Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2022-40981

Summary
Assigner-icscert
Assigner Org ID-7d14cffa-0d7d-4270-9dc0-52cabd5a23a6
Published At-10 Nov, 2022 | 21:31
Updated At-16 Sep, 2024 | 23:40
Rejected At-
Credits

ETIC Telecom Remote Access Server Unrestricted Upload of File with Dangerous Type

All versions of ETIC Telecom Remote Access Server (RAS) 4.5.0 and prior is vulnerable to malicious file upload. An attacker could take advantage of this to store malicious files on the server, which could override sensitive and useful existing files on the filesystem, fill the hard disk to full capacity, or compromise the affected device or computers with administrator level privileges connected to the affected device.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:icscert
Assigner Org ID:7d14cffa-0d7d-4270-9dc0-52cabd5a23a6
Published At:10 Nov, 2022 | 21:31
Updated At:16 Sep, 2024 | 23:40
Rejected At:
▼CVE Numbering Authority (CNA)
ETIC Telecom Remote Access Server Unrestricted Upload of File with Dangerous Type

All versions of ETIC Telecom Remote Access Server (RAS) 4.5.0 and prior is vulnerable to malicious file upload. An attacker could take advantage of this to store malicious files on the server, which could override sensitive and useful existing files on the filesystem, fill the hard disk to full capacity, or compromise the affected device or computers with administrator level privileges connected to the affected device.

Affected Products
Vendor
ETIC Telecom
Product
Remote Access Server (RAS)
Default Status
unaffected
Versions
Affected
  • From 0 through 4.5.0 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-434CWE-434 Unrestricted Upload of File with Dangerous Type
Type: CWE
CWE ID: CWE-434
Description: CWE-434 Unrestricted Upload of File with Dangerous Type
Metrics
VersionBase scoreBase severityVector
3.15.9MEDIUM
CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L
Version: 3.1
Base score: 5.9
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

ETIC Telecom recommends updating the firmware of the affected devices to the following versions: * ETIC Telecom RAS: version 4.7.0 or later https://www.etictelecom.com/en/softwares-download/ For the installed devices, ETIC Telecom recommends: * For all firmware versions 4.7.0 and above, only valid configuration files can be uploaded to the device. For versions prior to 4.7.0, to reduce the attack surface, we advise the user to verify in the router configuration that: (1) The administration web page is accessible only through the LAN side over HTTPS, and (2) The administration web page is protected with authentication.

Configurations
Workarounds
Exploits
Credits
finder
Haviv Vaizman, Hay Mizrachi, Alik Koldobsky, Ofir Manzur, and Nikolay Sokolik of OTORIO reported these vulnerabilities to CISA.
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.cisa.gov/uscert/ics/advisories/icsa-22-307-01
N/A
Hyperlink: https://www.cisa.gov/uscert/ics/advisories/icsa-22-307-01
Resource: N/A
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.cisa.gov/uscert/ics/advisories/icsa-22-307-01
x_transferred
Hyperlink: https://www.cisa.gov/uscert/ics/advisories/icsa-22-307-01
Resource:
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:ics-cert@hq.dhs.gov
Published At:10 Nov, 2022 | 22:15
Updated At:17 Sep, 2024 | 00:15

