The media rename feature in GeniXCMS through 0.0.8 does not consider alternative PHP file extensions when checking uploaded files for PHP content, which enables a user to rename and execute files with the `.php6`, `.php7` and `.phtml` extensions.
Unrestricted Upload of File with Dangerous Type in GitHub repository fossbilling/fossbilling prior to 0.5.3.
Unrestricted upload of file with dangerous type vulnerability in create template function in EasyUse MailHunter Ultimate 2023 and earlier allows remote authenticated users to perform arbitrary system commands with ‘NT Authority\SYSTEM‘ privilege via a crafted ZIP archive.
A vulnerability has been found in SourceCodester Shopping Website 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file insert-product.php. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-232951.
A vulnerability was found in SmartWeb Infotech Job Board 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /settings/account of the component My Profile Page. The manipulation of the argument filename leads to unrestricted upload. The attack may be launched remotely. The identifier of this vulnerability is VDB-232952. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
A vulnerability was identified in Acrel Environmental Monitoring Cloud Platform up to 20250804. This affects an unknown part of the file /NewsManage/UploadNewsImg. The manipulation of the argument File leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
A vulnerability was found in code-projects Voting System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/candidates_add.php. The manipulation of the argument photo leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
VCM5010 with software versions earlier before V100R002C50SPC100 has an arbitrary file upload vulnerability. The software does not validate the files that uploaded. An authenticated attacker could upload arbitrary files to the system.
Vulnerability in SonicWall GMS and Analytics allows an authenticated attacker to upload files on the underlying filesystem with root privileges. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.
PHPFusion 9.03.110 is affected by a remote code execution vulnerability. The theme function will extract a file to "webroot/themes/{Theme Folder], where an attacker can access and execute arbitrary code.
A vulnerability was identified in GreenCMS up to 2.3.0603. This affects an unknown part of the file /index.php?m=admin&c=media&a=fileconnect. The manipulation of the argument upload[] leads to unrestricted upload. The attack is possible to be carried out remotely. The exploit is publicly available and might be used. This vulnerability only affects products that are no longer supported by the maintainer.
The Catch Themes Demo Import WordPress plugin is vulnerable to arbitrary file uploads via the import functionality found in the ~/inc/CatchThemesDemoImport.php file, in versions up to and including 1.7, due to insufficient file type validation. This makes it possible for an attacker with administrative privileges to upload malicious files that can be used to achieve remote code execution.
The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) for WordPress is vulnerable to arbitrary file uploads due to missing file type validation of files in the file manager functionality in versions up to, and including, 1.5.66 . This makes it possible for authenticated attackers, with contributor-level permissions and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. The issue was partially patched in version 1.5.66 and fully patched in 1.5.67. CVE-2023-31231 appears to be a duplicate of this issue.
Unrestricted Upload of File with Dangerous Type vulnerability in WooCommerce AutomateWoo.This issue affects AutomateWoo: from n/a through 4.9.40.
RemoteClinic 2.0 contains a critical vulnerability chain that can be exploited by a remote attacker with low-privileged user credentials to create admin users, escalate privileges, and execute arbitrary code on the target system via a PHP shell. The vulnerabilities are caused by a lack of input validation and access control in the staff/register.php endpoint and the edit-my-profile.php page. By sending a series of specially crafted requests to the RemoteClinic application, an attacker can create admin users with more privileges than their own, upload a PHP file containing arbitrary code, and execute arbitrary commands via the PHP shell.
S-Cart v6.4.1 and below was discovered to contain an arbitrary file upload vulnerability in the Editor module on the Admin panel. This vulnerability allows attackers to execute arbitrary code via a crafted IMG file.
alist <=3.16.3 is vulnerable to Incorrect Access Control. Low privilege accounts can upload any file.
A file upload vulnerability in EliteCMS v1.01 allows a remote attacker to execute arbitrary code via the manage_uploads.php component.
ReviewBoard 1.6.17 allows code execution by attaching PHP scripts to review request
firefly-iii is vulnerable to Unrestricted Upload of File with Dangerous Type
A vulnerability, which was classified as critical, has been found in zhousg letao up to 7d8df0386a65228476290949e0413de48f7fbe98. This issue affects some unknown processing of the file routes\bf\product.js. The manipulation of the argument pictrdtz leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available.
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. A user is only affected if using the version out of the box with JDK 1.7u21 or below. However, this scenario can be adjusted easily to an external Xalan that works regardless of the version of the Java runtime. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose.
A vulnerability was found in Exrick xboot up to 3.3.4. It has been declared as critical. This vulnerability affects the function Upload of the file xboot-fast/src/main/java/cn/exrick/xboot/modules/base/controller/common/UploadController.java. The manipulation of the argument File leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Vanguard Marketplace Digital Products PHP 1.4 allows arbitrary file upload via an "Add a new product" or "Add a product preview" action, which can make a .php file accessible under a uploads/ URI.
Sitecore through 10.1, when Update Center is enabled, allows remote authenticated users to upload arbitrary files and achieve remote code execution by visiting an uploaded .aspx file at an admin/Packages URL.
PHP Scripts Mall Muslim Matrimonial Script allows arbitrary file upload via admin/mydetails_edit.php.
A remote arbitrary file upload vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to 5.0.5.1.
