Search
Total
736 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-18771 | 1 Lulucms | 1 Lulu Cms | 2018-12-11 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in LuLu CMS through 2015-05-14. backend\modules\filemanager\controllers\DefaultController.php allows arbitrary file upload by entering a filename, directory name, and PHP code into the three text input fields. | |||||
| CVE-2018-17139 | 1 Ultimatefosters | 1 Ultimatepos | 2018-11-29 | 6.5 MEDIUM | 8.8 HIGH |
| UltimatePOS 2.5 allows users to upload arbitrary files, which leads to remote command execution by posting to a /products URI with PHP code in a .php file with the image/jpeg content type. | |||||
| CVE-2018-16796 | 1 Hiscout | 1 Grc Suite | 2018-11-25 | 9.0 HIGH | 8.8 HIGH |
| HiScout GRC Suite before 3.1.5 allows Unrestricted Upload of Files with Dangerous Types. | |||||
| CVE-2018-18086 | 1 Phome | 1 Empirecms | 2018-11-25 | 6.5 MEDIUM | 8.8 HIGH |
| EmpireCMS v7.5 has an arbitrary file upload vulnerability in the LoadInMod function in e/class/moddofun.php, exploitable by logged-in users. | |||||
| CVE-2018-17442 | 1 D-link | 1 Central Wifimanager | 2018-11-23 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. An unrestricted file upload vulnerability in the onUploadLogPic endpoint allows remote authenticated users to execute arbitrary PHP code. | |||||
| CVE-2018-17553 | 1 Naviwebs | 1 Navigate Cms | 2018-11-19 | 6.5 MEDIUM | 8.8 HIGH |
| An "Unrestricted Upload of File with Dangerous Type" issue with directory traversal in navigate_upload.php in Naviwebs Navigate CMS 2.8 allows authenticated attackers to achieve remote code execution via a POST request with engine=picnik and id=../../../navigate_info.php. | |||||
| CVE-2018-16388 | 1 E107 | 1 E107 | 2018-11-02 | 6.5 MEDIUM | 7.2 HIGH |
| e107_web/js/plupload/upload.php in e107 2.1.8 allows remote attackers to execute arbitrary PHP code by uploading a .php filename with the image/jpeg content type. | |||||
| CVE-2018-1000658 | 1 Limesurvey | 1 Limesurvey | 2018-10-26 | 6.5 MEDIUM | 8.8 HIGH |
| LimeSurvey version prior to 3.14.4 contains a file upload vulnerability in upload functionality that can result in an attacker gaining code execution via webshell. This attack appear to be exploitable via an authenticated user uploading a zip archive which can contains malicious php files that can be called under certain circumstances. This vulnerability appears to have been fixed in after commit 91d143230eb357260a19c8424b3005deb49a47f7 / version 3.14.4. | |||||
| CVE-2018-1000646 | 1 Librehealth | 1 Librehealth Ehr | 2018-10-16 | 6.5 MEDIUM | 8.8 HIGH |
| LibreHealthIO LH-EHR version REL-2.0.0 contains an Authenticated Unrestricted File Write vulnerability in Import template that can result in write files with malicious content and may lead to remote code execution. | |||||
| CVE-2018-12256 | 1 Litecart | 1 Litecart | 2018-10-12 | 6.5 MEDIUM | 8.8 HIGH |
| admin/vqmods.app/vqmods.inc.php in LiteCart before 2.1.3 allows remote authenticated attackers to upload a malicious file (resulting in remote code execution) by using the text/xml or application/xml Content-Type in a public_html/admin/?app=vqmods&doc=vqmods request. | |||||
| CVE-2018-14857 | 1 Ocsinventory-ng | 1 Ocs Inventory Server | 2018-10-10 | 6.5 MEDIUM | 8.8 HIGH |
| Unrestricted file upload (with remote code execution) in require/mail/NotificationMail.php in Webconsole in OCS Inventory NG OCS Inventory Server through 2.5 allows a privileged user to gain access to the server via a template file containing PHP code, because file extensions other than .html are permitted. | |||||
| CVE-2018-14911 | 1 Ukcms | 1 Ukcms | 2018-10-10 | 6.5 MEDIUM | 7.2 HIGH |
| A file upload vulnerability exists in ukcms v1.1.7 and earlier. The vulnerability is due to the system not strictly filtering the file upload type. An attacker can exploit the vulnerability to upload a script Trojan to admin.php/admin/configset/index/group/upload.html to gain server control by composing a request for a .txt upload and then changing it to a .php upload. The attacker must have admin access to change the upload_file_ext (aka "Allow upload file suffix") setting, and must use "php,php" in this setting to bypass the "php" restriction. | |||||
