Search
Total
1387 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-22392 | 1 Ibm | 1 Planning Analytics Workspace | 2022-05-05 | 6.8 MEDIUM | 7.8 HIGH |
| IBM Planning Analytics Local 2.0 could allow an attacker to upload arbitrary executable files which, when executed by an unsuspecting victim could result in code execution. IBM X-Force ID: 222066. | |||||
| CVE-2022-28525 | 1 Ed01-cms Project | 1 Ed01-cms | 2022-05-04 | 6.5 MEDIUM | 8.8 HIGH |
| ED01-CMS v20180505 was discovered to contain an arbitrary file upload vulnerability via /admin/users.php?source=edit_user&id=1. | |||||
| CVE-2021-39040 | 1 Ibm | 1 Planning Analytics Workspace | 2022-05-03 | 6.0 MEDIUM | 8.0 HIGH |
| IBM Planning Analytics Workspace 2.0 could be vulnerable to malicious file upload by not validating the file types or sizes. Attackers can make use of this weakness and upload malicious executable files into the system and it can be sent to victim for performing further attacks. IBM X-Force ID: 214025. | |||||
| CVE-2021-4225 | 2 Microsoft, Smartypantsplugins | 2 Windows, Sp Project \& Document Manager | 2022-05-03 | 6.5 MEDIUM | 8.8 HIGH |
| The SP Project & Document Manager WordPress plugin before 4.24 allows any authenticated users, such as subscribers, to upload files. The plugin attempts to prevent PHP and other similar files that could be executed on the server from being uploaded by checking the file extension. It was discovered that on Windows servers, the security checks in place were insufficient, enabling bad actors to potentially upload backdoors on vulnerable sites. | |||||
| CVE-2019-15813 | 1 Sentrifugo | 1 Sentrifugo | 2022-05-03 | 6.5 MEDIUM | 8.8 HIGH |
| Multiple file upload restriction bypass vulnerabilities in Sentrifugo 3.2 could allow authenticated users to execute arbitrary code via a webshell. | |||||
| CVE-2022-28440 | 1 Ucms Project | 1 Ucms | 2022-05-02 | 6.5 MEDIUM | 8.8 HIGH |
| An arbitrary file upload vulnerability in UCMS v1.6 allows attackers to execute arbitrary code via a crafted PHP file. | |||||
| CVE-2019-10869 | 1 Ninjaforms | 1 Ninja Forms File Uploads | 2022-05-02 | 6.8 MEDIUM | 8.1 HIGH |
| Path Traversal and Unrestricted File Upload exists in the Ninja Forms plugin before 3.0.23 for WordPress (when the Uploads add-on is activated). This allows an attacker to traverse the file system to access files and execute code via the includes/fields/upload.php (aka upload/submit page) name and tmp_name parameters. | |||||
| CVE-2022-24262 | 1 Voipmonitor | 1 Voipmonitor | 2022-04-30 | 6.5 MEDIUM | 8.8 HIGH |
| The config restore function of Voipmonitor GUI before v24.96 does not properly check files sent as restore archives, allowing remote attackers to execute arbitrary commands via a crafted file in the web root. | |||||
| CVE-2021-30118 | 1 Kaseya | 1 Vsa | 2022-04-29 | 10.0 HIGH | 9.8 CRITICAL |
| An attacker can upload files with the privilege of the Web Server process for Kaseya VSA Unified Remote Monitoring & Management (RMM) 9.5.4.2149 and subsequently use these files to execute asp commands The api /SystemTab/uploader.aspx is vulnerable to an unauthenticated arbitrary file upload leading to RCE. An attacker can upload files with the privilege of the Web Server process and subsequently use these files to execute asp commands. Detailed description --- Given the following request: ``` POST /SystemTab/uploader.aspx?Filename=shellz.aspx&PathData=C%3A%5CKaseya%5CWebPages%5C&__RequestValidationToken=ac1906a5-d511-47e3-8500-47cc4b0ec219&qqfile=shellz.aspx HTTP/1.1 Host: 192.168.1.194 Cookie: sessionId=92812726; %5F%5FRequestValidationToken=ac1906a5%2Dd511%2D47e3%2D8500%2D47cc4b0ec219 Content-Length: 12 <%@ Page Language="C#" Debug="true" validateRequest="false" %> <%@ Import namespace="System.Web.UI.WebControls" %> <%@ Import namespace="System.Diagnostics" %> <%@ Import namespace="System.IO" %> <%@ Import namespace="System" %> <%@ Import