Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2019-7268

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-02 Jul, 2019 | 16:43
Updated At-04 Aug, 2024 | 20:46
Rejected At-
Credits

Linear eMerge 50P/5000P devices allow Unauthenticated File Upload.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:02 Jul, 2019 | 16:43
Updated At:04 Aug, 2024 | 20:46
Rejected At:
▼CVE Numbering Authority (CNA)

Linear eMerge 50P/5000P devices allow Unauthenticated File Upload.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://applied-risk.com/labs/advisories
x_refsource_MISC
https://www.applied-risk.com/resources/ar-2019-006
x_refsource_MISC
http://packetstormsecurity.com/files/155250/Linear-eMerge50P-5000P-4.6.07-Remote-Code-Execution.html
x_refsource_MISC
https://www.us-cert.gov/ics/advisories/icsa-20-184-01
x_refsource_MISC
Hyperlink: https://applied-risk.com/labs/advisories
Resource:
x_refsource_MISC
Hyperlink: https://www.applied-risk.com/resources/ar-2019-006
Resource:
x_refsource_MISC
Hyperlink: http://packetstormsecurity.com/files/155250/Linear-eMerge50P-5000P-4.6.07-Remote-Code-Execution.html
Resource:
x_refsource_MISC
Hyperlink: https://www.us-cert.gov/ics/advisories/icsa-20-184-01
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://applied-risk.com/labs/advisories
x_refsource_MISC
x_transferred
https://www.applied-risk.com/resources/ar-2019-006
x_refsource_MISC
x_transferred
http://packetstormsecurity.com/files/155250/Linear-eMerge50P-5000P-4.6.07-Remote-Code-Execution.html
x_refsource_MISC
x_transferred
https://www.us-cert.gov/ics/advisories/icsa-20-184-01
x_refsource_MISC
x_transferred
Hyperlink: https://applied-risk.com/labs/advisories
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://www.applied-risk.com/resources/ar-2019-006
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://packetstormsecurity.com/files/155250/Linear-eMerge50P-5000P-4.6.07-Remote-Code-Execution.html
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://www.us-cert.gov/ics/advisories/icsa-20-184-01
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:02 Jul, 2019 | 17:15
Updated At:13 Oct, 2022 | 19:52

Linear eMerge 50P/5000P devices allow Unauthenticated File Upload.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.110.0CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Primary2.010.0HIGH
AV:N/AC:L/Au:N/C:C/I:C/A:C
Type: Primary
Version: 3.1
Base score: 10.0
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 10.0
Base severity: HIGH
Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C
CPE Matches
nortekcontrol
nortekcontrol
>>linear_emerge_50p_firmware>>Versions up to 4.6.07(inclusive)
cpe:2.3:o:nortekcontrol:linear_emerge_50p_firmware:*:*:*:*:*:*:*:*
nortekcontrol
nortekcontrol
>>linear_emerge_50p>>-
cpe:2.3:h:nortekcontrol:linear_emerge_50p:-:*:*:*:*:*:*:*
nortekcontrol
nortekcontrol
>>linear_emerge_5000p_firmware>>Versions up to 4.6.07(inclusive)
cpe:2.3:o:nortekcontrol:linear_emerge_5000p_firmware:*:*:*:*:*:*:*:*
nortekcontrol
nortekcontrol
>>linear_emerge_5000p>>-
cpe:2.3:h:nortekcontrol:linear_emerge_5000p:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-434Primarynvd@nist.gov
CWE ID: CWE-434
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://packetstormsecurity.com/files/155250/Linear-eMerge50P-5000P-4.6.07-Remote-Code-Execution.htmlcve@mitre.org
Exploit
Third Party Advisory
VDB Entry
https://applied-risk.com/labs/advisoriescve@mitre.org
Broken Link
Not Applicable
Third Party Advisory
https://www.applied-risk.com/resources/ar-2019-006cve@mitre.org
Third Party Advisory
https://www.us-cert.gov/ics/advisories/icsa-20-184-01cve@mitre.org
Third Party Advisory
US Government Resource
Hyperlink: http://packetstormsecurity.com/files/155250/Linear-eMerge50P-5000P-4.6.07-Remote-Code-Execution.html
Source: cve@mitre.org
Resource:
Exploit
Third Party Advisory
VDB Entry
Hyperlink: https://applied-risk.com/labs/advisories
Source: cve@mitre.org
Resource:
Broken Link
Not Applicable
Third Party Advisory
Hyperlink: https://www.applied-risk.com/resources/ar-2019-006
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: https://www.us-cert.gov/ics/advisories/icsa-20-184-01
Source: cve@mitre.org
Resource:
Third Party Advisory
US Government Resource

Change History

0
Information is not available yet

Similar CVEs

175Records found
CVE-2024-51789
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.39% / 59.31%
||
7 Day CHG+0.03%
Published-11 Nov, 2024 | 05:57
Updated-12 Nov, 2024 | 17:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Image Classify plugin <= 1.0.0 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in UjW0L Image Classify allows Upload a Web Shell to a Web Server.This issue affects Image Classify: from n/a through 1.0.0.