All versions of ETIC Telecom Remote Access Server (RAS) 4.5.0 and prior is vulnerable to malicious file upload. An attacker could take advantage of this to store malicious files on the server, which could override sensitive and useful existing files on the filesystem, fill the hard disk to full capacity, or compromise the affected device or computers with administrator level privileges connected to the affected device.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.110.0CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Secondary3.15.9MEDIUM
CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L
Type: Primary
Version: 3.1
Base score: 10.0
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 5.9
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L
CPE Matches
etictelecom
etictelecom
>>ras-c-100-lw>>-
cpe:2.3:h:etictelecom:ras-c-100-lw:-:*:*:*:*:*:*:*
etictelecom
etictelecom
>>ras-e-100>>-
cpe:2.3:h:etictelecom:ras-e-100:-:*:*:*:*:*:*:*
etictelecom
etictelecom
>>ras-e-220>>-
cpe:2.3:h:etictelecom:ras-e-220:-:*:*:*:*:*:*:*
etictelecom
etictelecom
>>ras-e-400>>-
cpe:2.3:h:etictelecom:ras-e-400:-:*:*:*:*:*:*:*
etictelecom
etictelecom
>>ras-ec-220-lw>>-
cpe:2.3:h:etictelecom:ras-ec-220-lw:-:*:*:*:*:*:*:*
etictelecom
etictelecom
>>ras-ec-400-lw>>-
cpe:2.3:h:etictelecom:ras-ec-400-lw:-:*:*:*:*:*:*:*
etictelecom
etictelecom
>>ras-ec-480-lw>>-
cpe:2.3:h:etictelecom:ras-ec-480-lw:-:*:*:*:*:*:*:*
etictelecom
etictelecom
>>ras-ecw-220-lw>>-
cpe:2.3:h:etictelecom:ras-ecw-220-lw:-:*:*:*:*:*:*:*
etictelecom
etictelecom
>>ras-ecw-400-lw>>-
cpe:2.3:h:etictelecom:ras-ecw-400-lw:-:*:*:*:*:*:*:*
etictelecom
etictelecom
>>ras-ew-100>>-
cpe:2.3:h:etictelecom:ras-ew-100:-:*:*:*:*:*:*:*
etictelecom
etictelecom
>>ras-ew-220>>-
cpe:2.3:h:etictelecom:ras-ew-220:-:*:*:*:*:*:*:*
etictelecom
etictelecom
>>ras-ew-400>>-
cpe:2.3:h:etictelecom:ras-ew-400:-:*:*:*:*:*:*:*
etictelecom
etictelecom
>>rfm-e>>-
cpe:2.3:h:etictelecom:rfm-e:-:*:*:*:*:*:*:*
etictelecom
etictelecom
>>remote_access_server_firmware>>Versions up to 4.5.0(inclusive)
cpe:2.3:o:etictelecom:remote_access_server_firmware:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-434Primarynvd@nist.gov
CWE-434Secondaryics-cert@hq.dhs.gov
CWE ID: CWE-434
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-434
Type: Secondary
Source: ics-cert@hq.dhs.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.cisa.gov/uscert/ics/advisories/icsa-22-307-01ics-cert@hq.dhs.gov
Patch
Third Party Advisory
US Government Resource
Hyperlink: https://www.cisa.gov/uscert/ics/advisories/icsa-22-307-01
Source: ics-cert@hq.dhs.gov
Resource:
Patch
Third Party Advisory
US Government Resource

Change History

0
Information is not available yet

Similar CVEs

121Records found
CVE-2024-52372
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.36% / 57.46%
||
7 Day CHG~0.00%
Published-14 Nov, 2024 | 18:12
Updated-15 Nov, 2024 | 13:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Easy CSV Importer plugin <= 7.0.0 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in WebTechGlobal Easy CSV Importer BETA allows Upload a Web Shell to a Web Server.This issue affects Easy CSV Importer BETA: from n/a through 7.0.0.

Action-Not Available
Vendor-WebTechGlobalwebtechglobal
Product-Easy CSV Importer BETAeasy_csv_importer_beta
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-52380
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-29.48% / 96.44%
||
7 Day CHG~0.00%
Published-14 Nov, 2024 | 17:39
Updated-15 Nov, 2024 | 17:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Picsmize plugin <= 1.0.0 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Softpulse Infotech Picsmize allows Upload a Web Shell to a Web Server.This issue affects Picsmize: from n/a through 1.0.0.