namespace="System.Data" %> <%@ Import namespace="System.Data.SqlClient" %> <%@ Import namespace="System.Security.AccessControl" %> <%@ Import namespace="System.Security.Principal" %> <%@ Import namespace="System.Collections.Generic" %> <%@ Import namespace="System.Collections" %> <script runat="server"> private const string password = "pass"; // The password ( pass ) private const string style = "dark"; // The style ( light / dark ) protected void Page_Load(object sender, EventArgs e) { //this.Remote(password); this.Login(password); this.Style(); this.ServerInfo(); <snip> ``` The attacker can control the name of the file written via the qqfile parameter and the location of the file written via the PathData parameter. Even though the call requires that a sessionId cookie is passed we have determined that the sessionId is not actually validated and any numeric value is accepted as valid. Security issues discovered --- * a sessionId cookie is required by /SystemTab/uploader.aspx, but is not actually validated, allowing an attacker to bypass authentication * /SystemTab/uploader.aspx allows an attacker to create a file with arbitrary content in any place the webserver has write access * The web server process has write access to the webroot where the attacker can execute it by requesting the URL of the newly created file. Impact --- This arbitrary file upload allows an attacker to place files of his own choosing on any location on the hard drive of the server the webserver process has access to, including (but not limited to) the webroot. If the attacker uploads files with code to the webroot (e.g. aspx code) he can then execute this code in the context of the webserver to breach either the integrity, confidentiality, or availability of the system or to steal credentials of other users. In other words, this can lead to a full system compromise. | |||||
| CVE-2021-36356 | 1 Kramerav | 1 Viaware | 2022-04-29 | 10.0 HIGH | 9.8 CRITICAL |
| KRAMER VIAware through August 2021 allows remote attackers to execute arbitrary code because ajaxPages/writeBrowseFilePathAjax.php accepts arbitrary executable pathnames (even though browseSystemFiles.php is no longer reachable via the GUI). NOTE: this issue exists because of an incomplete fix for CVE-2019-17124. | |||||
| CVE-2022-28021 | 1 Purchase Order Management System Project | 1 Purchase Order Management System | 2022-04-29 | 7.5 HIGH | 9.8 CRITICAL |
| Purchase Order Management System v1.0 was discovered to contain a remote code execution (RCE) vulnerability via /purchase_order/admin/?page=user. | |||||
| CVE-2022-27478 | 1 Victor Cms Project | 1 Victor Cms | 2022-04-29 | 6.5 MEDIUM | 8.8 HIGH |
| Victor v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the component admin/profile.php?section=admin. | |||||
| CVE-2022-27862 | 1 Vikwp | 1 Vikbooking Hotel Booking Engine \& Property Management System Plugin | 2022-04-28 | 7.5 HIGH | 9.8 CRITICAL |
| Arbitrary File Upload leading to RCE in E4J s.r.l. VikBooking Hotel Booking Engine & PMS plugin <= 1.5.3 on WordPress allows attackers to upload and execute dangerous file types (e.g. PHP shell) via the signature upload on the booking form. | |||||
| CVE-2022-23346 | 1 Bigantsoft | 1 Bigant Server | 2022-04-27 | 6.5 MEDIUM | 8.8 HIGH |
| BigAnt Software BigAnt Server v5.6.06 was discovered to contain incorrect access control issues. | |||||
| CVE-2022-27435 | 1 Ecommerce-website Project | 1 Ecommerce-website | 2022-04-27 | 6.5 MEDIUM | 8.8 HIGH |
| An unrestricted file upload at /public/admin/index.php?add_product of Ecommerce-Website v1.1.0 allows attackers to upload a webshell via the Product Image component. | |||||
| CVE-2021-40531 | 2 Apple, Sketch | 2 Macos, Sketch | 2022-04-25 | 7.5 HIGH | 9.8 CRITICAL |
| Sketch before 75 allows library feeds to be used to bypass file quarantine. Files are automatically downloaded and opened, without the com.apple.quarantine extended attribute. This results in remote code execution, as demonstrated by CommandString in a terminal profile to Terminal.app. | |||||
