Search
Total
736 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-10758 | 1 Phpkit | 1 Phpkit | 2019-05-29 | 6.5 MEDIUM | 8.8 HIGH |
| PHPKIT 1.6.6 allows arbitrary File Upload, as demonstrated by a .php file to pkinc/admin/mediaarchive.php and pkinc/func/default.php via the image_name parameter. | |||||
| CVE-2018-19612 | 1 Westermo | 6 Dr-250, Dr-250 Firmware, Dr-260 and 3 more | 2019-05-28 | 6.5 MEDIUM | 8.8 HIGH |
| The /uploadfile? functionality in Westermo DR-250 Pre-5162 and DR-260 Pre-5162 routers allows remote users to upload malicious file types and execute ASP code. | |||||
| CVE-2018-19550 | 1 Interspire | 1 Email Marketer | 2019-05-23 | 6.5 MEDIUM | 8.8 HIGH |
| Interspire Email Marketer through 6.1.6 allows arbitrary file upload via a surveys_submit.php "create survey and submit survey" operation, which can cause a .php file to be accessible under a admin/temp/surveys/ URI. | |||||
| CVE-2018-4063 | 1 Sierrawireless | 2 Airlink Es450, Airlink Es450 Firmware | 2019-05-07 | 9.0 HIGH | 8.8 HIGH |
| An exploitable remote code execution vulnerability exists in the upload.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can upload a file, resulting in executable code being uploaded, and routable, to the webserver. An attacker can make an authenticated HTTP request to trigger this vulnerability. | |||||
| CVE-2019-11028 | 1 Gatship | 1 Web Module | 2019-05-03 | 6.5 MEDIUM | 8.8 HIGH |
| GAT-Ship Web Module before 1.40 suffers from a vulnerability allowing authenticated attackers to upload any file type to the server via the "Documents" area. This vulnerability is related to "uploadDocFile.aspx". | |||||
| CVE-2019-11615 | 1 Doorgets | 1 Doorgets Cms | 2019-05-01 | 6.5 MEDIUM | 8.8 HIGH |
| /fileman/php/upload.php in doorGets 7.0 has an arbitrary file upload vulnerability. A remote normal registered user can use this vulnerability to upload backdoor files to control the server. | |||||
| CVE-2019-11568 | 1 Aikcms | 1 Aikcms | 2019-04-29 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in AikCms v2.0. There is a File upload vulnerability, as demonstrated by an admin/page/system/nav.php request with PHP code in a .php file with the application/octet-stream content type. | |||||
| CVE-2017-14521 | 1 Wondercms | 1 Wondercms | 2019-04-26 | 6.5 MEDIUM | 8.8 HIGH |
| In WonderCMS 2.3.1, the upload functionality accepts random application extensions and leads to malicious File Upload. | |||||
| CVE-2019-11446 | 1 Atutor | 1 Atutor | 2019-04-26 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in ATutor through 2.2.4. It allows the user to run commands on the server with the teacher user privilege. The Upload Files section in the File Manager field contains an arbitrary file upload vulnerability via upload.php. The $IllegalExtensions value only lists lowercase (and thus .phP is a bypass), and omits .shtml and .phtml. | |||||
| CVE-2019-11401 | 1 Siteserver | 1 Siteserver Cms | 2019-04-24 | 6.5 MEDIUM | 7.2 HIGH |
| A issue was discovered in SiteServer CMS 6.9.0. It allows remote attackers to execute arbitrary code because an administrator can add the permitted file extension .aassp, which is converted to .asp because the "as" substring is deleted. | |||||
| CVE-2019-11445 | 1 Openkm | 1 Openkm | 2019-04-23 | 9.0 HIGH | 7.2 HIGH |
| OpenKM 6.3.2 through 6.3.7 allows an attacker to upload a malicious JSP file into the /okm:root directories and move that file to the home directory of the site, via frontend/FileUpload and admin/repository_export.jsp. This is achieved by interfering with the Filesystem path control in the admin's Export field. As a result, attackers can gain remote code execution through the application server with root privileges. | |||||
| CVE-2019-11377 | 1 Wcms | 1 Wcms | 2019-04-22 | 6.5 MEDIUM | 8.8 HIGH |
| wcms/wex/finder/action.php in WCMS v0.3.2 has a Arbitrary File Upload Vulnerability via developer/finder because .php is a valid extension according to the fm_get_text_exts function. | |||||
| CVE-2019-9042 | 1 Sitemagic | 1 Sitemagic Cms | 2019-04-16 | 6.5 MEDIUM | 7.2 HIGH |