A vulnerability, which was classified as critical, has been found in code-projects Document Management System 1.0. This issue affects some unknown processing of the file /insert.php. The manipulation of the argument uploaded_file leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Improper input validation vulnerability in SYNOPHOTO_Flickr_MultiUpload in Synology Photo Station before 6.8.3-3463 and before 6.3-2971 allows remote authenticated users to execute arbitrary codes via the prog_id parameter.
vTiger CRM 5.3 and 5.4: 'files' Upload Folder Arbitrary PHP Code Execution Vulnerability
A vulnerability, which was classified as critical, has been found in PHPGurukul Teachers Record Management System 1.0. Affected by this issue is some unknown functionality of the file /changeimage.php of the component Profile Picture Handler. The manipulation of the argument newpic leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-231176.
Improper input validation vulnerability in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to Ver.2.10.50, and Ver.2.9.0 and earlier allows a remote authenticated attacker to execute arbitrary code by uploading a specially crafted SVG file.
October CMS through 1.0.428 does not prevent use of .htaccess in themes, which allows remote authenticated users to execute arbitrary PHP code by downloading a theme ZIP archive from /backend/cms/themes, and then uploading and importing a modified archive with two new files: a .php file and a .htaccess file. NOTE: the vendor says "I don't think [an attacker able to login to the system under an account that has access to manage/upload themes] is a threat model that we need to be considering.
Unrestricted Upload of File with Dangerous Type vulnerability in Unlimited Elements Unlimited Elements For Elementor (Free Widgets, Addons, Templates) allows Upload a Web Shell to a Web Server.This issue affects Unlimited Elements For Elementor (Free Widgets, Addons, Templates): from n/a through 1.5.60.
In WordPress Plugin User Photo 0.9.4, when a photo is uploaded, it is only partially validated and it is possible to upload a backdoor on the server hosting WordPress. This backdoor can be called (executed) even if the photo has not been yet approved.
Nucleus CMS v3.71 is affected by a file upload vulnerability. In this vulnerability, we can use upload to change the upload path to the path without the Htaccess file. Upload an Htaccess file and write it to AddType application / x-httpd-php.jpg. In this way, an attacker can upload a picture with shell, treat it as PHP, execute commands, so as to take down website resources.
Online Student Admission System 1.0 is affected by an insecure file upload vulnerability. A low privileged user can upload malicious PHP files by updating their profile image to gain remote code execution.
NCH IVM Attendant v5.12 and earlier suffers from a directory traversal weakness upon uploading plugins in a ZIP archive. This can lead to code execution if a ZIP element's pathname is set to a Windows startup folder, a file for the inbuilt Out-Going Message function, or a file for the the inbuilt Autodial function.
A vulnerability has been found in linlinjava litemall up to 1.8.0. This vulnerability affects the function create of the file litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminStorageController.java of the component Endpoint. The manipulation of the argument File leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
An arbitrary file upload vulnerability in Serendipity 2.4-beta1 allows attackers to execute arbitrary code via a crafted HTML or Javascript file.
The files_antivirus component before 1.0.0 for ownCloud mishandles the protection mechanism by which malicious files (that have been uploaded to a public share) are supposed to be deleted upon detection.
A vulnerability was found in code-projects Agro-School Management System 1.0 and classified as critical. This issue affects some unknown processing of the file btn_functions.php of the component Attachment Image Handler. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-230567.
An issue was discovered on Wifi-soft UniBox controller 0.x through 2.x devices. network/mesh/edit-nds.php is vulnerable to arbitrary file upload, allowing an attacker to upload .php files and execute code on the server with root user privileges. Authentication for accessing this component can be bypassed by using Hard coded credentials.
An Arbitrary File Upload vulnerability exists in Microweber 1.1.3 that allows attackers to getshell via the Settings Upload Picture section by uploading pictures with malicious code, user.ini.
IBM Intelligent Operations Center (IOC) 5.1.0 through 5.2.0 does not properly validate file types, allowing an attacker to upload malicious content. IBM X-Force ID: 157014.
PineApp - Mail Secure - The attacker must be logged in as a user to the Pineapp system. The attacker exploits the vulnerable nicUpload.php file to upload a malicious file,Thus taking over the server and running remote code.
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability in the API File Option Upload Extension. An attacker with Admin privileges can achieve unrestricted file upload which can result in remote code execution.
The Admin Upload Image functionality in Joomla! before 1.0.11 allows remote authenticated users to upload files outside of the /images/stories/ directory via unspecified vectors.
Web Viewer 1.0.0.193 on Samsung SRN-1670D devices suffers from an Unrestricted file upload vulnerability: 'network_ssl_upload.php' allows remote authenticated attackers to upload and execute arbitrary PHP code via a filename with a .php extension, which is then accessed via a direct request to the file in the upload/ directory. To authenticate for this attack, one can obtain web-interface credentials in cleartext by leveraging the existing Local File Read Vulnerability referenced as CVE-2015-8279, which allows remote attackers to read the web-interface credentials via a request for the cslog_export.php?path=/root/php_modules/lighttpd/sbin/userpw URI.
IBM Maximo Asset Management 7.5 and 7.6 could allow a remote attacker to include arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable Web server. IBM X-Force ID: 129106.