| CVE-2022-0409 | 1 Showdoc | 1 Showdoc | 2022-03-01 | 6.8 MEDIUM | 7.8 HIGH |
| Unrestricted Upload of File with Dangerous Type in Packagist showdoc/showdoc prior to 2.10.2. | |||||
| CVE-2022-24553 | 1 Zfaka Project | 1 Zfaka | 2022-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was found in Zfaka <= 1.4.5. The verification of the background file upload function check is not strict, resulting in remote command execution. | |||||
| CVE-2021-39352 | 1 Catchplugins | 1 Catch Themes Demo Import | 2022-02-28 | 6.5 MEDIUM | 7.2 HIGH |
| The Catch Themes Demo Import WordPress plugin is vulnerable to arbitrary file uploads via the import functionality found in the ~/inc/CatchThemesDemoImport.php file, in versions up to and including 1.7, due to insufficient file type validation. This makes it possible for an attacker with administrative privileges to upload malicious files that can be used to achieve remote code execution. | |||||
| CVE-2021-46036 | 1 Mingsoft | 1 Mcms | 2022-02-25 | 7.5 HIGH | 9.8 CRITICAL |
| An arbitrary file upload vulnerability in the component /ms/file/uploadTemplate.do of MCMS v5.2.4 allows attackers to execute arbitrary code. | |||||
| CVE-2022-24984 | 1 Jqueryform | 1 Jqueryform | 2022-02-25 | 6.8 MEDIUM | 9.8 CRITICAL |
| Forms generated by JQueryForm.com before 2022-02-05 (if file-upload capability is enabled) allow remote unauthenticated attackers to upload executable files and achieve remote code execution. This occurs because file-extension checks occur on the client side, and because not all executable content (e.g., .phtml or .php.bak) is blocked. | |||||
| CVE-2019-18288 | 1 Siemens | 1 Sppa-t3000 Application Server | 2022-02-24 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). An attacker with valid authentication at the RMI interface could be able to gain remote code execution through an unsecured file upload. Please note that an attacker needs to have access to the Application Highway in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. | |||||
| CVE-2019-18320 | 1 Siemens | 1 Sppa-t3000 Application Server | 2022-02-24 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). An attacker with network access to the Application Server could be able to upload arbitrary files without authentication. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. | |||||
| CVE-2019-18313 | 1 Siemens | 1 Sppa-t3000 Ms3000 Migration Server | 2022-02-24 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could gain remote code execution by sending specifically crafted objects to one of the RPC services. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. | |||||
| CVE-2022-23390 | 1 Diyhi | 1 Bbs Forum | 2022-02-23 | 7.5 HIGH | 9.8 CRITICAL |
| An issue in the getType function of BBS Forum v5.3 and below allows attackers to upload arbitrary files. | |||||
| CVE-2019-19493 | 1 Kentico | 1 Kentico | 2022-02-20 | 3.5 LOW | 5.4 MEDIUM |
| Kentico before 12.0.50 allows file uploads in which the Content-Type header is inconsistent with the file extension, leading to XSS. | |||||
| CVE-2021-39317 | 1 Accesspressthemes | 43 Access Demo Importer, Accesspress-basic, Accesspress-lite and 40 more | 2022-02-19 | 6.5 MEDIUM | 8.8 HIGH |
