Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2021-27513

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-21 Feb, 2021 | 23:05
Updated At-03 Aug, 2024 | 21:26
Rejected At-
Credits

The module admin_ITSM in EyesOfNetwork 5.3-10 allows remote authenticated users to upload arbitrary .xml.php files because it relies on "le filtre userside."

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:21 Feb, 2021 | 23:05
Updated At:03 Aug, 2024 | 21:26
Rejected At:
▼CVE Numbering Authority (CNA)

The module admin_ITSM in EyesOfNetwork 5.3-10 allows remote authenticated users to upload arbitrary .xml.php files because it relies on "le filtre userside."

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://github.com/ArianeBlow/exploit-eyesofnetwork5.3.10/blob/main/PoC-BruteForceID-arbitraty-file-upload-RCE-PrivEsc.py
x_refsource_MISC
https://github.com/EyesOfNetworkCommunity/eonweb/issues/87
x_refsource_MISC
Hyperlink: https://github.com/ArianeBlow/exploit-eyesofnetwork5.3.10/blob/main/PoC-BruteForceID-arbitraty-file-upload-RCE-PrivEsc.py
Resource:
x_refsource_MISC
Hyperlink: https://github.com/EyesOfNetworkCommunity/eonweb/issues/87
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://github.com/ArianeBlow/exploit-eyesofnetwork5.3.10/blob/main/PoC-BruteForceID-arbitraty-file-upload-RCE-PrivEsc.py
x_refsource_MISC
x_transferred
https://github.com/EyesOfNetworkCommunity/eonweb/issues/87
x_refsource_MISC
x_transferred
Hyperlink: https://github.com/ArianeBlow/exploit-eyesofnetwork5.3.10/blob/main/PoC-BruteForceID-arbitraty-file-upload-RCE-PrivEsc.py
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://github.com/EyesOfNetworkCommunity/eonweb/issues/87
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:22 Feb, 2021 | 00:15
Updated At:26 Feb, 2021 | 19:58

The module admin_ITSM in EyesOfNetwork 5.3-10 allows remote authenticated users to upload arbitrary .xml.php files because it relies on "le filtre userside."

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.18.8HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary2.06.5MEDIUM
AV:N/AC:L/Au:S/C:P/I:P/A:P
Type: Primary
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 6.5
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:S/C:P/I:P/A:P
CPE Matches

eyesofnetwork
eyesofnetwork
>>eyesofnetwork>>5.3-10
cpe:2.3:a:eyesofnetwork:eyesofnetwork:5.3-10:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-434Primarynvd@nist.gov
CWE ID: CWE-434
Type: Primary
Source: nvd@nist.gov
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://github.com/ArianeBlow/exploit-eyesofnetwork5.3.10/blob/main/PoC-BruteForceID-arbitraty-file-upload-RCE-PrivEsc.pycve@mitre.org
Exploit
Third Party Advisory
https://github.com/EyesOfNetworkCommunity/eonweb/issues/87cve@mitre.org
Patch
Third Party Advisory
Hyperlink: https://github.com/ArianeBlow/exploit-eyesofnetwork5.3.10/blob/main/PoC-BruteForceID-arbitraty-file-upload-RCE-PrivEsc.py
Source: cve@mitre.org
Resource:
Exploit
Third Party Advisory
Hyperlink: https://github.com/EyesOfNetworkCommunity/eonweb/issues/87
Source: cve@mitre.org
Resource:
Patch
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

1398Records found

CVE-2019-14923
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-4.27% / 89.89%
||
7 Day CHG~0.00%
Published-16 Aug, 2019 | 12:22
Updated-05 Aug, 2024 | 00:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

EyesOfNetwork 5.1 allows Remote Command Execution via shell metacharacters in the module/tool_all/ host field.

Action-Not Available
Vendor-eyesofnetworkn/a
Product-eyesofnetworkn/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2017-16000
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-1.75% / 75.18%
||
7 Day CHG~0.00%
Published-29 Oct, 2017 | 17:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated administrators to execute arbitrary SQL commands via the graph parameter to module/capacity_per_label/index.php.