Action-Not Available
Vendor-UjW0Lujwol
Product-Image Classifyimage_classify
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-51790
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.39% / 59.31%
||
7 Day CHG+0.03%
Published-11 Nov, 2024 | 05:55
Updated-12 Nov, 2024 | 17:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress HB AUDIO GALLERY plugin <= 3.0 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Team HB WEBSOL HB AUDIO GALLERY allows Upload a Web Shell to a Web Server.This issue affects HB AUDIO GALLERY: from n/a through 3.0.

Action-Not Available
Vendor-Team HB WEBSOLteam_hb_websol
Product-HB AUDIO GALLERYhb_audio_gallery
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-51791
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.54% / 66.75%
||
7 Day CHG+0.04%
Published-11 Nov, 2024 | 05:54
Updated-12 Nov, 2024 | 18:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Forms plugin <= 2.8.0 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Made I.T. Forms allows Upload a Web Shell to a Web Server.This issue affects Forms: from n/a through 2.8.0.

Action-Not Available
Vendor-Made I.T.madeit
Product-Formsforms
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-51788
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-60.75% / 98.23%
||
7 Day CHG~0.00%
Published-11 Nov, 2024 | 05:59
Updated-12 Nov, 2024 | 17:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress The Novel Design Store Directory plugin <= 4.3.0 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Joshua Wolfe The Novel Design Store Directory allows Upload a Web Shell to a Web Server.This issue affects The Novel Design Store Directory: from n/a through 4.3.0.

Action-Not Available
Vendor-Joshua Wolfejoshua_wolfe
Product-The Novel Design Store Directorythe_novel_design_store_directory
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-50510
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-24.00% / 95.82%
||
7 Day CHG+0.94%
Published-30 Oct, 2024 | 07:54
Updated-01 Nov, 2024 | 12:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress AR For Woocommerce plugin <= 6.2 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Web and Print Design AR For Woocommerce allows Upload a Web Shell to a Web Server.This issue affects AR For Woocommerce: from n/a through 6.2.

Action-Not Available
Vendor-Web and Print Design
Product-AR For Woocommerce
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-50420
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.64% / 69.60%
||
7 Day CHG+0.09%
Published-29 Oct, 2024 | 08:32
Updated-29 Oct, 2024 | 15:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress aDirectory plugin <= 1.3 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in adirectory aDirectory allows Upload a Web Shell to a Web Server.This issue affects aDirectory: from n/a through 1.3.

Action-Not Available
Vendor-adirectoryadirectory
Product-aDirectoryadirectory
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-50484
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.94% / 75.35%
||
7 Day CHG+0.14%
Published-29 Oct, 2024 | 07:56
Updated-29 Oct, 2024 | 18:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Multi Purpose Mail Form plugin <= 1.0.2 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in mahlamusa Multi Purpose Mail Form allows Upload a Web Shell to a Web Server.This issue affects Multi Purpose Mail Form: from n/a through 1.0.2.

Action-Not Available
Vendor-mahlamusamahlamusa
Product-Multi Purpose Mail Formmulti_purpose_mail_form
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-50493
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-35.56% / 96.94%
||
7 Day CHG+1.14%
Published-29 Oct, 2024 | 07:55
Updated-29 Oct, 2024 | 18:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Automatic Translation plugin <= 1.0.4 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in masterhomepage Automatic Translation allows Upload a Web Shell to a Web Server.This issue affects Automatic Translation: from n/a through 1.0.4.

Action-Not Available
Vendor-masterhomepagemasterhomepage
Product-Automatic Translationautomatic_translation
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-50527
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.39% / 59.31%
||
7 Day CHG~0.00%
Published-04 Nov, 2024 | 13:42
Updated-06 Nov, 2024 | 17:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Stacks Mobile App Builder plugin <= 5.2.3 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Stacks Stacks Mobile App Builder allows Upload a Web Shell to a Web Server.This issue affects Stacks Mobile App Builder: from n/a through 5.2.3.

