Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2019-10652

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-30 Mar, 2019 | 13:48
Updated At-04 Aug, 2024 | 22:32
Rejected At-
Credits

An issue was discovered in flatCore 1.4.7. acp/acp.php allows remote authenticated administrators to upload arbitrary .php files, related to the addons feature.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:30 Mar, 2019 | 13:48
Updated At:04 Aug, 2024 | 22:32
Rejected At:
▼CVE Numbering Authority (CNA)

An issue was discovered in flatCore 1.4.7. acp/acp.php allows remote authenticated administrators to upload arbitrary .php files, related to the addons feature.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://github.com/flatCore/flatCore-CMS/issues/38
x_refsource_MISC
Hyperlink: https://github.com/flatCore/flatCore-CMS/issues/38
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://github.com/flatCore/flatCore-CMS/issues/38
x_refsource_MISC
x_transferred
Hyperlink: https://github.com/flatCore/flatCore-CMS/issues/38
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:30 Mar, 2019 | 14:29
Updated At:01 Apr, 2019 | 14:10

An issue was discovered in flatCore 1.4.7. acp/acp.php allows remote authenticated administrators to upload arbitrary .php files, related to the addons feature.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.07.2HIGH
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Primary2.06.5MEDIUM
AV:N/AC:L/Au:S/C:P/I:P/A:P
Type: Primary
Version: 3.0
Base score: 7.2
Base severity: HIGH
Vector:
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 6.5
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:S/C:P/I:P/A:P
CPE Matches

flatcore
flatcore
>>flatcore>>1.4.7
cpe:2.3:a:flatcore:flatcore:1.4.7:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-434Primarynvd@nist.gov
CWE ID: CWE-434
Type: Primary
Source: nvd@nist.gov
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://github.com/flatCore/flatCore-CMS/issues/38cve@mitre.org
Exploit
Third Party Advisory
Hyperlink: https://github.com/flatCore/flatCore-CMS/issues/38
Source: cve@mitre.org
Resource:
Exploit
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

856Records found

CVE-2020-12715
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-1.21% / 64.62%
||
7 Day CHG~0.00%
Published-30 Sep, 2020 | 20:44
Updated-04 Aug, 2024 | 12:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

RainbowFish PacsOne Server 6.8.4 has Incorrect Access Control.

Action-Not Available
Vendor-rainbowfishsoftwaren/a
Product-pacsone_servern/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2020-12854
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-2.97% / 85.61%
||
7 Day CHG~0.00%
Published-15 Jul, 2020 | 19:04
Updated-04 Aug, 2024 | 12:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote code execution vulnerability was identified in SecZetta NEProfile 3.3.11. Authenticated remote adversaries can invoke code execution upon uploading a carefully crafted JPEG file as part of the profile avatar.

Action-Not Available
Vendor-seczettan/a
Product-neprofilen/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2020-12675
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-2.84% / 84.97%
||
7 Day CHG~0.00%
Published-29 May, 2020 | 15:52
Updated-04 Aug, 2024 | 12:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The mappress-google-maps-for-wordpress plugin before 2.54.6 for WordPress does not correctly implement capability checks for AJAX functions related to creation/retrieval/deletion of PHP template files, leading to Remote Code Execution. NOTE: this issue exists because of an incomplete fix for CVE-2020-12077.

Action-Not Available
Vendor-mappresspron/a
Product-mappressn/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-10994
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.65% / 46.52%
||
7 Day CHG~0.00%
Published-08 Nov, 2024 | 06:00
Updated-18 Nov, 2024 | 18:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Codezips Online Institute Management System edit_user.php unrestricted upload

A vulnerability has been found in Codezips Online Institute Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /edit_user.php. The manipulation of the argument image leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-CodeZips
Product-online_institute_management_systemOnline Institute Management Systemonline_institute_management_system
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-10993
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.70% / 48.80%
||
7 Day CHG~0.00%
Published-08 Nov, 2024 | 05:31
Updated-18 Nov, 2024 | 18:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Codezips Online Institute Management System manage_website.php unrestricted upload