Action-Not Available
Vendor-eyesofnetworkn/a
Product-eyesofnetworkn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2017-15933
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-2.28% / 81.01%
||
7 Day CHG~0.00%
Published-27 Oct, 2017 | 19:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated administrators to execute arbitrary SQL commands via the host parameter to module/capacity_per_device/index.php.

Action-Not Available
Vendor-eyesofnetworkn/a
Product-eyesofnetworkn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2017-15880
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-1.94% / 77.69%
||
7 Day CHG~0.00%
Published-24 Oct, 2017 | 22:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated administrators to execute arbitrary SQL commands via the group_name parameter to module/admin_group/add_modify_group.php (for insert_group and update_group).

Action-Not Available
Vendor-eyesofnetworkn/a
Product-eyesofnetworkn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2017-14405
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-3.53% / 87.84%
||
7 Day CHG~0.00%
Published-13 Sep, 2017 | 03:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote command execution via shell metacharacters in a hosts_cacti array parameter to module/admin_device/index.php.

Action-Not Available
Vendor-eyesofnetworkn/a
Product-eyesofnetworkn/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2017-14119
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-2.40% / 81.97%
||
7 Day CHG~0.00%
Published-03 Sep, 2017 | 20:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In the EyesOfNetwork web interface (aka eonweb) 5.1-0, module\tool_all\tools\snmpwalk.php does not properly restrict popen calls, which allows remote attackers to execute arbitrary commands via shell metacharacters in a parameter.

Action-Not Available
Vendor-eyesofnetworkn/a
Product-eyesofnetworkn/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2017-14118
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-2.38% / 81.81%
||
7 Day CHG~0.00%
Published-03 Sep, 2017 | 20:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In the EyesOfNetwork web interface (aka eonweb) 5.1-0, module\tool_all\tools\interface.php does not properly restrict exec calls, which allows remote attackers to execute arbitrary commands via shell metacharacters in the host_list parameter to module/tool_all/select_tool.php.

Action-Not Available
Vendor-eyesofnetworkn/a
Product-eyesofnetworkn/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2021-33525
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-7.74% / 93.90%
||
7 Day CHG~0.00%
Published-24 May, 2021 | 19:48
Updated-03 Aug, 2024 | 23:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

EyesOfNetwork eonweb through 5.3-11 allows Remote Command Execution (by authenticated users) via shell metacharacters in the nagios_path parameter to lilac/export.php, as demonstrated by %26%26+curl to insert an "&& curl" substring for the shell.

Action-Not Available
Vendor-eyesofnetworkn/a
Product-eyesofnetworkn/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2020-8654
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-85.65% / 99.70%
||
7 Day CHG~0.00%
Published-06 Feb, 2020 | 23:55
Updated-04 Aug, 2024 | 10:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in EyesOfNetwork 5.3. An authenticated web user with sufficient privileges could abuse the AutoDiscovery module to run arbitrary OS commands via the /module/module_frame/index.php autodiscovery.php target field.

Action-Not Available
Vendor-eyesofnetworkn/a
Product-eyesofnetworkn/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2020-27887
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-1.74% / 75.03%
||
7 Day CHG~0.00%
Published-29 Oct, 2020 | 18:26
Updated-04 Aug, 2024 | 16:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in EyesOfNetwork 5.3 through 5.3-8. An authenticated web user with sufficient privileges could abuse the AutoDiscovery module to run arbitrary OS commands via the nmap_binary parameter to lilac/autodiscovery.php.

Action-Not Available
Vendor-eyesofnetworkn/a
Product-eyesofnetworkn/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-2671
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.29% / 21.12%
||
7 Day CHG~0.00%
Published-23 Mar, 2025 | 22:00
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Yue Lao Blind Box 月老盲盒 Upload.php base64image unrestricted upload

A vulnerability was found in Yue Lao Blind Box 月老盲盒 up to 4.0. It has been declared as critical. This vulnerability affects the function base64image of the file /app/controller/Upload.php. The manipulation of the argument data leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-Yue Lao
Product-Blind Box 月老盲盒
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-26411
Matching Score-4
Assigner-SEC Consult Vulnerability Lab
ShareView Details
Matching Score-4
Assigner-SEC Consult Vulnerability Lab
CVSS Score-8.8||HIGH
EPSS-0.65% / 46.58%
||
7 Day CHG~0.00%
Published-11 Feb, 2025 | 09:21
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Authenticated Arbitrary Python File Upload via Plugin Manager

An authenticated attacker is able to use the Plugin Manager of the web interface of the Wattsense Bridge devices to upload malicious Python files to the device. This enables an attacker to gain remote root access to the device. An attacker needs a valid user account on the Wattsense web interface to be able to conduct this attack. This issue is fixed in recent firmware versions BSP >= 6.1.0.