| CVE-2018-14028 | 1 Wordpress | 1 Wordpress | 2018-10-10 | 6.5 MEDIUM | 7.2 HIGH |
| In WordPress 4.9.7, plugins uploaded via the admin area are not verified as being ZIP files. This allows for PHP files to be uploaded. Once a PHP file is uploaded, the plugin extraction fails, but the PHP file remains in a predictable wp-content/uploads location, allowing for an attacker to then execute the file. This represents a security risk in limited scenarios where an attacker (who does have the required capabilities for plugin uploads) cannot simply place arbitrary PHP code into a valid plugin ZIP file and upload that plugin, because a machine's wp-content/plugins directory permissions were set up to block all new plugins. | |||||
| CVE-2015-7571 | 1 Yeager | 1 Yeager Cms | 2018-10-09 | 6.8 MEDIUM | 7.8 HIGH |
| Unrestricted file upload vulnerability in Yeager CMS 1.2.1 allows remote attackers to execute arbitrary code by uploading a file with an executable extension. | |||||
| CVE-2018-12940 | 1 Seeddms | 1 Seeddms | 2018-10-01 | 6.5 MEDIUM | 8.8 HIGH |
| Unrestricted file upload vulnerability in "op/op.UploadChunks.php" in SeedDMS (formerly LetoDMS and MyDMS) before 5.1.8 allows remote attackers to execute arbitrary code by uploading a file with an executable extension specified by the "qqfile" parameter. This allows an authenticated attacker to upload a malicious file containing PHP code to execute operating system commands to the web root of the application. | |||||
| CVE-2018-14570 | 1 Niushop | 1 B2b2c Multi-business | 2018-09-20 | 6.5 MEDIUM | 8.8 HIGH |
| A file upload vulnerability in application/shop/controller/member.php in Niushop B2B2C Multi-business basic version V1.11 allows any remote member to upload a .php file to the web server via a profile avatar field, by using an image Content-Type (e.g., image/jpeg) with a modified filename and file content. This results in arbitrary code execution by requesting that .php file. | |||||
| CVE-2018-10577 | 1 Watchguard | 8 Ap100, Ap100 Firmware, Ap102 and 5 more | 2018-09-16 | 9.0 HIGH | 8.8 HIGH |
| An issue was discovered on WatchGuard AP100, AP102, and AP200 devices with firmware before 1.2.9.15, and AP300 devices with firmware before 2.0.0.10. File upload functionality allows any users authenticated on the web interface to upload files containing code to the web root, allowing these files to be executed as root. | |||||
| CVE-2018-1000619 | 1 Ovidentia | 1 Ovidentia | 2018-09-11 | 6.5 MEDIUM | 8.8 HIGH |
| Ovidentia version 8.4.3 and earlier contains a Unsanitized User Input vulnerability in utilit.php, bab_getAddonFilePathfromTg that can result in Authenticated Remote Code Execution. This attack appear to be exploitable via The attacker must have permission to upload addons. | |||||
| CVE-2017-16251 | 1 Mitel | 1 St14.2 | 2018-09-07 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability in the conferencing component of Mitel ST 14.2, release GA28 and earlier, could allow an authenticated user to upload a malicious script to the Personal Library by a crafted POST request. Successful exploit could allow an attacker to execute arbitrary code within the context of the application. | |||||
| CVE-2018-12528 | 1 Intex | 2 N150, N150 Firmware | 2018-09-05 | 7.5 HIGH | 8.1 HIGH |
| An issue was discovered on Intex N150 devices. The backup/restore option does not check the file extension uploaded for importing a configuration files backup, which can lead to corrupting the router firmware settings or even the uploading of malicious files. In order to exploit the vulnerability, an attacker can upload any malicious file and force reboot the router with it. | |||||
| CVE-2018-11638 | 1 Dialogic | 1 Powermedia Xms | 2018-09-05 | 9.0 HIGH | 7.2 HIGH |
| Unrestricted Upload of a File with a Dangerous Type in the administrative console in Dialogic PowerMedia XMS through 3.5 allows remote authenticated users to upload malicious code to the web root to gain code execution. | |||||