A vulnerability, which was classified as critical, was found in Codezips Online Institute Management System 1.0. Affected is an unknown function of the file /manage_website.php. The manipulation of the argument website_image leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-CodeZips
Product-online_institute_management_systemOnline Institute Management Systemonline_institute_management_system
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-10765
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.52% / 40.30%
||
7 Day CHG~0.00%
Published-04 Nov, 2024 | 15:31
Updated-06 Nov, 2024 | 14:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Codezips Online Institute Management System profile.php unrestricted upload

A vulnerability classified as critical was found in Codezips Online Institute Management System up to 1.0. This vulnerability affects unknown code of the file /profile.php. The manipulation of the argument old_image leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-CodeZips
Product-online_institute_management_systemOnline Institute Management Systemonline_institute_management_system
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CWE ID-CWE-266
Incorrect Privilege Assignment
CVE-2024-10764
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.52% / 40.30%
||
7 Day CHG~0.00%
Published-04 Nov, 2024 | 15:31
Updated-06 Nov, 2024 | 14:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Codezips Online Institute Management System save_user.php unrestricted upload

A vulnerability classified as critical has been found in Codezips Online Institute Management System 1.0. This affects an unknown part of the file /pages/save_user.php. The manipulation of the argument image leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-CodeZips
Product-online_institute_management_systemOnline Institute Management Systemonline_institute_management_system
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CWE ID-CWE-266
Incorrect Privilege Assignment
CVE-2020-12255
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-52.58% / 98.84%
||
7 Day CHG~0.00%
Published-18 May, 2020 | 14:05
Updated-04 Aug, 2024 | 11:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

rConfig 3.9.4 is vulnerable to remote code execution due to improper validation in the file upload functionality. vendor.crud.php accepts a file upload by checking content-type without considering the file extension and header. Thus, an attacker can exploit this by uploading a .php file to vendor.php that contains arbitrary PHP code and changing the content-type to image/gif.

Action-Not Available
Vendor-rconfign/a
Product-rconfign/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-10766
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.53% / 40.79%
||
7 Day CHG~0.00%
Published-04 Nov, 2024 | 17:31
Updated-06 Nov, 2024 | 14:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Codezips Free Exam Hall Seating Management System save_user.php unrestricted upload

A vulnerability, which was classified as critical, has been found in Codezips Free Exam Hall Seating Management System 1.0. This issue affects some unknown processing of the file /pages/save_user.php. The manipulation of the argument image leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The initial researcher disclosure contains confusing vulnerability classes and file names.

Action-Not Available
Vendor-CodeZips
Product-free_exam_hall_seating_management_systemFree Exam Hall Seating Management Systemfree_exam_hall_seating_management_system
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CWE ID-CWE-266
Incorrect Privilege Assignment
CVE-2024-11122
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.56% / 42.46%
||
7 Day CHG~0.00%
Published-12 Nov, 2024 | 12:31
Updated-27 Aug, 2025 | 20:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
上海灵当信息科技有限公司 Lingdang CRM index.php unrestricted upload

A vulnerability, which was classified as critical, has been found in 上海灵当信息科技有限公司 Lingdang CRM up to 8.6.4.3. Affected by this issue is some unknown functionality of the file /crm/wechatSession/index.php?msgid=1&operation=upload. The manipulation of the argument file leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-51mis上海灵当信息科技有限公司shanghai_lingdang_information_technology
Product-lingdang_crmLingdang CRMlingdang_crm
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2020-12077
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-5.61% / 91.98%
||
7 Day CHG~0.00%
Published-23 Apr, 2020 | 02:20
Updated-04 Aug, 2024 | 11:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The mappress-google-maps-for-wordpress plugin before 2.53.9 for WordPress does not correctly implement AJAX functions with nonces (or capability checks), leading to remote code execution.