Action-Not Available
Vendor-Wattsense
Product-Wattsense Bridge
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2014-125104
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.74% / 50.23%
||
7 Day CHG~0.00%
Published-01 Jun, 2023 | 13:00
Updated-05 Mar, 2025 | 18:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
VaultPress Plugin MailPoet Plugin class.vaultpress-hotfixes.php protect_aioseo_ajax unrestricted upload

A vulnerability was found in VaultPress Plugin up to 1.6.0 on WordPress. It has been declared as critical. Affected by this vulnerability is the function protect_aioseo_ajax of the file class.vaultpress-hotfixes.php of the component MailPoet Plugin. The manipulation leads to unrestricted upload. The attack can be launched remotely. Upgrading to version 1.6.1 is able to address this issue. The patch is named e3b92b14edca6291c5f998d54c90cbe98a1fb0e3. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-230263.

Action-Not Available
Vendor-n/aAutomattic Inc.
Product-vaultpressVaultPress Plugin
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-2525
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-8.8||HIGH
EPSS-0.84% / 53.46%
||
7 Day CHG+0.06%
Published-08 Apr, 2025 | 01:44
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Streamit <= 4.0.1 - Authenticated (Subscriber+) Arbitrary File Upload

The Streamit theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'st_Authentication_Controller::edit_profile' function in all versions up to, and including, 4.0.1. This makes it possible for authenticated attackers, with subscriber-level and above permissions, to upload arbitrary files on the affected site's server which may make remote code execution possible.

Action-Not Available
Vendor-iqonicdesign
Product-Streamit
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-26350
Matching Score-4
Assigner-Nozomi Networks Inc.
ShareView Details
Matching Score-4
Assigner-Nozomi Networks Inc.
CVSS Score-4.9||MEDIUM
EPSS-0.81% / 52.46%
||
7 Day CHG~0.00%
Published-12 Feb, 2025 | 13:28
Updated-24 Oct, 2025 | 15:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-434 "Unrestricted Upload of File with Dangerous Type" in the template file uploads in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to upload malicious files via crafted HTTP requests.

Action-Not Available
Vendor-Q-Free
Product-maxtimeMaxTime
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-2606
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.32% / 23.59%
||
7 Day CHG~0.00%
Published-21 Mar, 2025 | 21:00
Updated-25 Mar, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Best Church Management Software soulwinning_crud.php unrestricted upload

A vulnerability was found in SourceCodester Best Church Management Software 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/app/soulwinning_crud.php. The manipulation of the argument photo/photo1 leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-SourceCodester
Product-Best Church Management Software
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-2687
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.40% / 32.00%
||
7 Day CHG~0.00%
Published-24 Mar, 2025 | 06:00
Updated-24 Mar, 2025 | 17:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PHPGurukul eLearning System Image index.php unrestricted upload

A vulnerability classified as critical has been found in PHPGurukul eLearning System 1.0. Affected is an unknown function of the file /user/index.php of the component Image Handler. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-janobePHPGurukul LLP
Product-elearning_systemeLearning System
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2026-9374
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.19% / 9.38%
||
7 Day CHG~0.00%
Published-24 May, 2026 | 10:30
Updated-26 May, 2026 | 19:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
yangzongzhuan RuoYi-Vue Common Upload Endpoint upload FileUploadUtils.upload unrestricted upload

A vulnerability was found in yangzongzhuan RuoYi-Vue up to 3.9.2. Impacted is the function FileUploadUtils.upload of the file /common/upload of the component Common Upload Endpoint. Performing a manipulation results in unrestricted upload. The attack is possible to be carried out remotely. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-yangzongzhuan
Product-RuoYi-Vue
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-2607
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.37% / 28.65%
||
7 Day CHG~0.00%
Published-21 Mar, 2025 | 21:00
Updated-01 Apr, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
phplaozhang LzCMS-LaoZhangBoKeXiTong HTTP POST Request upimage.html unrestricted upload