Action-Not Available
Vendor-stacksmarketStacksstacks
Product-stacks_mobile_app_builderStacks Mobile App Builderstacks_mobile_app_builder
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-50496
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.50% / 65.00%
||
7 Day CHG+0.07%
Published-28 Oct, 2024 | 20:54
Updated-08 Nov, 2024 | 15:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress AR For WordPress plugin <= 6.2 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Web and Print Design AR For WordPress allows Upload a Web Shell to a Web Server.This issue affects AR For WordPress: from n/a through 6.2.

Action-Not Available
Vendor-webandprintWeb and Print Designwebandprintdesign
Product-arAR For WordPressar_for_wordpress
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-50495
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.50% / 65.00%
||
7 Day CHG+0.07%
Published-28 Oct, 2024 | 20:56
Updated-08 Nov, 2024 | 15:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Plugin Propagator plugin <= 0.1 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in WidgiLabs Plugin Propagator allows Upload a Web Shell to a Web Server.This issue affects Plugin Propagator: from n/a through 0.1.

Action-Not Available
Vendor-widgilabsWidgiLabswidgilabs
Product-plugin_propagatorPlugin Propagatorplugin_propagator
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-50473
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-35.56% / 96.94%
||
7 Day CHG+1.14%
Published-29 Oct, 2024 | 08:30
Updated-29 Oct, 2024 | 15:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Ajar in5 Embed plugin <= 3.1.3 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Ajar Productions Ajar in5 Embed allows Upload a Web Shell to a Web Server.This issue affects Ajar in5 Embed: from n/a through 3.1.3.

Action-Not Available
Vendor-Ajar Productions
Product-Ajar in5 Embedajar_in5_embed
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-50523
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.39% / 59.31%
||
7 Day CHG~0.00%
Published-04 Nov, 2024 | 13:46
Updated-06 Nov, 2024 | 15:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress All Post Contact Form plugin <= 1.7.3 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in RainbowLink Inc. All Post Contact Form allows Upload a Web Shell to a Web Server.This issue affects All Post Contact Form: from n/a through 1.7.3.

Action-Not Available
Vendor-rainbow-linkRainbowLink Inc.rainbowlink
Product-all_post_contact_formAll Post Contact Formall_post_contact_form
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-50526
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.92% / 75.01%
||
7 Day CHG~0.00%
Published-04 Nov, 2024 | 13:43
Updated-06 Nov, 2024 | 17:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Multi Purpose Mail Form plugin <= 1.0.2 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in mahlamusa Multi Purpose Mail Form allows Upload a Web Shell to a Web Server.This issue affects Multi Purpose Mail Form: from n/a through 1.0.2.

Action-Not Available
Vendor-lindenimahlamusamahlamusa
Product-multi_purpose_mail_formMulti Purpose Mail Formmulti_purpose_mail_form
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-50531
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.39% / 59.31%
||
7 Day CHG~0.00%
Published-04 Nov, 2024 | 13:39
Updated-06 Nov, 2024 | 16:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress RSVPMaker for Toastmasters plugin <= 6.2.4 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in David F. Carr RSVPMaker for Toastmasters allows Upload a Web Shell to a Web Server.This issue affects RSVPMaker for Toastmasters: from n/a through 6.2.4.

Action-Not Available
Vendor-carrcommunicationsDavid F. Carrdavidfcarr
Product-rsvpmakerRSVPMaker for Toastmastersrsvpmarker
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-49291
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.50% / 65.00%
||
7 Day CHG~0.00%
Published-17 Oct, 2024 | 17:20
Updated-18 Oct, 2024 | 12:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Cooked Pro plugin < 1.8.0 - Unauthenticated Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Gora Tech LLC Cooked Pro.This issue affects Cooked Pro: from n/a before 1.8.0.

Action-Not Available
Vendor-Gora Tech LLCboxystudio
Product-Cooked Procooked
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-49611
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.50% / 65.00%
||
7 Day CHG~0.00%
Published-20 Oct, 2024 | 07:59
Updated-23 Oct, 2024 | 15:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Product Website Showcase plugin <= 1.0 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Paxman Product Website Showcase allows Upload a Web Shell to a Web Server.This issue affects Product Website Showcase: from n/a through 1.0.

