Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2018-5724

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-16 Jan, 2018 | 22:00
Updated At-05 Aug, 2024 | 05:40
Rejected At-
Credits

MASTER IPCAMERA01 3.3.4.2103 devices allow Unauthenticated Configuration Download and Upload, as demonstrated by restore.cgi.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
ā–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:16 Jan, 2018 | 22:00
Updated At:05 Aug, 2024 | 05:40
Rejected At:
ā–¼CVE Numbering Authority (CNA)

MASTER IPCAMERA01 3.3.4.2103 devices allow Unauthenticated Configuration Download and Upload, as demonstrated by restore.cgi.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.exploit-db.com/exploits/43693/
exploit
x_refsource_EXPLOIT-DB
http://syrion.me/blog/master-ipcam/
x_refsource_MISC
https://packetstormsecurity.com/files/145935/Master-IP-CAM-01-Hardcoded-Password-Unauthenticated-Access.html
x_refsource_MISC
Hyperlink: https://www.exploit-db.com/exploits/43693/
Resource:
exploit
x_refsource_EXPLOIT-DB
Hyperlink: http://syrion.me/blog/master-ipcam/
Resource:
x_refsource_MISC
Hyperlink: https://packetstormsecurity.com/files/145935/Master-IP-CAM-01-Hardcoded-Password-Unauthenticated-Access.html
Resource:
x_refsource_MISC
ā–¼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.exploit-db.com/exploits/43693/
exploit
x_refsource_EXPLOIT-DB
x_transferred
http://syrion.me/blog/master-ipcam/
x_refsource_MISC
x_transferred
https://packetstormsecurity.com/files/145935/Master-IP-CAM-01-Hardcoded-Password-Unauthenticated-Access.html
x_refsource_MISC
x_transferred
Hyperlink: https://www.exploit-db.com/exploits/43693/
Resource:
exploit
x_refsource_EXPLOIT-DB
x_transferred
Hyperlink: http://syrion.me/blog/master-ipcam/
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://packetstormsecurity.com/files/145935/Master-IP-CAM-01-Hardcoded-Password-Unauthenticated-Access.html
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
ā–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:16 Jan, 2018 | 22:29
Updated At:05 Feb, 2018 | 20:10

MASTER IPCAMERA01 3.3.4.2103 devices allow Unauthenticated Configuration Download and Upload, as demonstrated by restore.cgi.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.09.8CRITICAL
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary2.010.0HIGH
AV:N/AC:L/Au:N/C:C/I:C/A:C
Type: Primary
Version: 3.0
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 10.0
Base severity: HIGH
Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C
CPE Matches
barni
barni
>>master_ip_camera01_firmware>>3.3.4.2103
cpe:2.3:o:barni:master_ip_camera01_firmware:3.3.4.2103:*:*:*:*:*:*:*
barni
barni
>>master_ip_camera01>>-
cpe:2.3:h:barni:master_ip_camera01:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-434Primarynvd@nist.gov
CWE ID: CWE-434
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://syrion.me/blog/master-ipcam/cve@mitre.org
Exploit
Third Party Advisory
https://packetstormsecurity.com/files/145935/Master-IP-CAM-01-Hardcoded-Password-Unauthenticated-Access.htmlcve@mitre.org
Third Party Advisory
VDB Entry
https://www.exploit-db.com/exploits/43693/cve@mitre.org
Third Party Advisory
VDB Entry
Hyperlink: http://syrion.me/blog/master-ipcam/
Source: cve@mitre.org
Resource:
Exploit
Third Party Advisory
Hyperlink: https://packetstormsecurity.com/files/145935/Master-IP-CAM-01-Hardcoded-Password-Unauthenticated-Access.html
Source: cve@mitre.org
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://www.exploit-db.com/exploits/43693/
Source: cve@mitre.org
Resource:
Third Party Advisory
VDB Entry

Change History

0
Information is not available yet

Similar CVEs

173Records found
CVE-2015-1000000
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-11.29% / 93.61%
||
7 Day CHG~0.00%
Published-06 Oct, 2016 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Remote file upload vulnerability in mailcwp v1.99 wordpress plugin

Action-Not Available
Vendor-mailcwp_projectn/a
Product-mailcwpn/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2016-10752
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.75% / 73.29%
||
7 Day CHG~0.00%
Published-24 May, 2019 | 17:40
Updated-06 Aug, 2024 | 03:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

serendipity_moveMediaDirectory in Serendipity 2.0.3 allows remote attackers to upload and execute arbitrary PHP code because it mishandles an extensionless filename during a rename, as demonstrated by "php" as a filename.