Action-Not Available
Vendor-mappresspron/a
Product-mappressn/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-11054
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.51% / 39.91%
||
7 Day CHG~0.00%
Published-10 Nov, 2024 | 09:31
Updated-14 Nov, 2024 | 02:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Simple Music Cloud Community System ajax.php unrestricted upload

A vulnerability classified as critical was found in SourceCodester Simple Music Cloud Community System 1.0. This vulnerability affects unknown code of the file /music/ajax.php?action=signup. The manipulation of the argument pp leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-oretnom23SourceCodester
Product-simple_music_cloud_community_systemSimple Music Cloud Community Systemsimple_music_cloud_community_system
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2020-11943
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-23.90% / 97.56%
||
7 Day CHG~0.00%
Published-29 Apr, 2020 | 21:17
Updated-04 Aug, 2024 | 11:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Open-AudIT 3.2.2. There is Arbitrary file upload.

Action-Not Available
Vendor-opmantekn/a
Product-open-auditn/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2020-10934
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-1.30% / 66.97%
||
7 Day CHG~0.00%
Published-24 Mar, 2020 | 14:55
Updated-04 Aug, 2024 | 11:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Acyba AcyMailing before 6.9.2 mishandles file uploads by admins.

Action-Not Available
Vendor-n/aAcyMailing (Altavia Jetpulp SAS, formerly ACYBA)
Product-acymailingn/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2020-1102
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-15.13% / 96.34%
||
7 Day CHG~0.00%
Published-21 May, 2020 | 22:53
Updated-04 Aug, 2024 | 06:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1023, CVE-2020-1024.

Action-Not Available
Vendor-Microsoft Corporation
Product-sharepoint_serversharepoint_enterprise_serverMicrosoft SharePoint ServerMicrosoft SharePoint Enterprise Server
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2020-10562
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-1.46% / 70.47%
||
7 Day CHG~0.00%
Published-13 Mar, 2020 | 20:47
Updated-04 Aug, 2024 | 11:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in DEVOME GRR before 3.4.1c. admin_edit_room.php mishandles file uploads.

Action-Not Available
Vendor-devomen/a
Product-grrn/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2020-10557
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-1.37% / 68.67%
||
7 Day CHG~0.00%
Published-16 Mar, 2020 | 14:31
Updated-04 Aug, 2024 | 11:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in AContent through 1.4. It allows the user to run commands on the server with a low-privileged account. The upload section in the file manager page contains an arbitrary file upload vulnerability via upload.php. The extension .php7 bypasses file upload restrictions.

Action-Not Available
Vendor-atutorn/a
Product-acontentn/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2020-11544
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-1.11% / 61.98%
||
7 Day CHG~0.00%
Published-06 Apr, 2020 | 15:26
Updated-04 Aug, 2024 | 11:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Project Worlds Official Car Rental System 1. It allows the admin user to run commands on the server with their account because the upload section on the file-manager page contains an arbitrary file upload vulnerability via add_cars.php. There are no upload restrictions for executable files.

Action-Not Available
Vendor-n/aProjectworlds
Product-official_car_rental_systemn/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-10420
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.47% / 37.61%
||
7 Day CHG~0.00%
Published-27 Oct, 2024 | 15:31
Updated-29 Oct, 2024 | 00:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Attendance and Payroll System update.php upload unrestricted upload

A vulnerability classified as critical has been found in SourceCodester Attendance and Payroll System 1.0. This affects the function upload of the file /marimar/guest/update.php. The manipulation of the argument image leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-nurhodelta17SourceCodester
Product-attendance_and_payroll_systemAttendance and Payroll System
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-10413
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.51% / 39.59%
||
7 Day CHG~0.00%
Published-27 Oct, 2024 | 09:31
Updated-29 Oct, 2024 | 20:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Online Hotel Reservation System update.php upload unrestricted upload

A vulnerability, which was classified as critical, has been found in SourceCodester Online Hotel Reservation System 1.0. Affected by this issue is the function upload of the file /guest/update.php. The manipulation of the argument image leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-janobeSourceCodester
Product-online_hotel_reservation_systemOnline Hotel Reservation System
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2020-11451
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-2.66% / 83.84%
||
7 Day CHG~0.00%
Published-02 Apr, 2020 | 15:00
Updated-04 Aug, 2024 | 11:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Upload Visualization plugin in the Microstrategy Web 10.4 admin panel allows an administrator to upload a ZIP archive containing files with arbitrary extensions and data. (This is also exploitable via SSRF). Note: The ability to upload visualization plugins requires administrator privileges.