| CVE-2018-13024 | 1 Metinfo | 1 Metinfo | 2018-08-24 | 6.5 MEDIUM | 7.2 HIGH |
| Metinfo v6.0.0 allows remote attackers to write code into a .php file, and execute that code, via the module parameter to admin/column/save.php in an editor upload action. | |||||
| CVE-2018-13021 | 1 Hongcms Project | 1 Hongcms | 2018-08-21 | 9.0 HIGH | 7.2 HIGH |
| An issue was discovered in HongCMS 3.0.0. There is an Arbitrary Script File Upload issue that can result in PHP code execution via the admin/index.php/template/upload URI. | |||||
| CVE-2018-12519 | 1 Codenx | 1 Shopnx | 2018-08-13 | 4.0 MEDIUM | 8.8 HIGH |
| An issue was discovered in ShopNx through 2017-11-17. The vulnerability allows a remote attacker to upload any malicious file to a Node.js application. An attacker can upload a malicious HTML file that contains a JavaScript payload to steal a user's credentials. | |||||
| CVE-2018-11196 | 1 Mahara | 1 Mahara | 2018-07-03 | 5.0 MEDIUM | 7.5 HIGH |
| Mahara 17.04 before 17.04.8 and 17.10 before 17.10.5 and 18.04 before 18.04.1 can be used as medium to transmit viruses by placing infected files into a Leap2A archive and uploading that to Mahara. In contrast to other ZIP files that are uploaded, ClamAV (when activated) does not check Leap2A archives for viruses, allowing malicious files to be available for download. While files cannot be executed on Mahara itself, Mahara can be used to transfer such files to user computers. | |||||
| CVE-2018-11494 | 1 Opencart | 1 Opencart | 2018-06-29 | 6.0 MEDIUM | 8.0 HIGH |
| The "program extension upload" feature in OpenCart through 3.0.2.0 has a six-step process (upload, install, unzip, move, xml, remove) that allows attackers to execute arbitrary code if the remove step is skipped, because the attacker can discover a secret temporary directory name (containing 10 random digits) via a directory traversal attack involving language_info['code']. | |||||
| CVE-2018-11514 | 1 Naukri Clone Script Project | 1 Naukri Clone Script | 2018-06-28 | 6.5 MEDIUM | 8.8 HIGH |
| PHP Scripts Mall Naukri Clone Script through 3.0.3 allows Unrestricted Upload of a File with a Dangerous Type in edit_resume_det.php, as demonstrated by changing .docx to .php. | |||||
| CVE-2018-11322 | 1 Joomla | 1 Joomla\! | 2018-06-22 | 6.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Joomla! Core before 3.8.8. Depending on the server configuration, PHAR files might be handled as executable PHP scripts by the webserver. | |||||
| CVE-2018-0568 | 1 Sitebridge | 1 Joruri Gw | 2018-06-19 | 6.5 MEDIUM | 8.8 HIGH |
| Unrestricted file upload vulnerability in SiteBridge Inc. Joruri Gw Ver 3.2.0 and earlier allows remote authenticated users to execute arbitrary PHP code via unspecified vectors. | |||||
| CVE-2018-11098 | 1 Frog Cms Project | 1 Frog Cms | 2018-06-19 | 6.5 MEDIUM | 7.2 HIGH |
| An issue was discovered in Frog CMS 0.9.5. There is a file upload vulnerability via the admin/?/plugin/file_manager/upload URI, a similar issue to CVE-2014-4912. | |||||
| CVE-2018-10760 | 1 Projectpier | 1 Projectpier | 2018-06-19 | 6.5 MEDIUM | 8.8 HIGH |
| Unrestricted file upload vulnerability in the Files plugin in ProjectPier 0.88 and earlier allows remote authenticated users to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a direct request to the file in the tmp directory under the document root. | |||||
| CVE-2018-10795 | 1 Liferay | 1 Liferay Portal | 2018-06-13 | 6.5 MEDIUM | 8.8 HIGH |
| ** DISPUTED ** Liferay 6.2.x and before has an FCKeditor configuration that allows an attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment via a browser/liferay/browser.html?Type= or html/js/editor/fckeditor/editor/filemanager/browser/liferay/browser.html URI. NOTE: the vendor disputes this issue because file upload is an expected feature, subject to Role Based Access Control checks where only authenticated users with proper permissions can upload files. | |||||
| CVE-2018-9153 | 1 Zblogcn | 1 Z-blogphp | 2018-05-23 | 6.5 MEDIUM | 7.2 HIGH |