Action-Not Available
Vendor-s9yn/a
Product-serendipityn/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2015-1000001
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-7.84% / 92.07%
||
7 Day CHG~0.00%
Published-06 Oct, 2016 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Remote file upload vulnerability in fast-image-adder v1.1 Wordpress plugin

Action-Not Available
Vendor-fast-image-adder_projectn/a
Product-fast-image-addern/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2018-20526
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-86.04% / 99.40%
||
7 Day CHG~0.00%
Published-18 Mar, 2019 | 15:25
Updated-05 Aug, 2024 | 12:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Roxy Fileman 1.4.5 allows unrestricted file upload in upload.php.

Action-Not Available
Vendor-roxyfilemann/a
Product-roxy_filemann/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2018-18752
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.39% / 60.27%
||
7 Day CHG-0.02%
Published-28 Oct, 2018 | 17:00
Updated-16 Sep, 2024 | 21:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Webiness Inventory 2.3 suffers from an Arbitrary File upload vulnerability via PHP code in the protected/library/ajax/WsSaveToModel.php logo parameter.

Action-Not Available
Vendor-webiness_projectn/a
Product-webiness_inventoryn/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2018-18793
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-18.91% / 95.39%
||
7 Day CHG~0.00%
Published-16 Nov, 2018 | 18:00
Updated-05 Aug, 2024 | 11:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

School Event Management System 1.0 allows Arbitrary File Upload via event/controller.php?action=photos.

Action-Not Available
Vendor-school_event_management_system_projectn/a
Product-school_event_management_systemn/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2020-35489
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-10||CRITICAL
EPSS-90.33% / 99.61%
||
7 Day CHG~0.00%
Published-17 Dec, 2020 | 18:16
Updated-04 Aug, 2024 | 17:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The contact-form-7 (aka Contact Form 7) plugin before 5.3.2 for WordPress allows Unrestricted File Upload and remote code execution because a filename may contain special characters.

Action-Not Available
Vendor-rocklobstern/a
Product-contact_form_7n/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2020-25537
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.40% / 60.77%
||
7 Day CHG~0.00%
Published-30 Nov, 2020 | 17:17
Updated-04 Aug, 2024 | 15:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

File upload vulnerability exists in UCMS 1.5.0, and the attacker can take advantage of this vulnerability to obtain server management permission.

Action-Not Available
Vendor-ucms_projectn/a
Product-ucmsn/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2020-21787
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.40% / 60.77%
||
7 Day CHG~0.00%
Published-24 Jun, 2021 | 14:51
Updated-04 Aug, 2024 | 14:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CRMEB 3.1.0+ is vulnerable to File Upload Getshell via /crmeb/crmeb/services/UploadService.php.

Action-Not Available
Vendor-crmebn/a
Product-crmebn/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2020-19138
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-9.29% / 92.83%
||
7 Day CHG~0.00%
Published-08 Sep, 2021 | 20:18
Updated-04 Aug, 2024 | 14:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unrestricted Upload of File with Dangerous Type in DotCMS v5.2.3 and earlier allow remote attackers to execute arbitrary code via the component "/src/main/java/com/dotmarketing/filters/CMSFilter.java".

Action-Not Available
Vendor-n/adotCMS, LLC
Product-dotcmsn/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2017-3108
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-10.17% / 93.20%
||
7 Day CHG~0.00%
Published-11 Aug, 2017 | 19:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Experience Manager 6.2 and earlier has a malicious file execution vulnerability.

Action-Not Available
Vendor-Adobe Inc.
Product-experience_managerExperience Manager
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2020-10569
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.05% / 84.06%
||
7 Day CHG~0.00%
Published-21 Apr, 2020 | 19:01
Updated-18 Nov, 2024 | 17:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SysAid On-Premise 20.1.11, by default, allows the AJP protocol port, which is vulnerable to a GhostCat attack. Additionally, it allows unauthenticated access to upload files, which can be used to execute commands on the system by chaining it with a GhostCat attack. NOTE: This may be a duplicate of CVE-2020-1938

Action-Not Available
Vendor-n/aSysAid Technologies Ltd.
Product-on-premisen/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2019-9825
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.75% / 73.31%
||
7 Day CHG~0.00%
Published-14 Mar, 2019 | 22:00
Updated-17 Sep, 2024 | 02:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

FeiFeiCMS 4.1.190209 allows remote attackers to upload and execute arbitrary PHP code by visiting index.php?s=Admin-Index to modify the set of allowable file extensions, as demonstrated by adding php to the default jpg,gif,png,jpeg setting, and then using the "add article" feature.