A vulnerability was found in phplaozhang LzCMS-LaoZhangBoKeXiTong up to 1.1.4. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/upload/upimage.html of the component HTTP POST Request Handler. The manipulation of the argument File leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-phplaozhangphplaozhang
Product-lzcms-laozhangbokexitongLzCMS-LaoZhangBoKeXiTong
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-24801
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.6||HIGH
EPSS-17.47% / 96.76%
||
7 Day CHG~0.00%
Published-18 Mar, 2025 | 18:32
Updated-01 Aug, 2025 | 00:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GLPI allows authenticated remote code execution

GLPI is a free asset and IT management software package. An authenticated user can upload and force the execution of *.php files located on the GLPI server. This vulnerability is fixed in 10.0.18.

Action-Not Available
Vendor-GLPI Project
Product-glpiglpi
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2026-9009
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-8.8||HIGH
EPSS-0.45% / 35.79%
||
7 Day CHG~0.00%
Published-28 May, 2026 | 05:30
Updated-28 May, 2026 | 13:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Crawlomatic Multipage Scraper Post Generator <= 2.7.2 - Authenticated (Author+) Remote Code Execution via 'callback_raw' Shortcode Attribute

The Crawlomatic Multipage Scraper Post Generator plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.7.2 via the filter_content function. This is due to passing the attacker-supplied 'callback_raw' shortcode attribute directly into call_user_func() with no sanitization or allowlist validation, relying solely on an is_callable() check that permits dangerous PHP built-ins such as system, shell_exec, exec, passthru, and assert. This makes it possible for authenticated attackers, with author-level access and above, to execute code on the server. An identical sink exists for the 'callback' attribute, providing a second independent vector through the same shortcode.

Action-Not Available
Vendor-CodeRevolution
Product-Crawlomatic Multipage Scraper Post Generator
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2026-9227
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-8.8||HIGH
EPSS-0.66% / 47.01%
||
7 Day CHG~0.00%
Published-28 May, 2026 | 06:45
Updated-28 May, 2026 | 13:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GutenBee <= 2.20.1 - Authenticated (Author+) Arbitrary File Upload via wp_check_filetype_and_ext Filter

The GutenBee – Gutenberg Blocks plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 2.20.1 via the gutenbee_file_and_ext_json function. This is due to a flawed strpos() substring check that only verifies whether the filename contains the string '.json' rather than confirming the filename ends with a .json extension, allowing double-extension filenames like shell.json.php to bypass validation. This makes it possible for authenticated attackers, with author-level access and above, to upload files that may be executable, which makes remote code execution possible.

Action-Not Available
Vendor-cssigniterteam
Product-GutenBee – Gutenberg Blocks
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2026-9860
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-8.8||HIGH
EPSS-0.58% / 43.31%
||
7 Day CHG~0.00%
Published-18 Jun, 2026 | 04:31
Updated-18 Jun, 2026 | 19:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Offload, AI & Optimize with Cloudflare Images <= 1.10.2 - Authenticated (Author+) Remote Code Execution via 'api-key' / 'account-id' Parameters in cf_images_do_setup AJAX Action

The Offload, AI & Optimize with Cloudflare Images plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.10.2 via the 'account-id' parameter parameter. This is due to insufficient privilege enforcement on the cf_images_do_setup AJAX handler, which requires only the upload_files capability (Author+) rather than manage_options before writing to wp-config.php, combined with the absence of single-quote escaping — sanitize_text_field() does not strip single quotes, and filter_input(INPUT_POST) bypasses wp_magic_quotes() slashing — allowing a single quote in the account-id or api-key parameter to break out of the single-quoted PHP string literal in the write_config() define() statement. This makes it possible for authenticated attackers, with author-level access and above, to execute code on the server. This is possible because the 'cf-images-nonce' nonce required by the AJAX handler is exposed to all Author-level and above users on wp-admin/upload.php via the CFImages JavaScript object, meaning any upload-capable user can satisfy the nonce check and reach the vulnerable wp-config.php write path.