| The plugin upload component in Z-BlogPHP 1.5.1 allows remote attackers to execute arbitrary PHP code via the app_id parameter to zb_users/plugin/AppCentre/plugin_edit.php because of an unanchored regular expression, a different vulnerability than CVE-2018-8893. The component must be accessed directly by an administrator, or through CSRF. | |||||
| CVE-2018-10173 | 1 Digitalguardian | 1 Management Console | 2018-05-22 | 9.0 HIGH | 8.8 HIGH |
| Digital Guardian Management Console 7.1.2.0015 allows authenticated remote code execution because of Arbitrary File Upload functionality. | |||||
| CVE-2018-9037 | 1 Monstra | 1 Monstra | 2018-05-17 | 6.5 MEDIUM | 8.8 HIGH |
| Monstra CMS 3.0.4 allows remote code execution via an upload_file request for a .zip file, which is automatically extracted and may contain .php files. | |||||
| CVE-2018-9157 | 1 Axis | 2 M1033-w, M1033-w Firmware | 2018-05-15 | 7.6 HIGH | 7.5 HIGH |
| ** DISPUTED ** An issue was discovered on AXIS M1033-W (IP camera) Firmware version 5.40.5.1 devices. The upload web page doesn't verify the file type, and an attacker can upload a webshell by making a fileUpload.shtml request for a custom .shtml file, which is interpreted by the Apache HTTP Server mod_include module with "<!--#exec cmd=" support. The file needs to include a specific string to meet the internal system architecture. After the webshell upload, an attacker can use the webshell to perform remote code execution such as running a system command (ls, ping, cat /etc/passwd, etc.). NOTE: the vendor reportedly indicates that this is an intended feature or functionality. | |||||
| CVE-2018-9156 | 1 Axis | 2 P1354, P1354 Firmware | 2018-05-15 | 7.6 HIGH | 7.5 HIGH |
| ** DISPUTED ** An issue was discovered on AXIS P1354 (IP camera) Firmware version 5.90.1.1 devices. The upload web page doesn't verify the file type, and an attacker can upload a webshell by making a fileUpload.shtml request for a custom .shtml file, which is interpreted by the Apache HTTP Server mod_include module with "<!--#exec cmd=" support. The file needs to include a specific string to meet the internal system architecture. After the webshell upload, an attacker can use the webshell to perform remote code execution such as running a system command (ls, ping, cat /etc/passwd, etc.). NOTE: the vendor reportedly indicates that this is an intended feature or functionality. | |||||
| CVE-2018-7562 | 1 Glpi-project | 1 Glpi | 2018-04-11 | 6.0 MEDIUM | 7.5 HIGH |
| A remote code execution issue was discovered in GLPI through 9.2.1. There is a race condition that allows temporary access to an uploaded executable file that will be disallowed. The application allows an authenticated user to upload a file when he/she creates a new ticket via front/fileupload.php. This feature is protected using different types of security features like the check on the file's extension. However, the application uploads and creates a file, though this file is not allowed, and then deletes the file in the uploadFiles method in inc/glpiuploaderhandler.class.php. | |||||
| CVE-2016-1713 | 1 Vtiger | 1 Vtiger Crm | 2018-04-02 | 8.5 HIGH | 7.3 HIGH |
| Unrestricted file upload vulnerability in the Settings_Vtiger_CompanyDetailsSave_Action class in modules/Settings/Vtiger/actions/CompanyDetailsSave.php in Vtiger CRM 6.4.0 allows remote authenticated users to execute arbitrary code by uploading a crafted image file with an executable extension, then accessing it via a direct request to the file in test/logo/. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-6000. | |||||
| CVE-2018-7567 | 1 Otrs | 1 Otrs | 2018-03-29 | 9.0 HIGH | 7.2 HIGH |
| ** DISPUTED ** In the Admin Package Manager in Open Ticket Request System (OTRS) 5.0.0 through 5.0.24 and 6.0.0 through 6.0.1, authenticated admins are able to exploit a Blind Remote Code Execution vulnerability by loading a crafted opm file with an embedded CodeInstall element to execute a command on the server during package installation. NOTE: the vendor disputes this issue stating "the behaviour is as designed and needed for different packages to be installed", "there is a security warning if the package is not verified by OTRS Group", and "there is the possibility and responsibility of an admin to check packages before installation which is possible as they are not binary." | |||||