Action-Not Available
Vendor-Softpulse Infotechsoftpulse_infotech
Product-Picsmizepicsmize
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-52377
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.36% / 57.46%
||
7 Day CHG~0.00%
Published-14 Nov, 2024 | 17:42
Updated-15 Nov, 2024 | 15:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Instant Image Generator (One Click Image Uploads from Pixabay, Pexels and OpenAI) plugin <= 1.5.4 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in BdThemes Instant Image Generator allows Upload a Web Shell to a Web Server.This issue affects Instant Image Generator: from n/a through 1.5.4.

Action-Not Available
Vendor-BdThemesBdThemes
Product-Instant Image Generatorinstant_image_generator
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2023-35189
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-10||CRITICAL
EPSS-0.33% / 54.96%
||
7 Day CHG~0.00%
Published-18 Jul, 2023 | 17:12
Updated-28 Oct, 2024 | 15:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Iagona ScrutisWeb Unrestricted Upload of File with Dangerous Type

Iagona ScrutisWeb versions 2.1.37 and prior are vulnerable to a remote code execution vulnerability that could allow an unauthenticated user to upload a malicious payload and execute it.

Action-Not Available
Vendor-iagonaiagona
Product-scrutiswebScrutisWeb
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-51788
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-60.75% / 98.23%
||
7 Day CHG~0.00%
Published-11 Nov, 2024 | 05:59
Updated-12 Nov, 2024 | 17:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress The Novel Design Store Directory plugin <= 4.3.0 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Joshua Wolfe The Novel Design Store Directory allows Upload a Web Shell to a Web Server.This issue affects The Novel Design Store Directory: from n/a through 4.3.0.

Action-Not Available
Vendor-Joshua Wolfejoshua_wolfe
Product-The Novel Design Store Directorythe_novel_design_store_directory
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-51791
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.50% / 64.98%
||
7 Day CHG~0.00%
Published-11 Nov, 2024 | 05:54
Updated-12 Nov, 2024 | 18:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Forms plugin <= 2.8.0 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Made I.T. Forms allows Upload a Web Shell to a Web Server.This issue affects Forms: from n/a through 2.8.0.

Action-Not Available
Vendor-Made I.T.madeit
Product-Formsforms
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-51790
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.36% / 57.46%
||
7 Day CHG~0.00%
Published-11 Nov, 2024 | 05:55
Updated-12 Nov, 2024 | 17:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress HB AUDIO GALLERY plugin <= 3.0 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Team HB WEBSOL HB AUDIO GALLERY allows Upload a Web Shell to a Web Server.This issue affects HB AUDIO GALLERY: from n/a through 3.0.

Action-Not Available
Vendor-Team HB WEBSOLteam_hb_websol
Product-HB AUDIO GALLERYhb_audio_gallery
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-50420
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.64% / 69.59%
||
7 Day CHG+0.09%
Published-29 Oct, 2024 | 08:32
Updated-29 Oct, 2024 | 15:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress aDirectory plugin <= 1.3 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in adirectory aDirectory allows Upload a Web Shell to a Web Server.This issue affects aDirectory: from n/a through 1.3.

Action-Not Available
Vendor-adirectoryadirectory
Product-aDirectoryadirectory
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-49607
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-21.80% / 95.54%
||
7 Day CHG~0.00%
Published-20 Oct, 2024 | 08:40
Updated-24 Oct, 2024 | 15:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Dropbox Dropins plugin <= 1.0 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Redwan Hilali WP Dropbox Dropins allows Upload a Web Shell to a Web Server.This issue affects WP Dropbox Dropins: from n/a through 1.0.

Action-Not Available
Vendor-redwanhilaliRedwan Hilaliredwan_hilali
Product-wp_dropbox_dropinsWP Dropbox Dropinswp_dropbox_dropins
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-50482
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-35.56% / 96.94%
||
7 Day CHG+1.14%
Published-29 Oct, 2024 | 07:57
Updated-29 Oct, 2024 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Woocommerce Product Design plugin <= 1.0.0 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Chetan Khandla Woocommerce Product Design allows Upload a Web Shell to a Web Server.This issue affects Woocommerce Product Design: from n/a through 1.0.0.