Action-Not Available
Vendor-microstrategyn/a
Product-microstrategy_webn/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2020-10963
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-14.67% / 96.25%
||
7 Day CHG~0.00%
Published-25 Mar, 2020 | 21:23
Updated-04 Aug, 2024 | 11:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

FrozenNode Laravel-Administrator through 5.0.12 allows unrestricted file upload (and consequently Remote Code Execution) via admin/tips_image/image/file_upload image upload with PHP content within a GIF image that has the .php extension. NOTE: this product is discontinued.

Action-Not Available
Vendor-frozennoden/a
Product-laravel-administratorn/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-0933
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.58% / 43.47%
||
7 Day CHG~0.00%
Published-26 Jan, 2024 | 17:00
Updated-29 May, 2025 | 15:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Niushop B2B2C Upload.php unrestricted upload

A vulnerability was found in Niushop B2B2C V5 and classified as critical. Affected by this issue is some unknown functionality of the file \app\model\Upload.php. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252140. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-niushopNiushop
Product-b2b2c_multi-businessB2B2C
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-0783
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-1.25% / 65.74%
||
7 Day CHG~0.00%
Published-22 Jan, 2024 | 17:31
Updated-30 May, 2025 | 14:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Project Worlds Online Admission System documents.php unrestricted upload

A vulnerability was found in Project Worlds Online Admission System 1.0 and classified as critical. This issue affects some unknown processing of the file documents.php. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-251699.

Action-Not Available
Vendor-online_admission_system_projectProjectworlds
Product-online_admission_systemOnline Admission System
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-1027
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.47% / 37.06%
||
7 Day CHG~0.00%
Published-30 Jan, 2024 | 03:00
Updated-30 May, 2025 | 19:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Facebook News Feed Like Post unrestricted upload

A vulnerability, which was classified as critical, was found in SourceCodester Facebook News Feed Like 1.0. Affected is an unknown function of the component Post Handler. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-252300.

Action-Not Available
Vendor-SourceCodesteroretnom23
Product-facebook_news_feed_likeFacebook News Feed Like
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-10161
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.60% / 44.49%
||
7 Day CHG~0.00%
Published-20 Oct, 2024 | 00:31
Updated-21 Oct, 2024 | 21:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PHPGurukul Boat Booking System Update Boat Image Page change-image.php unrestricted upload

A vulnerability, which was classified as critical, was found in PHPGurukul Boat Booking System 1.0. This affects an unknown part of the file change-image.php of the component Update Boat Image Page. The manipulation of the argument image leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-PHPGurukul LLP
Product-boat_booking_systemBoat Booking Systemboat_booking_system
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-0468
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.59% / 44.04%
||
7 Day CHG~0.00%
Published-12 Jan, 2024 | 20:31
Updated-27 Aug, 2024 | 20:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Fighting Cock Information System new-father.php unrestricted upload

A vulnerability has been found in code-projects Fighting Cock Information System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/action/new-father.php. The manipulation of the argument image leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250573 was assigned to this vulnerability.

Action-Not Available
Vendor-Source Code & Projects
Product-fighting_cock_information_systemFighting Cock Information System
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-10410
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-1.09% / 61.49%
||
7 Day CHG~0.00%
Published-27 Oct, 2024 | 03:31
Updated-29 Oct, 2024 | 20:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Online Hotel Reservation System controller.php upload unrestricted upload

A vulnerability classified as critical was found in SourceCodester Online Hotel Reservation System 1.0. Affected by this vulnerability is the function upload of the file /admin/mod_room/controller.php?action=add. The manipulation of the argument image leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-janobeSourceCodester
Product-online_hotel_reservation_systemOnline Hotel Reservation Systemonline_hotel_reservation_system
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2020-11011
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-9.9||CRITICAL
EPSS-1.87% / 76.81%
||
7 Day CHG~0.00%
Published-22 Apr, 2020 | 16:15
Updated-04 Aug, 2024 | 11:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
RCE via file upload in Phproject

In Phproject before version 1.7.8, there's a vulnerability which allows users with access to file uploads to execute arbitrary code. This is patched in version 1.7.8.