Action-Not Available
Vendor-vanyukov
Product-Offload, AI & Optimize with Cloudflare Images
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2014-1214
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-4.32% / 89.98%
||
7 Day CHG~0.00%
Published-13 Nov, 2019 | 20:36
Updated-06 Aug, 2024 | 09:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

views/upload.php in the ProJoom Smart Flash Header (NovaSFH) component 3.0.2 and earlier for Joomla! allows remote attackers to upload and execute arbitrary files via a crafted (1) dest parameter and (2) arbitrary extension in the Filename parameter.

Action-Not Available
Vendor-projoomn/a
Product-smart_flash_headern/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2020-28328
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-64.09% / 99.13%
||
7 Day CHG~0.00%
Published-06 Nov, 2020 | 18:18
Updated-04 Aug, 2024 | 16:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SuiteCRM before 7.11.17 is vulnerable to remote code execution via the system settings Log File Name setting. In certain circumstances involving admin account takeover, logger_file_name can refer to an attacker-controlled .php file under the web root.

Action-Not Available
Vendor-n/aSalesAgility Ltd.
Product-suitecrmn/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-2396
Matching Score-4
Assigner-TWCERT/CC
ShareView Details
Matching Score-4
Assigner-TWCERT/CC
CVSS Score-8.8||HIGH
EPSS-0.62% / 45.45%
||
7 Day CHG~0.00%
Published-17 Mar, 2025 | 05:58
Updated-18 Nov, 2025 | 17:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
e-Excellence U-Office Force - Arbitrary File Upload

The U-Office Force from e-Excellence has an Arbitrary File Upload vulnerability, allowing remote attackers with regular privileges to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server.

Action-Not Available
Vendor-edetwe-Excellence
Product-u-office_forceU-Office Force
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2026-7696
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.22% / 12.90%
||
7 Day CHG~0.00%
Published-03 May, 2026 | 12:30
Updated-05 May, 2026 | 19:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Acrel Electrical EEMS Enterprise Power Operation and Maintenance Cloud Platform uploadH5Files unrestricted upload

A vulnerability was found in Acrel Electrical EEMS Enterprise Power Operation and Maintenance Cloud Platform 1.3.0. This impacts an unknown function of the file /SubstationWEBV2/main/uploadH5Files. The manipulation of the argument File results in unrestricted upload. The attack may be launched remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Acrel Electrical
Product-EEMS Enterprise Power Operation and Maintenance Cloud Platform
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2026-7732
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.21% / 10.68%
||
7 Day CHG~0.00%
Published-04 May, 2026 | 04:30
Updated-05 May, 2026 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects BloodBank Managing System request_blood.php unrestricted upload

A vulnerability was detected in code-projects BloodBank Managing System 1.0. The impacted element is an unknown function of the file request_blood.php. The manipulation results in unrestricted upload. The attack can be executed remotely. The exploit is now public and may be used.

Action-Not Available
Vendor-Source Code & Projects
Product-BloodBank Managing System
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2020-28136
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-2.94% / 85.44%
||
7 Day CHG~0.00%
Published-17 Nov, 2020 | 19:06
Updated-04 Aug, 2024 | 16:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An Arbitrary File Upload is discovered in SourceCodester Tourism Management System 1.0 allows the user to conduct remote code execution via admin/create-package.php vulnerable page.

Action-Not Available
Vendor-n/aPHPGurukul LLP
Product-tourism_management_systemn/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2022-43436
Matching Score-4
Assigner-TWCERT/CC
ShareView Details
Matching Score-4
Assigner-TWCERT/CC
CVSS Score-8.8||HIGH
EPSS-0.86% / 54.14%
||
7 Day CHG~0.00%
Published-03 Jan, 2023 | 00:00
Updated-10 Apr, 2025 | 16:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
HWA JIUH DIGITAL TECHNOLOGY LTD. EasyTest - Arbitrary File Upload

The File Upload function of EasyTest has insufficient filtering for special characters and file type. A remote attacker authenticated as a general user can upload and execute arbitrary files, to manipulate system or disrupt service.

Action-Not Available
Vendor-easy_test_projectHWA JIUH DIGITAL TECHNOLOGY LTD.
Product-easy_testEasyTest
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-2249
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-8.8||HIGH
EPSS-0.69% / 48.18%
||
7 Day CHG+0.05%
Published-29 Mar, 2025 | 07:03
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SoJ Soundslides <= 1.2.2 - Authenticated (Contributor+) Arbitrary File Upload

The SoJ SoundSlides plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the soj_soundslides_options_subpanel() function in all versions up to, and including, 1.2.2. This makes it possible for authenticated attackers, with Contributor-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.