Action-Not Available
Vendor-paxmanPaxmanpaxman
Product-product_website_showcaseProduct Website Showcaseproduct_website_showcase
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-49257
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.50% / 65.00%
||
7 Day CHG~0.00%
Published-16 Oct, 2024 | 12:56
Updated-16 Oct, 2024 | 16:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Azz Anonim Posting plugin <= 0.9 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Denis Azz Anonim Posting allows Upload a Web Shell to a Web Server.This issue affects Azz Anonim Posting: from n/a through 0.9.

Action-Not Available
Vendor-Denisdenis
Product-Azz Anonim Postingazz_anonim_posting
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-49326
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.46% / 63.13%
||
7 Day CHG~0.00%
Published-20 Oct, 2024 | 08:50
Updated-24 Oct, 2024 | 16:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Affiliator plugin <= 2.1.3 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Vasilis Kerasiotis Affiliator allows Upload a Web Shell to a Web Server.This issue affects Affiliator: from n/a through 2.1.3.

Action-Not Available
Vendor-vasiliskerasiotisVasilis Kerasiotisvasiliskerasiotis
Product-affiliatorAffiliatoraffiliator
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-49668
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-61.80% / 98.27%
||
7 Day CHG~0.00%
Published-23 Oct, 2024 | 15:36
Updated-25 Oct, 2024 | 12:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Verbalize WP plugin <= 1.0 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Admin Verbalize WP Upload a Web Shell to a Web Server.This issue affects Verbalize WP: from n/a through 1.0.

Action-Not Available
Vendor-Adminadmin
Product-Verbalize WPverbalize
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-49324
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.46% / 63.13%
||
7 Day CHG~0.00%
Published-20 Oct, 2024 | 08:51
Updated-24 Oct, 2024 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Sovratec Case Management plugin <= 1.0.0 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Sovratec Sovratec Case Management allows Upload a Web Shell to a Web Server.This issue affects Sovratec Case Management: from n/a through 1.0.0.

Action-Not Available
Vendor-sovratecSovratecsovratec
Product-sovratec_case_managementSovratec Case Managementcase_management
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-49327
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.50% / 65.00%
||
7 Day CHG~0.00%
Published-20 Oct, 2024 | 08:48
Updated-24 Oct, 2024 | 16:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Woostagram Connect plugin <= 1.0.2 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Asep Bagja Priandana Woostagram Connect allows Upload a Web Shell to a Web Server.This issue affects Woostagram Connect: from n/a through 1.0.2.

Action-Not Available
Vendor-asepbagjapriandanaAsep Bagja Priandanaasepbagjapriandana
Product-woostagram_connectWoostagram Connectwoostagram_connect
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-49610
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.46% / 63.13%
||
7 Day CHG~0.00%
Published-20 Oct, 2024 | 08:38
Updated-24 Oct, 2024 | 15:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress photokit plugin <= 1.0 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Jack Zhu allows Upload a Web Shell to a Web Server.This issue affects photokit: from n/a through 1.0.

Action-Not Available
Vendor-jackzhuJack Zhujack_zhu
Product-photokitphotokitphotokit
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-49607
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-27.05% / 96.19%
||
7 Day CHG+5.25%
Published-20 Oct, 2024 | 08:40
Updated-24 Oct, 2024 | 15:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Dropbox Dropins plugin <= 1.0 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Redwan Hilali WP Dropbox Dropins allows Upload a Web Shell to a Web Server.This issue affects WP Dropbox Dropins: from n/a through 1.0.

Action-Not Available
Vendor-redwanhilaliRedwan Hilaliredwan_hilali
Product-wp_dropbox_dropinsWP Dropbox Dropinswp_dropbox_dropins
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2021-3120
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-12.25% / 93.60%
||
7 Day CHG~0.00%
Published-22 Feb, 2021 | 14:24
Updated-03 Aug, 2024 | 16:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An arbitrary file upload vulnerability in the YITH WooCommerce Gift Cards Premium plugin before 3.3.1 for WordPress allows remote attackers to achieve remote code execution on the operating system in the security context of the web server. In order to exploit this vulnerability, an attacker must be able to place a valid Gift Card product into the shopping cart. An uploaded file is placed at a predetermined path on the web server with a user-specified filename and extension. This occurs because the ywgc-upload-picture parameter can have a .php value even though the intention was to only allow uploads of Gift Card images.

Action-Not Available
Vendor-n/aYour Inspiration Solutions S.L.U. (YITH) (YITHEMES)
Product-yith_woocommerce_gift_cardsn/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
  • Previous
  • 1
  • 2
  • 3
  • 4
  • Next
Details not found