bike Rental | 2020-09-15 | 6.5 MEDIUM | 9.1 CRITICAL |
| An Arbitrary File Upload in the Upload Image component in Sourcecodester Online Bike Rental v1.0 allows authenticated administrator to conduct remote code execution. | |||||
| CVE-2020-24199 | 1 Projectworlds | 1 Car Rental Project | 2020-09-10 | 7.5 HIGH | 9.8 CRITICAL |
| Arbitrary File Upload in the Vehicle Image Upload component in Project Worlds Car Rental Management System v1.0 allows attackers to conduct remote code execution. | |||||
| CVE-2019-7816 | 1 Adobe | 1 Coldfusion | 2020-09-04 | 10.0 HIGH | 9.8 CRITICAL |
| ColdFusion versions Update 2 and earlier, Update 9 and earlier, and Update 17 and earlier have a file upload restriction bypass vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2019-7838 | 1 Adobe | 1 Coldfusion | 2020-09-04 | 10.0 HIGH | 9.8 CRITICAL |
| ColdFusion versions Update 3 and earlier, Update 10 and earlier, and Update 18 and earlier have a file extension blacklist bypass vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2018-15961 | 1 Adobe | 1 Coldfusion | 2020-09-04 | 10.0 HIGH | 9.8 CRITICAL |
| Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have an unrestricted file upload vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2020-24202 | 1 Projectworlds | 1 House Rental And Property Listing Project | 2020-08-31 | 7.5 HIGH | 9.8 CRITICAL |
| File Upload component in Projects World House Rental v1.0 suffers from an arbitrary file upload vulnerability with regular users, which allows remote attackers to conduct code execution. | |||||
| CVE-2019-13294 | 1 Arox | 1 School-erp | 2020-08-24 | 10.0 HIGH | 9.8 CRITICAL |
| AROX School-ERP Pro has a command execution vulnerability. import_stud.php and upload_fille.php do not have session control. Therefore an unauthenticated user can execute a command on the system. | |||||
| CVE-2018-1000544 | 3 Debian, Redhat, Rubyzip Project | 3 Debian Linux, Cloudforms, Rubyzip | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| rubyzip gem rubyzip version 1.2.1 and earlier contains a Directory Traversal vulnerability in Zip::File component that can result in write arbitrary files to the filesystem. This attack appear to be exploitable via If a site allows uploading of .zip files , an attacker can upload a malicious file that contains symlinks or files with absolute pathnames "../" to write arbitrary files to the filesystem.. | |||||
| CVE-2019-16192 | 1 Doccms | 1 Doccms | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| upload_model() in /admini/controllers/system/managemodel.php in DocCms 2016.5.17 allow remote attackers to execute arbitrary PHP code through module management files, as demonstrated by a .php file in a ZIP archive. | |||||
| CVE-2019-7669 | 1 Primasystems | 1 Flexair | 2020-08-24 | 10.0 HIGH | 9.8 CRITICAL |
| Prima Systems FlexAir, Versions 2.3.38 and prior. Improper validation of file extensions when uploading files could allow a remote authenticated attacker to upload and execute malicious applications within the application’s web root with root privileges. | |||||
| CVE-2017-1000194 | 1 Octobercms | 1 October | 2020-08-03 | 7.5 HIGH | 9.8 CRITICAL |
| October CMS build 412 is vulnerable to Apache configuration modification via file upload functionality resulting in site compromise and possibly other applications on the server. | |||||
| CVE-2019-12409 | 2 Apache, Linux | 2 Solr, Linux Kernel | 2020-07-23 | 7.5 HIGH | 9.8 CRITICAL |