| A WordPress plugin and several WordPress themes developed by AccessPress Themes are vulnerable to malicious file uploads via the plugin_offline_installer AJAX action due to a missing capability check in the plugin_offline_installer_callback function found in the /demo-functions.php file or /welcome.php file of the affected products. The complete list of affected products and their versions are below: WordPress Plugin: AccessPress Demo Importer <=1.0.6 WordPress Themes: accesspress-basic <= 3.2.1 accesspress-lite <= 2.92 accesspress-mag <= 2.6.5 accesspress-parallax <= 4.5 accesspress-root <= 2.5 accesspress-store <= 2.4.9 agency-lite <= 1.1.6 arrival <= 1.4.2 bingle <= 1.0.4 bloger <= 1.2.6 brovy <= 1.3 construction-lite <= 1.2.5 doko <= 1.0.27 edict-lite <= 1.1.4 eightlaw-lite <= 2.1.5 eightmedi-lite <= 2.1.8 eight-sec <= 1.1.4 eightstore-lite <= 1.2.5 enlighten <= 1.3.5 fotography <= 2.4.0 opstore <= 1.4.3 parallaxsome <= 1.3.6 punte <= 1.1.2 revolve <= 1.3.1 ripple <= 1.2.0 sakala <= 1.0.4 scrollme <= 2.1.0 storevilla <= 1.4.1 swing-lite <= 1.1.9 the100 <= 1.1.2 the-launcher <= 1.3.2 the-monday <= 1.4.1 ultra-seven <= 1.2.8 uncode-lite <= 1.3.3 vmag <= 1.2.7 vmagazine-lite <= 1.3.5 vmagazine-news <= 1.0.5 wpparallax <= 2.0.6 wp-store <= 1.1.9 zigcy-baby <= 1.0.6 zigcy-cosmetics <= 1.0.5 zigcy-lite <= 2.0.9 | |||||
| CVE-2018-19423 | 1 Codiad | 1 Codiad | 2022-02-19 | 6.5 MEDIUM | 7.2 HIGH |
| Codiad 2.8.4 allows remote authenticated administrators to execute arbitrary code by uploading an executable file. | |||||
| CVE-2021-22803 | 1 Schneider-electric | 1 Interactive Graphical Scada System Data Collector | 2022-02-18 | 7.5 HIGH | 9.8 CRITICAL |
| A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists that could lead to remote code execution through a number of paths, when an attacker, writes arbitrary files to folders in context of the DC module, by sending constructed messages on the network. Affected Product: Interactive Graphical SCADA System Data Collector (dc.exe) (V15.0.0.21243 and prior) | |||||
| CVE-2020-13675 | 1 Drupal | 1 Drupal | 2022-02-18 | 7.5 HIGH | 9.8 CRITICAL |
| Drupal's JSON:API and REST/File modules allow file uploads through their HTTP APIs. The modules do not correctly run all file validation, which causes an access bypass vulnerability. An attacker might be able to upload files that bypass the file validation process implemented by modules on the site. | |||||
| CVE-2022-23048 | 1 Exponentcms | 1 Exponent Cms | 2022-02-17 | 6.5 MEDIUM | 7.2 HIGH |
| Exponent CMS 2.6.0patch2 allows an authenticated admin user to upload a malicious extension in the format of a ZIP file with a PHP file inside it. After upload it, the PHP file will be placed at "themes/simpletheme/{rce}.php" from where can be accessed in order to execute commands. | |||||
| CVE-2021-35244 | 2 Microsoft, Solarwinds | 2 Windows, Orion Platform | 2022-02-16 | 6.0 MEDIUM | 7.2 HIGH |
| The "Log alert to a file" action within action management enables any Orion Platform user with Orion alert management rights to write to any file. An attacker with Orion alert management rights could use this vulnerability to perform an unrestricted file upload causing a remote code execution. | |||||
| CVE-2021-21351 | 4 Debian, Fedoraproject, Oracle and 1 more | 13 Debian Linux, Fedora, Banking Enterprise Default Management and 10 more | 2022-02-16 | 6.5 MEDIUM | 9.1 CRITICAL |
| XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16. | |||||
| CVE-2021-21350 | 4 Debian, Fedoraproject, Oracle and 1 more | 13 Debian Linux, Fedora, Banking Enterprise Default Management and 10 more | 2022-02-16 | 7.5 HIGH | 9.8 CRITICAL |
| XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to execute arbitrary code only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16. | |||||
| CVE-2021-21347 | 4 Debian, Fedoraproject, Oracle and 1 more | 13 Debian Linux, Fedora, Banking Enterprise Default Management and 10 more | 2022-02-16 | 7.5 HIGH | 9.8 CRITICAL |
| XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16. | |||||
| CVE-2021-21346 | 4 Debian, Fedoraproject, Oracle and 1 more | 13 Debian Linux, Fedora, Banking Enterprise Default Management and 10 more | 2022-02-16 | 7.5 HIGH | 9.8 CRITICAL |
| XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16. | |||||
| CVE-2021-21344 | 4 Debian, Fedoraproject, Oracle and 1 more | 13 Debian Linux, Fedora, Banking Enterprise Default Management and 10 more | 2022-02-16 | 7.5 HIGH | 9.8 CRITICAL |
| XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16. | |||||
| CVE-2021-46360 | 1 Ocproducts | 1 Composr | 2022-02-11 | 6.5 MEDIUM | 8.8 HIGH |
| Authenticated remote code execution (RCE) in Composr-CMS 10.0.39 and earlier allows remote attackers to execute arbitrary code via uploading a PHP shell through /adminzone/index.php?page=admin-commandr. | |||||
| CVE-2022-24676 | 1 Hyphp | 1 Hybbs2 | 2022-02-11 | 6.5 MEDIUM | 8.8 HIGH |
| update_code in Admin.php in HYBBS2 through 2.3.2 allows arbitrary file upload via a crafted ZIP archive. | |||||
| CVE-2018-15139 | 1 Open-emr | 1 Openemr | 2022-02-10 | 6.5 MEDIUM | 8.8 HIGH |
| Unrestricted file upload in interface/super/manage_site_files.php in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary PHP code by uploading a file with a PHP extension via the images upload form and accessing it in the images directory. | |||||
| CVE-2022-0472 | 1 Laracom Project | 1 Laracom | 2022-02-10 | 3.5 LOW | 5.4 MEDIUM |
| Unrestricted Upload of File with Dangerous Type in Packagist jsdecena/laracom prior to v2.0.9. | |||||
| CVE-2017-9380 | 1 Open-emr | 1 Openemr | 2022-02-09 | 6.5 MEDIUM | 8.8 HIGH |
| OpenEMR 5.0.0 and prior allows low-privilege users to upload files of dangerous types which can result in arbitrary code execution within the context of the vulnerable application. | |||||
| CVE-2022-23329 | 1 Ujcms | 1 Jspxcms | 2022-02-09 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability in ${"freemarker.template.utility.Execute"?new() of UJCMS Jspxcms v10.2.0 allows attackers to execute arbitrary commands via uploading malicious files. | |||||
| CVE-2020-29607 | 1 Pluck-cms | 1 Pluck | 2022-02-07 | 6.5 MEDIUM | 7.2 HIGH |
| A file upload restriction bypass vulnerability in Pluck CMS before 4.7.13 allows an admin privileged user to gain access in the host through the "manage files" functionality, which may result in remote code execution. | |||||
| CVE-2021-26473 | 1 Vembu | 2 Bdr Suite, Offsite Dr | 2022-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| In VembuBDR before 4.2.0.1 and VembuOffsiteDR before 4.2.0.1 the http API located at /sgwebservice_o.php action logFilePath allows an attacker to write arbitrary files in the context of the web server process. These files can then be executed remotely by calling the file via the web server. | |||||
| CVE-2021-46386 | 1 Mingsoft | 1 Mcms | 2022-02-02 | 7.5 HIGH | 9.8 CRITICAL |
| https://gitee.com/mingSoft/MCMS MCMS <=5.2.5 is affected by: File Upload. The impact is: execute arbitrary code (remote). The component is: net.mingsoft.basic.action.web.FileAction#upload. The attack vector is: jspx webshell. ΒΆΒΆ MCMS has a file upload vulnerability through which attacker can upload a webshell. Successful attacks of this vulnerability can result in takeover of MCMS | |||||
| CVE-2021-46428 | 1 Simple Chatbot Application Project | 1 Simple Chatbot Application | 2022-02-02 | 7.5 HIGH | 9.8 CRITICAL |
| A Remote Code Execution (RCE) vulnerability exists in Sourcecodester Simple Chatbot Application 1.0 ( and previous versions via the bot_avatar parameter in SystemSettings.php. | |||||
| CVE-2021-46097 | 1 Dolphinphp | 1 Dolphinphp | 2022-02-02 | 6.5 MEDIUM | 8.8 HIGH |
| Dolphinphp v1.5.0 contains a remote code execution vulnerability in /application/common.php#action_log | |||||
| CVE-2021-44123 | 1 Spip | 1 Spip | 2022-02-02 | 6.5 MEDIUM | 8.8 HIGH |
| SPIP 4.0.0 is affected by a remote command execution vulnerability. To exploit the vulnerability, an attacker must craft a malicious picture with a double extension, upload it and then click on it to execute it. | |||||
| CVE-2021-46116 | 1 Jpress | 1 Jpress | 2022-02-02 | 6.5 MEDIUM | 7.2 HIGH |
| jpress 4.2.0 is vulnerable to remote code execution via io.jpress.web.admin._TemplateController#doInstall. The admin panel provides a function through which attackers can install templates and inject some malicious code. | |||||