Action-Not Available
Vendor-sojweb
Product-SoJ SoundSlides
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2013-6358
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-3.72% / 88.45%
||
7 Day CHG~0.00%
Published-23 Jan, 2020 | 14:23
Updated-06 Aug, 2024 | 17:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PrestaShop 1.5.5 allows remote authenticated attackers to execute arbitrary code by uploading a crafted profile and then accessing it in the module/ directory.

Action-Not Available
Vendor-n/aPrestaShop S.A
Product-prestashopn/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2022-42925
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
ShareView Details
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
CVSS Score-9.9||CRITICAL
EPSS-0.86% / 54.14%
||
7 Day CHG~0.00%
Published-31 Oct, 2022 | 19:58
Updated-06 May, 2025 | 19:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unrestricted Upload of File with Dangerous Type in Forma LMS

There is a vulnerability on Forma LMS version 3.1.0 and earlier that could allow an authenticated attacker (with the role of student) to privilege escalate in order to upload a Zip file through the plugin upload component. The exploitation of this vulnerability could lead to a remote code injection.

Action-Not Available
Vendor-formalmsForma
Product-formalmsForma LMS
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-2216
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.69% / 48.14%
||
7 Day CHG~0.00%
Published-12 Mar, 2025 | 00:00
Updated-25 Mar, 2025 | 17:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
zzskzy Warehouse Refinement Management System SaveCrash.ashx UploadCrash unrestricted upload

A vulnerability, which was classified as critical, has been found in zzskzy Warehouse Refinement Management System 1.3. Affected by this issue is the function UploadCrash of the file /crash/log/SaveCrash.ashx. The manipulation of the argument file leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-zzskzyzzskzy
Product-warehouse_refinement_management_systemWarehouse Refinement Management System
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2026-9445
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.26% / 17.47%
||
7 Day CHG~0.00%
Published-25 May, 2026 | 09:15
Updated-26 May, 2026 | 14:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Simple POS and Inventory System File Extension addproduct.php unrestricted upload

A flaw has been found in SourceCodester Simple POS and Inventory System 1.0. Impacted is an unknown function of the file /admin/addproduct.php of the component File Extension Handler. This manipulation of the argument image causes unrestricted upload. Remote exploitation of the attack is possible. The exploit has been published and may be used.

Action-Not Available
Vendor-SourceCodester
Product-Simple POS and Inventory System
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2026-6489
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.26% / 17.07%
||
7 Day CHG~0.00%
Published-17 Apr, 2026 | 13:00
Updated-22 Apr, 2026 | 20:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
QueryMine sms Background Management addteacher.php unrestricted upload

A security flaw has been discovered in QueryMine sms up to 7ab5a9ea196209611134525ffc18de25c57d9593. This issue affects some unknown processing of the file admin/addteacher.php of the component Background Management Page. The manipulation of the argument image results in unrestricted upload. The attack can be launched remotely. The exploit has been released to the public and may be used for attacks. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-QueryMine
Product-sms
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2026-6518
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-8.8||HIGH
EPSS-0.87% / 54.29%
||
7 Day CHG~0.00%
Published-18 Apr, 2026 | 03:37
Updated-22 Apr, 2026 | 20:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CMP – Coming Soon & Maintenance Plugin by NiteoThemes <= 4.1.16 - Missing Authorization to Authenticated (Administrator+) Arbitrary File Upload and Remote Code Execution

The CMP – Coming Soon & Maintenance Plugin by NiteoThemes plugin for WordPress is vulnerable to arbitrary file upload and remote code execution in all versions up to, and including, 4.1.16 via the `cmp_theme_update_install` AJAX action. This is due to the function only checking for the `publish_pages` capability (available to Editors and above) instead of `manage_options` (Administrators only), combined with a lack of proper validation on the user-supplied file URL and no verification of the downloaded file's content before extraction. This makes it possible for authenticated attackers, with Administrator-level access and above, to force the server to download and extract a malicious ZIP file from a remote attacker-controlled URL into a web-accessible directory (`wp-content/plugins/cmp-premium-themes/`), resulting in remote code execution. Due to the lack of a nonce for Editors, they are unable to exploit this vulnerability.