| The 8.1.1 and 8.2.0 releases of Apache Solr contain an insecure setting for the ENABLE_REMOTE_JMX_OPTS configuration option in the default solr.in.sh configuration file shipping with Solr. If you use the default solr.in.sh file from the affected releases, then JMX monitoring will be enabled and exposed on RMI_PORT (default=18983), without any authentication. If this port is opened for inbound traffic in your firewall, then anyone with network access to your Solr nodes will be able to access JMX, which may in turn allow them to upload malicious code for execution on the Solr server. | |||||
| CVE-2019-7268 | 1 Nortekcontrol | 4 Linear Emerge 5000p, Linear Emerge 5000p Firmware, Linear Emerge 50p and 1 more | 2020-07-02 | 10.0 HIGH | 10.0 CRITICAL |
| Linear eMerge 50P/5000P devices allow Unauthenticated File Upload. | |||||
| CVE-2020-14067 | 1 Naviwebs | 1 Navigatecms | 2020-06-17 | 7.5 HIGH | 9.8 CRITICAL |
| The install_from_hash functionality in Navigate CMS 2.9 does not consider the .phtml extension when examining files within a ZIP archive that may contain PHP code, in check_upload in lib/packages/extensions/extension.class.php and lib/packages/themes/theme.class.php. | |||||
| CVE-2020-12800 | 1 Codedropz | 1 Drag And Drop Multiple File Upload - Contact Form 7 | 2020-06-11 | 7.5 HIGH | 9.8 CRITICAL |
| The drag-and-drop-multiple-file-upload-contact-form-7 plugin before 1.3.3.3 for WordPress allows Unrestricted File Upload and remote code execution by setting supported_type to php% and uploading a .php% file. | |||||
| CVE-2018-21244 | 1 Foxitsoftware | 1 Phantompdf | 2020-06-09 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Foxit PhantomPDF before 8.3.6. It allows arbitrary application execution via an embedded executable file in a PDF portfolio, aka FG-VD-18-029. | |||||
| CVE-2020-12828 | 1 Pango | 1 Virtual Private Network Software Development Kit | 2020-06-02 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered in AnchorFree VPN SDK before 1.3.3.218. The VPN SDK service takes certain executable locations over a socket bound to localhost. Binding to the socket and providing a path where a malicious executable file resides leads to executing the malicious executable file with SYSTEM privileges. | |||||
| CVE-2018-19355 | 2 Mypresta, Prestashop | 2 Customer Files Upload, Prestashop | 2020-06-02 | 7.5 HIGH | 9.8 CRITICAL |
| modules/orderfiles/ajax/upload.php in the Customer Files Upload addon 2018-08-01 for PrestaShop (1.5 through 1.7) allows remote attackers to execute arbitrary code by uploading a php file via modules/orderfiles/upload.php with auptype equal to product (for upload destinations under modules/productfiles), order (for upload destinations under modules/files), or cart (for upload destinations under modules/cartfiles). | |||||
| CVE-2020-1112 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2020-05-29 | 9.0 HIGH | 9.9 CRITICAL |
| An elevation of privilege vulnerability exists when the Windows Background Intelligent Transfer Service (BITS) IIS module improperly handles uploaded content, aka 'Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability'. | |||||
| CVE-2020-13442 | 1 Dext5 | 1 Dext5 | 2020-05-27 | 7.5 HIGH | 9.8 CRITICAL |
| A Remote code execution vulnerability exists in DEXT5Upload in DEXT5 through 2.7.1402870. An attacker can upload a PHP file via dext5handler.jsp handler because the uploaded file is stored under dext5uploadeddata/. | |||||
| CVE-2020-13126 | 1 Elementor | 1 Elementor Page Builder | 2020-05-18 | 6.5 MEDIUM | 9.9 CRITICAL |