| ** DISPUTED ** An issue was discovered in Sitemagic CMS v4.4. In the index.php?SMExt=SMFiles URI, the user can upload a .php file to execute arbitrary code, as demonstrated by 404.php. This can only occur if the administrator neglects to set FileExtensionFilter and there are untrusted user accounts. NOTE: The maintainer states that this is not a vulnerability but a feature used in conjunction with External Modules. | |||||
| CVE-2017-12615 | 2 Apache, Microsoft | 2 Tomcat, Windows | 2019-04-15 | 6.8 MEDIUM | 8.1 HIGH |
| When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server. | |||||
| CVE-2018-19453 | 1 Kentico | 1 Kentico Cms | 2019-04-11 | 6.8 MEDIUM | 8.8 HIGH |
| Kentico CMS before 11.0.45 allows unrestricted upload of a file with a dangerous type. | |||||
| CVE-2019-10478 | 1 Glory-global | 2 Rbw-100, Rbw-100 Firmware | 2019-04-09 | 9.0 HIGH | 7.2 HIGH |
| An issue was discovered on Glory RBW-100 devices with firmware ISP-K05-02 7.0.0. An unrestricted file upload vulnerability in the Front Circle Controller glytoolcgi/settingfile_upload.cgi allows attackers to upload supplied data. This can be used to place attacker controlled code on the filesystem that can be executed and can lead to a reverse root shell. | |||||
| CVE-2019-3489 | 1 Microfocus | 1 Content Manager | 2019-04-02 | 5.0 MEDIUM | 7.5 HIGH |
| An unauthenticated file upload vulnerability has been identified in the Web Client component of Micro Focus Content Manager 9.1, 9.2, and 9.3 when configured to use the ADFS authentication method. The vulnerability could be exploited by an unauthenticated remote attacker to upload content to arbitrary locations on the Content Manager server. | |||||
| CVE-2019-10652 | 1 Flatcore | 1 Flatcore | 2019-04-01 | 6.5 MEDIUM | 7.2 HIGH |
| An issue was discovered in flatCore 1.4.7. acp/acp.php allows remote authenticated administrators to upload arbitrary .php files, related to the addons feature. | |||||
| CVE-2018-11345 | 1 Asustor | 2 As6202t, As6202t Firmware | 2019-03-29 | 6.5 MEDIUM | 8.8 HIGH |
| An unrestricted file upload vulnerability in upload.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to upload supplied data via the POST parameter filename. This can be used to place attacker controlled code on the file system that can then be executed. Further, the filename parameter is vulnerable to path traversal and allows the attacker to place the file anywhere on the system. | |||||
| CVE-2018-11340 | 1 Asustor | 2 As6202t, As6202t Firmware | 2019-03-21 | 9.0 HIGH | 7.2 HIGH |
| An unrestricted file upload vulnerability in importuser.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to upload supplied data to a specified filename. This can be used to place attacker controlled code on the file system that is then executed. | |||||
| CVE-2018-1000094 | 1 Cmsmadesimple | 1 Cms Made Simple | 2019-03-19 | 6.5 MEDIUM | 7.2 HIGH |
| CMS Made Simple version 2.2.5 contains a Remote Code Execution vulnerability in File Manager that can result in Allows an authenticated admin that has access to the file manager to execute code on the server. This attack appear to be exploitable via File upload -> copy to any extension. | |||||
| CVE-2017-9080 | 1 Playsms | 1 Playsms | 2019-03-15 | 6.5 MEDIUM | 8.8 HIGH |
| PlaySMS 1.4 allows remote code execution because PHP code in the name of an uploaded .php file is executed. sendfromfile.php has a combination of Unrestricted File Upload and Code Injection. | |||||
| CVE-2017-6090 | 1 Phpcollab | 1 Phpcollab | 2019-03-13 | 6.5 MEDIUM | 8.8 HIGH |
| Unrestricted file upload vulnerability in clients/editclient.php in PhpCollab 2.5.1 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in logos_clients/. | |||||
| CVE-2018-17418 | 1 Monstra | 1 Monstra | 2019-03-08 | 6.5 MEDIUM | 7.2 HIGH |
| Monstra CMS 3.0.4 allows remote attackers to execute arbitrary PHP code via a mixed-case file extension, as demonstrated by the 123.PhP filename, because plugins\box\filesmanager\filesmanager.admin.php mishandles the forbidden_types variable. | |||||
| CVE-2019-9572 | 1 Schoolcms | 1 Schoolcms | 2019-03-08 | 6.5 MEDIUM | 7.2 HIGH |