Action-Not Available
Vendor-Phproject (Alan Hardman-Alanaktion)
Product-phprojectPhproject
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2020-0932
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-31.21% / 98.05%
||
7 Day CHG~0.00%
Published-15 Apr, 2020 | 15:12
Updated-04 Aug, 2024 | 06:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0920, CVE-2020-0929, CVE-2020-0931, CVE-2020-0971, CVE-2020-0974.

Action-Not Available
Vendor-Microsoft Corporation
Product-sharepoint_serversharepoint_foundationsharepoint_enterprise_serverMicrosoft SharePoint ServerMicrosoft SharePoint Enterprise ServerMicrosoft SharePoint Foundation
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-2671
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.29% / 21.13%
||
7 Day CHG~0.00%
Published-23 Mar, 2025 | 22:00
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Yue Lao Blind Box 月老盲盒 Upload.php base64image unrestricted upload

A vulnerability was found in Yue Lao Blind Box 月老盲盒 up to 4.0. It has been declared as critical. This vulnerability affects the function base64image of the file /app/controller/Upload.php. The manipulation of the argument data leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-Yue Lao
Product-Blind Box 月老盲盒
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2020-1024
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-10.41% / 95.18%
||
7 Day CHG~0.00%
Published-21 May, 2020 | 22:52
Updated-04 Aug, 2024 | 06:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1023, CVE-2020-1102.

Action-Not Available
Vendor-Microsoft Corporation
Product-sharepoint_serversharepoint_foundationsharepoint_enterprise_serverMicrosoft SharePoint ServerMicrosoft SharePoint Enterprise ServerMicrosoft SharePoint Foundation
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2020-0971
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-13.18% / 95.90%
||
7 Day CHG~0.00%
Published-15 Apr, 2020 | 15:13
Updated-04 Aug, 2024 | 06:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0920, CVE-2020-0929, CVE-2020-0931, CVE-2020-0932, CVE-2020-0974.

Action-Not Available
Vendor-Microsoft Corporation
Product-sharepoint_serversharepoint_foundationsharepoint_enterprise_serverMicrosoft SharePoint ServerMicrosoft SharePoint Enterprise ServerMicrosoft SharePoint Foundation
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2020-1023
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-10.41% / 95.18%
||
7 Day CHG~0.00%
Published-21 May, 2020 | 22:52
Updated-04 Aug, 2024 | 06:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1024, CVE-2020-1102.

Action-Not Available
Vendor-Microsoft Corporation
Product-sharepoint_serversharepoint_foundationsharepoint_enterprise_serverMicrosoft SharePoint ServerMicrosoft SharePoint Enterprise ServerMicrosoft SharePoint Foundation
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2020-0931
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-10.70% / 95.27%
||
7 Day CHG~0.00%
Published-15 Apr, 2020 | 15:12
Updated-04 Aug, 2024 | 06:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0920, CVE-2020-0929, CVE-2020-0932, CVE-2020-0971, CVE-2020-0974.

Action-Not Available
Vendor-Microsoft Corporation
Product-sharepoint_serverbusiness_productivity_serverssharepoint_foundationsharepoint_enterprise_serverMicrosoft SharePoint ServerMicrosoft SharePoint Enterprise ServerMicrosoft Business Productivity ServersMicrosoft SharePoint Foundation
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2020-10228
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-2.88% / 85.17%
||
7 Day CHG~0.00%
Published-14 Sep, 2020 | 19:56
Updated-04 Aug, 2024 | 10:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A file upload vulnerability in vtecrm vtenext 19 CE allows authenticated users to upload files with a .pht extension, resulting in remote code execution.