| An issue was discovered in the Elementor Pro plugin before 2.9.4 for WordPress, as exploited in the wild in May 2020 in conjunction with CVE-2020-13125. An attacker with the Subscriber role can upload arbitrary executable files to achieve remote code execution. NOTE: the free Elementor plugin is unaffected. | |||||
| CVE-2017-15990 | 1 Savsofteproducts | 1 Phpinventory | 2020-05-06 | 7.5 HIGH | 9.8 CRITICAL |
| Php Inventory & Invoice Management System allows Arbitrary File Upload via dashboard/edit_myaccountdetail/. | |||||
| CVE-2020-11817 | 1 Rukovoditel | 1 Rukovoditel | 2020-05-05 | 6.8 MEDIUM | 9.8 CRITICAL |
| In Rukovoditel V2.5.2, attackers can upload an arbitrary file to the server just changing the the content-type value. As a result of that, an attacker can execute a command on the server. This specific attack only occurs with the Maintenance Mode setting. | |||||
| CVE-2020-10507 | 1 The School Manage System Project | 1 The School Manage System | 2020-04-30 | 7.5 HIGH | 9.8 CRITICAL |
| The School Manage System before 2020, developed by ALLE INFORMATION CO., LTD., contains a vulnerability of Unrestricted file upload (RCE) , that would allow attackers to gain access in the hosting machine. | |||||
| CVE-2020-7055 | 1 Elementor | 1 Elementor Page Builder | 2020-04-28 | 9.0 HIGH | 9.9 CRITICAL |
| An issue was discovered in Elementor 2.7.4. Arbitrary file upload is possible in the Elementor Import Templates function, allowing an attacker to execute code via a crafted ZIP archive. | |||||
| CVE-2020-11722 | 1 Dungeon Crawl Stone Soup Project | 1 Dungeon Crawl Stone Soup | 2020-04-25 | 7.5 HIGH | 9.8 CRITICAL |
| Dungeon Crawl Stone Soup (aka DCSS or crawl) before 0.25 allows remote attackers to execute arbitrary code via Lua bytecode embedded in an uploaded .crawlrc file. | |||||
| CVE-2020-11815 | 1 Rukovoditel | 1 Rukovoditel | 2020-04-23 | 6.8 MEDIUM | 9.8 CRITICAL |
| In Rukovoditel 2.5.2, attackers can upload arbitrary file to the server by just changing the content-type value. As a result of that, an attacker can execute a command on the server. This specific attack only occurs without the Maintenance Mode setting. | |||||
| CVE-2020-11811 | 1 Qdpm | 1 Qdpm | 2020-04-22 | 10.0 HIGH | 9.8 CRITICAL |
| In qdPM 9.1, an attacker can upload a malicious .php file to the server by exploiting the Add Profile Photo capability with a crafted content-type value. After that, the attacker can execute an arbitrary command on the server using this malicious file. | |||||
| CVE-2020-10621 | 1 Advantech | 1 Webaccess\/nms | 2020-04-10 | 10.0 HIGH | 9.8 CRITICAL |
| Multiple issues exist that allow files to be uploaded and executed on the WebAccess/NMS (versions prior to 3.0.2). | |||||
| CVE-2020-6008 | 1 Lifterlms | 1 Lifterlms | 2020-04-01 | 7.5 HIGH | 9.8 CRITICAL |
| LifterLMS Wordpress plugin version below 3.37.15 is vulnerable to arbitrary file write leading to remote code execution | |||||
| CVE-2020-10964 | 2 Microsoft, S9y | 2 Windows, Serendipity | 2020-03-27 | 7.5 HIGH | 9.8 CRITICAL |
| Serendipity before 2.3.4 on Windows allows remote attackers to execute arbitrary code because the filename of a renamed file may end with a dot. This file may then be renamed to have a .php filename. | |||||
| CVE-2020-10806 | 1 Ez | 2 Ez Publish-kernel, Ez Publish-legacy | 2020-03-25 | 7.5 HIGH | 9.8 CRITICAL |
| eZ Publish Kernel before 5.4.14.1, 6.x before 6.13.6.2, and 7.x before 7.5.6.2 and eZ Publish Legacy before 5.4.14.1, 2017 before 2017.12.7.2, and 2019 before 2019.03.4.2 allow remote attackers to execute arbitrary code by uploading PHP code, unless the vhost configuration permits only app.php execution. | |||||