Action-Not Available
Vendor-niteo
Product-CMP – Coming Soon & Maintenance Plugin by NiteoThemes
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-2155
Matching Score-4
Assigner-TR-CERT (Computer Emergency Response Team of the Republic of Türkiye)
ShareView Details
Matching Score-4
Assigner-TR-CERT (Computer Emergency Response Team of the Republic of Türkiye)
CVSS Score-8.8||HIGH
EPSS-0.29% / 20.61%
||
7 Day CHG~0.00%
Published-24 Dec, 2025 | 14:31
Updated-06 Jun, 2026 | 08:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Arbitrary File Upload in EchoCCS's Specto CM

Unrestricted Upload of File with Dangerous Type vulnerability in Echo Call Center Services Trade and Industry Inc. Specto CM allows Remote Code Inclusion. This issue affects Specto CM: before 17032025.

Action-Not Available
Vendor-Echo Call Center Services Trade and Industry Inc.
Product-Specto CM
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2026-6249
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.7||HIGH
EPSS-0.62% / 45.51%
||
7 Day CHG~0.00%
Published-20 Apr, 2026 | 19:57
Updated-25 May, 2026 | 23:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Vvveb CMS 1.0.8.2 Remote Code Execution via Media Upload

Vvveb CMS 1.0.8.2 contains a remote code execution vulnerability in its media upload handler that allows authenticated attackers to execute arbitrary operating system commands by uploading a PHP webshell with a .phtml extension. Attackers can bypass the extension deny-list and upload malicious files to the publicly accessible media directory, then request the file over HTTP to achieve full server compromise.

Action-Not Available
Vendor-Vvveb
Product-Vvveb CMS
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2022-41681
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
ShareView Details
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
CVSS Score-9.9||CRITICAL
EPSS-0.86% / 54.14%
||
7 Day CHG~0.00%
Published-31 Oct, 2022 | 19:59
Updated-06 May, 2025 | 19:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
File Upload vulnerability in Forma LMS

There is a vulnerability on Forma LMS version 3.1.0 and earlier that could allow an authenticated attacker (with the role of student) to privilege escalate in order to upload a Zip file through the SCORM importer feature. The exploitation of this vulnerability could lead to a remote code injection.

Action-Not Available
Vendor-formalmsForma
Product-formalmsForma LMS
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2022-29624
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-1.20% / 64.42%
||
7 Day CHG~0.00%
Published-31 May, 2022 | 21:00
Updated-03 Aug, 2024 | 06:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An arbitrary file upload vulnerability in the Add File function of TPCMS v3.2 allows attackers to execute arbitrary code via a crafted PHP file.

Action-Not Available
Vendor-tpcms_projectn/a
Product-tpcmsn/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2026-7043
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.20% / 10.15%
||
7 Day CHG~0.00%
Published-26 Apr, 2026 | 13:15
Updated-27 Apr, 2026 | 13:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GreenCMS index.php pluginAddLocal unrestricted upload

A vulnerability has been found in GreenCMS up to 2.3. This impacts the function pluginAddLocal of the file /index.php?m=admin&c=custom&a=pluginadd. The manipulation leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

Action-Not Available
Vendor-n/a
Product-GreenCMS
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2026-7044
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.20% / 10.16%
||
7 Day CHG~0.00%
Published-26 Apr, 2026 | 13:30
Updated-27 Apr, 2026 | 16:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GreenCMS index.php themeadd unrestricted upload

A vulnerability was found in GreenCMS up to 2.3. Affected is the function themeadd of the file /index.php?m=admin&c=custom&a=themeadd. The manipulation results in unrestricted upload. The attack can be launched remotely. The exploit has been made public and could be used. This vulnerability only affects products that are no longer supported by the maintainer.

Action-Not Available
Vendor-n/a
Product-GreenCMS
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2026-7107
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.20% / 10.16%
||
7 Day CHG~0.00%
Published-27 Apr, 2026 | 08:45
Updated-27 Apr, 2026 | 13:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Invoice System in Laravel company unrestricted upload

A weakness has been identified in code-projects Invoice System in Laravel 1.0. The impacted element is an unknown function of the file /company. This manipulation of the argument logo causes unrestricted upload. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be used for attacks.