Action-Not Available
Vendor-vtenextn/a
Product-vtenextn/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2026-3800
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.30% / 21.64%
||
7 Day CHG~0.00%
Published-09 Mar, 2026 | 03:32
Updated-10 Mar, 2026 | 16:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester/janobe Resort Reservation System controller.php doInsert unrestricted upload

A vulnerability has been found in SourceCodester/janobe Resort Reservation System 1.0. Affected is the function doInsert of the file /controller.php?action=add. Such manipulation of the argument image leads to unrestricted upload. The attack can be executed remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-oretnom23janobeSourceCodester
Product-resort_reservation_systemResort Reservation System
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2020-0974
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-10.70% / 95.27%
||
7 Day CHG~0.00%
Published-15 Apr, 2020 | 15:13
Updated-04 Aug, 2024 | 06:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0920, CVE-2020-0929, CVE-2020-0931, CVE-2020-0932, CVE-2020-0971.

Action-Not Available
Vendor-Microsoft Corporation
Product-sharepoint_serversharepoint_enterprise_serverMicrosoft SharePoint ServerMicrosoft SharePoint Enterprise Server
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2020-10386
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-12.34% / 95.70%
||
7 Day CHG~0.00%
Published-12 Mar, 2020 | 13:00
Updated-04 Aug, 2024 | 10:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

admin/imagepaster/image-upload.php in Chadha PHPKB Standard Multi-Language 9 allows remote attackers to achieve Code Execution by uploading a .php file in the admin/js/ directory.

Action-Not Available
Vendor-chadhaajayn/a
Product-phpkbn/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2020-0920
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-10.41% / 95.18%
||
7 Day CHG~0.00%
Published-15 Apr, 2020 | 15:12
Updated-04 Aug, 2024 | 06:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0929, CVE-2020-0931, CVE-2020-0932, CVE-2020-0971, CVE-2020-0974.

Action-Not Available
Vendor-Microsoft Corporation
Product-sharepoint_serversharepoint_foundationsharepoint_enterprise_serverMicrosoft SharePoint ServerMicrosoft SharePoint Enterprise ServerMicrosoft SharePoint Foundation
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2023-7054
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.5||MEDIUM
EPSS-0.51% / 39.85%
||
7 Day CHG~0.00%
Published-22 Dec, 2023 | 02:00
Updated-02 Aug, 2024 | 08:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PHPGurukul Online Notes Sharing System add-notes.php unrestricted upload

A vulnerability was found in PHPGurukul Online Notes Sharing System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /user/add-notes.php. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-248741 was assigned to this vulnerability.

Action-Not Available
Vendor-PHPGurukul LLP
Product-online_notes_sharing_systemOnline Notes Sharing System
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-6850
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.84% / 53.42%
||
7 Day CHG~0.00%
Published-16 Dec, 2023 | 08:31
Updated-07 Oct, 2024 | 14:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
kalcaddle KodExplorer API Endpoint unrestricted upload

A vulnerability was found in kalcaddle KodExplorer up to 4.51.03. It has been declared as critical. This vulnerability affects unknown code of the file /index.php?pluginApp/to/yzOffice/getFile of the component API Endpoint Handler. The manipulation of the argument path/file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.52.01 is able to address this issue. The patch is identified as 5cf233f7556b442100cf67b5e92d57ceabb126c6. It is recommended to upgrade the affected component. VDB-248218 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-kodcloudkalcaddle
Product-kodexplorerKodExplorer
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2026-3748
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.48% / 38.08%
||
7 Day CHG~0.00%
Published-08 Mar, 2026 | 16:02
Updated-11 Mar, 2026 | 19:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Bytedesk SVG File UploadRestController.java uploadFile unrestricted upload

A security flaw has been discovered in Bytedesk up to 1.3.9. This affects the function uploadFile of the file source-code/src/main/java/com/bytedesk/core/upload/UploadRestController.java of the component SVG File Handler. Performing a manipulation results in unrestricted upload. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks. Upgrading to version 1.4.5.1 is able to mitigate this issue. The patch is named 975e39e4dd527596987559f56c5f9f973f64eff7. Upgrading the affected component is recommended.