Action-Not Available
Vendor-feifeicmsn/a
Product-feifeicmsn/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2019-7816
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-4.82% / 89.61%
||
7 Day CHG~0.00%
Published-24 May, 2019 | 17:36
Updated-04 Aug, 2024 | 21:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ColdFusion versions Update 2 and earlier, Update 9 and earlier, and Update 17 and earlier have a file upload restriction bypass vulnerability. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-Adobe Inc.
Product-coldfusionColdFusion
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2023-51590
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-9.8||CRITICAL
EPSS-3.40% / 87.54%
||
7 Day CHG~0.00%
Published-03 May, 2024 | 02:15
Updated-09 Jul, 2025 | 16:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Voltronic Power ViewPower Pro UpLoadAction Unrestricted File Upload Remote Code Execution Vulnerability

Voltronic Power ViewPower Pro UpLoadAction Unrestricted File Upload Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Voltronic Power ViewPower Pro. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UpLoadAction class. The issue results from the lack of proper validation of user-supplied data, which can allow the upload of arbitrary files. An attacker can leverage this vulnerability to execute code in the context of LOCAL SERVICE. Was ZDI-CAN-22080.

Action-Not Available
Vendor-voltronicpowerVoltronic Powervoltronic_power
Product-viewpowerViewPower Proviewpower_pro
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2017-1000194
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.41% / 61.57%
||
7 Day CHG~0.00%
Published-17 Nov, 2017 | 02:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

October CMS build 412 is vulnerable to Apache configuration modification via file upload functionality resulting in site compromise and possibly other applications on the server.

Action-Not Available
Vendor-octobercmsn/a
Product-octobern/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2017-1002001
Matching Score-4
Assigner-Larry Cashdollar
ShareView Details
Matching Score-4
Assigner-Larry Cashdollar
CVSS Score-9.8||CRITICAL
EPSS-44.53% / 97.61%
||
7 Day CHG~0.00%
Published-14 Sep, 2017 | 13:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in wordpress plugin mobile-app-builder-by-wappress v1.05, The plugin includes unlicensed vulnerable CMS software from http://www.invedion.com.

Action-Not Available
Vendor-mobile-app-builder-by-wappress_projectInvedion
Product-mobile-app-builder-by-wappressmobile-app-builder-by-wappress
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2017-1002002
Matching Score-4
Assigner-Larry Cashdollar
ShareView Details
Matching Score-4
Assigner-Larry Cashdollar
CVSS Score-9.8||CRITICAL
EPSS-51.15% / 97.91%
||
7 Day CHG~0.00%
Published-14 Sep, 2017 | 13:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in wordpress plugin webapp-builder v2.0, The plugin includes unlicensed vulnerable CMS software from http://www.invedion.com/

Action-Not Available
Vendor-webapp-builder_projectInvedion
Product-webapp-builderwebapp-builder
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2016-7443
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.89% / 75.64%
||
7 Day CHG~0.00%
Published-06 Mar, 2018 | 22:00
Updated-06 Aug, 2024 | 01:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Exponent CMS 2.3.0 through 2.3.9 allows remote attackers to have unspecified impact via vectors related to "uploading files to wrong location."

Action-Not Available
Vendor-exponentcmsn/a
Product-exponent_cmsn/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2016-5050
Matching Score-4
Assigner-CERT/CC
ShareView Details
Matching Score-4
Assigner-CERT/CC
CVSS Score-9.8||CRITICAL
EPSS-3.43% / 87.60%
||
7 Day CHG~0.00%
Published-26 Aug, 2016 | 19:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unrestricted file upload vulnerability in chat/sendfile.aspx in ReadyDesk 9.1 allows remote attackers to execute arbitrary code by uploading and requesting a .aspx file.

Action-Not Available
Vendor-readydeskn/a
Product-readydeskn/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2018-15137
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-27.03% / 96.43%
||
7 Day CHG~0.00%
Published-08 Aug, 2018 | 00:00
Updated-05 Aug, 2024 | 09:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CeLa Link CLR-M20 devices allow unauthorized users to upload any file (e.g., asp, aspx, cfm, html, jhtml, jsp, or shtml), which causes remote code execution as well. Because of the WebDAV feature, it is possible to upload arbitrary files by utilizing the PUT method.

Action-Not Available
Vendor-cela_linkn/a
Product-clr-m20_firmwareclr-m20n/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2015-9271
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-10.14% / 93.19%
||
7 Day CHG~0.00%
Published-04 Oct, 2018 | 23:00
Updated-06 Aug, 2024 | 08:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The VideoWhisper videowhisper-video-conference-integration plugin 4.91.8 for WordPress allows remote attackers to execute arbitrary code because vc/vw_upload.php considers a file safe when "html" are the last four characters, as demonstrated by a .phtml file containing PHP code, a different vulnerability than CVE-2014-1905.

Action-Not Available
Vendor-videowhispern/a
Product-video_conferencen/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2017-17976
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-16.55% / 94.98%
||
7 Day CHG~0.00%
Published-26 Jan, 2018 | 20:00
Updated-05 Aug, 2024 | 21:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Utilities.php in Perfex CRM 1.9.7, Unrestricted file upload can lead to remote code execution.

Action-Not Available
Vendor-perfexcrmn/a
Product-perfex_crmn/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
  • Previous
  • 1
  • 2
  • 3
  • 4
  • Next
Details not found