Action-Not Available
Vendor-Source Code & Projects
Product-Invoice System in Laravel
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-2008
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-8.8||HIGH
EPSS-1.10% / 61.79%
||
7 Day CHG+0.05%
Published-01 Apr, 2025 | 04:21
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Import Export Suite for CSV and XML Datafeed <= 7.19 - Authenticated (Subscriber+) Arbitrary File Upload

The Import Export Suite for CSV and XML Datafeed plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the import_single_post_as_csv() function in all versions up to, and including, 7.19. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. Please note this vulnerability was reintroduced in 7.20, and subsequently patched again in 7.20.1.

Action-Not Available
Vendor-smackcoders
Product-WP Ultimate CSV Importer – Import CSV, XML & Excel into WordPress
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-2031
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.32% / 24.05%
||
7 Day CHG~0.00%
Published-06 Mar, 2025 | 16:00
Updated-12 May, 2025 | 20:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ChestnutCMS upload uploadFile unrestricted upload

A vulnerability classified as critical has been found in ChestnutCMS up to 1.5.2. This affects the function uploadFile of the file /dev-api/cms/file/upload. The manipulation of the argument file leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-1000mzn/a
Product-chestnutcmsChestnutCMS
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2020-25134
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-3.36% / 87.25%
||
7 Day CHG~0.00%
Published-25 Sep, 2020 | 14:19
Updated-04 Aug, 2024 | 15:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to directory traversal and local file inclusion due to the fact that there is an unrestricted possibility of loading any file with an inc.php extension. Inclusion of other files (even though limited to the mentioned extension) can lead to Remote Code Execution. This can occur via /settings/?format=../ URIs to pages/settings.inc.php.

Action-Not Available
Vendor-observiumn/a
Product-observiumn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-20287
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.29% / 21.27%
||
7 Day CHG~0.00%
Published-03 Sep, 2025 | 17:40
Updated-09 Sep, 2025 | 18:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Evolved Programmable Network Manager Arbitrary File Upload Vulnerability

A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker to upload arbitrary files to an affected device. This vulnerability is due to improper validation of files that are uploaded to the web-based management interface. An attacker could exploit this vulnerability by sending a crafted file upload request to a specific API endpoint. A successful exploit could allow the attacker to upload arbitrary files to an affected system. To exploit this vulnerability, an attacker must have at least valid Config Managers credentials on the affected device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-evolved_programmable_network_managerCisco Evolved Programmable Network Manager (EPNM)
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2026-6261
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-8.8||HIGH
EPSS-0.61% / 44.94%
||
7 Day CHG~0.00%
Published-05 May, 2026 | 11:25
Updated-05 May, 2026 | 19:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Betheme <= 28.4 - Authenticated (Author+) Arbitrary File Upload to Remote Code Execution via Icon Pack Upload

The Betheme theme for WordPress is vulnerable to Arbitrary File Upload in versions up to, and including, 28.4. This is due to the upload_icons() function workflow moving and unzipping user-controlled ZIP files into a public uploads directory without validating extracted file types. This makes it possible for authenticated attackers, with author-level access and above, to upload arbitrary files (including PHP) and achieve remote code execution via the Icons icon-pack upload flow.

Action-Not Available
Vendor-Muffin Group
Product-Betheme
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2026-6692
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-8.8||HIGH
EPSS-0.81% / 52.59%
||
7 Day CHG~0.00%
Published-07 May, 2026 | 04:27
Updated-07 May, 2026 | 14:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Slider Revolution 7.0.0 - 7.0.10 - Authenticated (Subscriber+) Arbitrary File Upload via _get_media_url

The Slider Revolution plugin for WordPress is vulnerable to Arbitrary File Upload in versions 7.0.0 to 7.0.10 via the '_get_media_url' and '_check_file_path' function. This is due to insufficient file type validation. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload files that may be executable, which makes remote code execution possible. The vulnerability was partially patched in version 7.0.10 and fully patched in version 7.0.11.

Action-Not Available
Vendor-Revolution Slider
Product-Slider Revolution
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 27
  • 28
  • Next
Details not found