Action-Not Available
Vendor-bytedeskn/a
Product-bytedeskBytedesk
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2023-7147
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.60% / 44.41%
||
7 Day CHG~0.00%
Published-29 Dec, 2023 | 02:31
Updated-02 Aug, 2024 | 08:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
gopeak MasterLab User.php base64ImageContent unrestricted upload

A vulnerability, which was classified as critical, was found in gopeak MasterLab up to 3.3.10. Affected is the function base64ImageContent of the file app/ctrl/User.php. The manipulation of the argument image leads to unrestricted upload. It is possible to launch the attack remotely. VDB-249150 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-masterlabgopeak
Product-masterlabMasterLab
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2026-3749
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.42% / 34.01%
||
7 Day CHG~0.00%
Published-08 Mar, 2026 | 16:02
Updated-11 Mar, 2026 | 19:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Bytedesk SVG File UploadRestService.java handleFileUpload unrestricted upload

A weakness has been identified in Bytedesk up to 1.3.9. This vulnerability affects the function handleFileUpload of the file source-code/src/main/java/com/bytedesk/core/upload/UploadRestService.java of the component SVG File Handler. Executing a manipulation can lead to unrestricted upload. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks. Upgrading to version 1.4.5.1 is able to resolve this issue. This patch is called 975e39e4dd527596987559f56c5f9f973f64eff7. It is recommended to upgrade the affected component.

Action-Not Available
Vendor-bytedeskn/a
Product-bytedeskBytedesk
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-2607
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.37% / 28.66%
||
7 Day CHG~0.00%
Published-21 Mar, 2025 | 21:00
Updated-01 Apr, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
phplaozhang LzCMS-LaoZhangBoKeXiTong HTTP POST Request upimage.html unrestricted upload

A vulnerability was found in phplaozhang LzCMS-LaoZhangBoKeXiTong up to 1.1.4. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/upload/upimage.html of the component HTTP POST Request Handler. The manipulation of the argument File leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-phplaozhangphplaozhang
Product-lzcms-laozhangbokexitongLzCMS-LaoZhangBoKeXiTong
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2019-9612
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-2.70% / 84.09%
||
7 Day CHG~0.00%
Published-06 Mar, 2019 | 22:00
Updated-16 Sep, 2024 | 23:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider (for example) file.jsp::$DATA to the admin/comn/service/upload URI.

Action-Not Available
Vendor-ofcms_projectn/a
Product-ofcmsn/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-0192
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.51% / 39.85%
||
7 Day CHG~0.00%
Published-02 Jan, 2024 | 20:00
Updated-17 Jun, 2025 | 20:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
RRJ Nueva Ecija Engineer Online Portal Add Downloadable downloadable.php unrestricted upload

A vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file downloadable.php of the component Add Downloadable. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249505 was assigned to this vulnerability.

Action-Not Available
Vendor-niaRRJ
Product-rrj_nueva_ecija_engineer_online_portalNueva Ecija Engineer Online Portal
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2026-3797
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.36% / 27.50%
||
7 Day CHG~0.00%
Published-09 Mar, 2026 | 02:32
Updated-10 Mar, 2026 | 20:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tiandy Video Surveillance System 视频监控平台 CLS_REST_File.java uploadFile unrestricted upload

A security vulnerability has been detected in Tiandy Video Surveillance System 视频监控平台 7.17.0. The impacted element is the function uploadFile of the file /src/com/tiandy/easy7/core/rest/CLS_REST_File.java. The manipulation of the argument fileName leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-tiandyTiandy
Product-video_surveillance_system_firmwarevideo_surveillance_systemVideo Surveillance System 视频监控平台
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2019-9608
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-2.70% / 84.09%
||
7 Day CHG~0.00%
Published-06 Mar, 2019 | 22:00
Updated-16 Sep, 2024 | 17:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider (for example) file.jsp::$DATA to the admin/ueditor/uploadImage URI.

Action-Not Available
Vendor-ofcms_projectn/a
Product-ofcmsn/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • ...
  • 17
  • 18
  • Next
Details not found