| CVE-2018-1215 | 1 Dell | 4 Emc Solutions Enabler Virtual Appliance, Emc Unisphere For Vmax Virtual Appliance, Emc Vasa Virtual Appliance and 1 more | 2018-03-29 | 9.0 HIGH | 8.8 HIGH |
| An arbitrary file upload vulnerability was discovered in vApp Manager which is embedded in Dell EMC Unisphere for VMAX, Dell EMC Solutions Enabler, Dell EMC VASA Virtual Appliances, and Dell EMC VMAX Embedded Management (eManagement): Dell EMC Unisphere for VMAX Virtual Appliance versions prior to 8.4.0.18, Dell EMC Solutions Enabler Virtual Appliance versions prior to 8.4.0.21, Dell EMC VASA Virtual Appliance versions prior to 8.4.0.514, and Dell EMC VMAX Embedded Management (eManagement) versions prior to and including 1.4 (Enginuity Release 5977.1125.1125 and earlier). A remote authenticated malicious user may potentially upload arbitrary maliciously crafted files in any location on the web server. By chaining this vulnerability with CVE-2018-1216, the attacker may use the default account to exploit this vulnerability. | |||||
| CVE-2018-7217 | 1 Tejari | 1 Bravo Solution | 2018-03-18 | 6.5 MEDIUM | 8.8 HIGH |
| In Bravo Tejari Procurement Portal, uploaded files are not properly validated by the application either on the client or the server side. An attacker can take advantage of this vulnerability and upload malicious executable files to compromise the application, as demonstrated by an esop/evm/OPPreliminaryForms.do?formId=857 request. | |||||
| CVE-2017-9970 | 1 Schneider-electric | 1 Struxureon Gateway | 2018-03-09 | 9.0 HIGH | 7.2 HIGH |
| A remote code execution vulnerability exists in Schneider Electric's StruxureOn Gateway versions 1.1.3 and prior. Uploading a zip which contains carefully crafted metadata allows for the file to be uploaded to any directory on the host machine information which could lead to remote code execution. | |||||
| CVE-2017-1499 | 1 Ibm | 2 Maximo Asset Management, Maximo Asset Management Essentials | 2018-03-09 | 6.5 MEDIUM | 8.8 HIGH |
| IBM Maximo Asset Management 7.5 and 7.6 could allow a remote attacker to include arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable Web server. IBM X-Force ID: 129106. | |||||
| CVE-2016-8515 | 1 Hp | 1 Version Control Repository Manager | 2018-03-06 | 6.5 MEDIUM | 8.8 HIGH |
| A remote malicious file upload vulnerability in HPE Version Control Repository Manager (VCRM) was found. The problem impacts all versions prior to 7.6. | |||||
| CVE-2016-7452 | 1 Exponentcms | 1 Exponent Cms | 2018-02-27 | 5.0 MEDIUM | 7.5 HIGH |
| The Pixidou Image Editor in Exponent CMS prior to v2.3.9 patch 2 could be used to upload a malicious file to any folder on the site via a cpi directory traversal. | |||||
| CVE-2017-18048 | 1 Monstra | 1 Monstra | 2018-02-08 | 6.5 MEDIUM | 8.8 HIGH |
| Monstra CMS 3.0.4 allows users to upload arbitrary files, which leads to remote command execution on the server, for example because .php (lowercase) is blocked but .PHP (uppercase) is not. | |||||
| CVE-2017-15549 | 1 Emc | 3 Avamar Server, Integrated Data Protection Appliance, Networker | 2018-01-18 | 9.0 HIGH | 8.8 HIGH |
| An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x; and EMC Integrated Data Protection Appliance 2.0. A remote authenticated malicious user with low privileges could potentially upload arbitrary maliciously crafted files in any location on the server file system. | |||||
| CVE-2017-17874 | 1 Vanguard Project | 1 Marketplace Digital Products Php | 2018-01-11 | 6.5 MEDIUM | 8.8 HIGH |
| Vanguard Marketplace Digital Products PHP 1.4 allows arbitrary file upload via an "Add a new product" or "Add a product preview" action, which can make a .php file accessible under a uploads/ URI. | |||||
| CVE-2017-17987 | 1 Muslim Matrimonial Script Project | 1 Muslim Matrimonial Script | 2018-01-09 | 6.5 MEDIUM | 7.2 HIGH |
| PHP Scripts Mall Muslim Matrimonial Script allows arbitrary file upload via admin/mydetails_edit.php. | |||||