| SchoolCMS version 2.3.1 allows file upload via the theme upload feature at admin.php?m=admin&c=theme&a=upload by using the .zip extension along with the _Static substring, changing the Content-Type to application/zip, and placing PHP code after the ZIP header. This ultimately allows execution of arbitrary PHP code in Public\Home\1_Static.php because of mishandling in the Application\Admin\Controller\ThemeController.class.php Upload() function. | |||||
| CVE-2019-9609 | 1 Ofcms Project | 1 Ofcms | 2019-03-07 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider (for example) file.jsp::$DATA to the admin/comn/service/editUploadImage URI. | |||||
| CVE-2019-9612 | 1 Ofcms Project | 1 Ofcms | 2019-03-07 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider (for example) file.jsp::$DATA to the admin/comn/service/upload URI. | |||||
| CVE-2019-9613 | 1 Ofcms Project | 1 Ofcms | 2019-03-07 | 6.5 MEDIUM | 7.2 HIGH |
| An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider (for example) file.jsp::$DATA to the admin/ueditor/uploadVideo URI. | |||||
| CVE-2019-9608 | 1 Ofcms Project | 1 Ofcms | 2019-03-07 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider (for example) file.jsp::$DATA to the admin/ueditor/uploadImage URI. | |||||
| CVE-2019-9617 | 1 Ofcms Project | 1 Ofcms | 2019-03-07 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider (for example) file.jsp::$DATA to the admin/ueditor/uploadFile URI. | |||||
| CVE-2018-20063 | 1 Gurock | 1 Testrail | 2019-02-27 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in Gurock TestRail 5.6.0.3853. An "Unrestricted Upload of File" vulnerability exists in the image-upload form (available in the description editor), allowing remote authenticated users to execute arbitrary code by uploading an image file with an executable extension but a safe Content-Type value, and then accessing it via a direct request to the file in the file-upload directory (if it's accessible according to the server configuration). | |||||
| CVE-2019-9181 | 1 Schoolcms | 1 Schoolcms | 2019-02-26 | 6.5 MEDIUM | 7.2 HIGH |
| SchoolCMS version 2.3.1 allows file upload via the logo upload feature at admin.php?m=admin&c=site&a=save by using the .jpg extension, changing the Content-Type to image/php, and placing PHP code after the JPEG data. This ultimately allows execution of arbitrary PHP code. | |||||
| CVE-2019-9050 | 1 Pluck-cms | 1 Pluck | 2019-02-25 | 6.5 MEDIUM | 7.2 HIGH |
| An issue was discovered in Pluck 4.7.9-dev1. It allows administrators to execute arbitrary code by using action=installmodule to upload a ZIP archive, which is then extracted and executed. | |||||
| CVE-2019-8933 | 1 Dedecms | 1 Dedecms | 2019-02-20 | 6.5 MEDIUM | 8.8 HIGH |
| In DedeCMS 5.7SP2, attackers can upload a .php file to the uploads/ directory (without being blocked by the Web Application Firewall), and then execute this file, via this sequence of steps: visiting the management page, clicking on the template, clicking on Default Template Management, clicking on New Template, and modifying the filename from ../index.html to ../index.php. | |||||
| CVE-2019-8433 | 1 Jtbc | 1 Jtbc Php | 2019-02-20 | 5.0 MEDIUM | 7.5 HIGH |
| JTBC(PHP) 3.0.1.8 allows Arbitrary File Upload via the console/#/console/file/manage.php?type=list URI, as demonstrated by a .php file. | |||||
| CVE-2019-8362 | 1 Dedecms | 1 Dedecms | 2019-02-20 | 5.0 MEDIUM | 7.5 HIGH |
| DedeCMS through V5.7SP2 allows arbitrary file upload in dede/album_edit.php or dede/album_add.php, as demonstrated by a dede/album_edit.php?dopost=save&formzip=1 request with a ZIP archive that contains a file such as "1.jpg.php" (because input validation only checks that .jpg, .png, or .gif is present as a substring, and does not otherwise check the file name or content). | |||||
| CVE-2019-7721 | 1 Nconsulting | 1 Nc-cms | 2019-02-11 | 5.0 MEDIUM | 7.5 HIGH |
| lib/NCCms.class.php in nc-cms 3.5 allows upload of .php files via the index.php?action=save name and editordata parameters. | |||||
| CVE-2018-1000839 | 1 Librehealth | 1 Librehealth Ehr | 2019-02-01 | 6.5 MEDIUM | 8.8 HIGH |
| LH-EHR version REL-2_0_0 contains a Arbitrary File Upload vulnerability in Profile picture upload that can result in Remote Code Execution. This attack appear to be exploitable via Uploading a PHP file with image MIME type. | |||||
| CVE-2018-15537 | 1 Ocsinventory-ng | 1 Ocsinventory Ng | 2019-01-31 | 6.5 MEDIUM | 8.8 HIGH |
| Unrestricted file upload (with remote code execution) in OCS Inventory NG ocsreports allows a privileged user to gain access to the server via crafted HTTP requests. | |||||
| CVE-2018-20166 | 1 Rukovoditel | 1 Rukovoditel | 2019-01-31 | 6.5 MEDIUM | 8.8 HIGH |
| A file-upload vulnerability exists in Rukovoditel 2.3.1. index.php?module=configuration/save allows the user to upload a background image, and mishandles extension checking. It accepts uploads of PHP content if the first few characters match GIF data, and the filename ends in ".php" with mixed case, such as the .pHp extension. | |||||
| CVE-2018-16169 | 1 Cybozu | 1 Remote Service Manager | 2019-01-14 | 6.5 MEDIUM | 8.8 HIGH |
| Cybozu Remote Service 3.0.0 to 3.1.0 allows remote authenticated attackers to upload and execute Java code file on the server via unspecified vectors. | |||||
| CVE-2018-18315 | 1 Mossle | 1 Lemon | 2019-01-11 | 5.0 MEDIUM | 7.5 HIGH |
| com/mossle/cdn/CdnController.java in lemon 1.9.0 allows attackers to upload arbitrary files because the copyMultipartFileToFile method in CdnUtils only checks for a ../ substring, and does not validate the file type and spaceName parameter. | |||||
| CVE-2018-1000811 | 1 Bludit | 1 Bludit | 2019-01-07 | 6.5 MEDIUM | 8.8 HIGH |
| bludit version 3.0.0 contains a Unrestricted Upload of File with Dangerous Type vulnerability in Content Upload in Pages Editor that can result in Remote Command Execution. This attack appear to be exploitable via malicious user have to upload a crafted payload containing PHP code. | |||||
| CVE-2018-19537 | 1 Tp-link | 2 Archer C5, Archer C5 Firmware | 2018-12-28 | 9.0 HIGH | 7.2 HIGH |
| TP-Link Archer C5 devices through V2_160201_US allow remote command execution via shell metacharacters on the wan_dyn_hostname line of a configuration file that is encrypted with the 478DA50BF9E3D2CF key and uploaded through the web GUI by using the web admin account. The default password of admin may be used in some cases. | |||||
| CVE-2018-19424 | 1 Clippercms | 1 Clippercms | 2018-12-27 | 6.5 MEDIUM | 7.2 HIGH |
| ClipperCMS 1.3.3 allows remote authenticated administrators to upload .htaccess files. | |||||
| CVE-2018-19562 | 1 Phpok | 1 Phpok | 2018-12-19 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in PHPok 4.9.015. admin.php?c=update&f=unzip allows remote attackers to execute arbitrary code via a "Login Background > Program Upgrade > Compressed Packet Upgrade" action in which a .php file is inside a ZIP archive. | |||||
| CVE-2018-19457 | 1 Logicspice | 1 Faq Script | 2018-12-18 | 6.5 MEDIUM | 7.2 HIGH |
| Logicspice FAQ Script 2.9.7 allows uploading arbitrary files, which leads to remote command execution via admin/faqs/faqimages with a .php file. | |||||
| CVE-2018-0686 | 1 Neo | 2 Debun Imap, Debun Pop | 2018-12-17 | 6.5 MEDIUM | 8.8 HIGH |
| Denbun by NEOJAPAN Inc. (Denbun POP version V3.3P R4.0 and earlier, Denbun IMAP version V3.3I R4.0 and earlier) allows remote authenticated attackers to upload and execute any executable files via unspecified vectors. | |||||
| CVE-2018-17055 | 1 Progress | 1 Sitefinity | 2018-12-12 | 5.0 MEDIUM | 7.5 HIGH |
| An arbitrary file upload vulnerability in Progress Sitefinity CMS versions 4.0 through 11.0 related to image uploads. | |||||
| CVE-2018-11392 | 1 Jigowatt | 1 Php Login \& User Management | 2018-12-11 | 6.5 MEDIUM | 8.8 HIGH |
| An arbitrary file upload vulnerability in /classes/profile.class.php in Jigowatt "PHP Login & User Management" before 4.1.1, as distributed in the Envato Market, allows any remote authenticated user to upload .php files to the web server via a profile avatar field. This results in arbitrary code execution by requesting the .php file. | |||||