Action-Not Available
Vendor-Chetan Khandlachetan_khandla
Product-Woocommerce Product Designwoocommerce_product_design
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-50494
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.50% / 64.98%
||
7 Day CHG+0.07%
Published-29 Oct, 2024 | 07:53
Updated-29 Oct, 2024 | 18:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Sudan Payment Gateway for WooCommerce plugin <= 1.2.2 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Amin Omer Sudan Payment Gateway for WooCommerce allows Upload a Web Shell to a Web Server.This issue affects Sudan Payment Gateway for WooCommerce: from n/a through 1.2.2.

Action-Not Available
Vendor-Amin Omeramin_omer
Product-Sudan Payment Gateway for WooCommercewc_sudan_payment_gateway
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-50493
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-35.56% / 96.94%
||
7 Day CHG+1.14%
Published-29 Oct, 2024 | 07:55
Updated-29 Oct, 2024 | 18:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Automatic Translation plugin <= 1.0.4 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in masterhomepage Automatic Translation allows Upload a Web Shell to a Web Server.This issue affects Automatic Translation: from n/a through 1.0.4.

Action-Not Available
Vendor-masterhomepagemasterhomepage
Product-Automatic Translationautomatic_translation
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-50527
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.39% / 59.30%
||
7 Day CHG+0.03%
Published-04 Nov, 2024 | 13:42
Updated-06 Nov, 2024 | 17:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Stacks Mobile App Builder plugin <= 5.2.3 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Stacks Stacks Mobile App Builder allows Upload a Web Shell to a Web Server.This issue affects Stacks Mobile App Builder: from n/a through 5.2.3.

Action-Not Available
Vendor-stacksmarketStacksstacks
Product-stacks_mobile_app_builderStacks Mobile App Builderstacks_mobile_app_builder
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-50496
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.50% / 64.98%
||
7 Day CHG+0.07%
Published-28 Oct, 2024 | 20:54
Updated-08 Nov, 2024 | 15:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress AR For WordPress plugin <= 6.2 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Web and Print Design AR For WordPress allows Upload a Web Shell to a Web Server.This issue affects AR For WordPress: from n/a through 6.2.

Action-Not Available
Vendor-webandprintWeb and Print Designwebandprintdesign
Product-arAR For WordPressar_for_wordpress
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-50525
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.54% / 66.74%
||
7 Day CHG+0.04%
Published-04 Nov, 2024 | 13:44
Updated-06 Nov, 2024 | 15:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Helloprint plugin <= 2.0.2 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Helloprint Plug your WooCommerce into the largest catalog of customized print products from Helloprint allows Upload a Web Shell to a Web Server.This issue affects Plug your WooCommerce into the largest catalog of customized print products from Helloprint: from n/a through 2.0.2.

Action-Not Available
Vendor-helloprintHelloprinthelloprint
Product-helloprintPlug your WooCommerce into the largest catalog of customized print products from Helloprinthelloprint
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-50473
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-35.56% / 96.94%
||
7 Day CHG+1.14%
Published-29 Oct, 2024 | 08:30
Updated-29 Oct, 2024 | 15:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Ajar in5 Embed plugin <= 3.1.3 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Ajar Productions Ajar in5 Embed allows Upload a Web Shell to a Web Server.This issue affects Ajar in5 Embed: from n/a through 3.1.3.

Action-Not Available
Vendor-Ajar Productions
Product-Ajar in5 Embedajar_in5_embed
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-49324
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.46% / 63.12%
||
7 Day CHG~0.00%
Published-20 Oct, 2024 | 08:51
Updated-24 Oct, 2024 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Sovratec Case Management plugin <= 1.0.0 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Sovratec Sovratec Case Management allows Upload a Web Shell to a Web Server.This issue affects Sovratec Case Management: from n/a through 1.0.0.

Action-Not Available
Vendor-sovratecSovratecsovratec
Product-sovratec_case_managementSovratec Case Managementcase_management
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-49329
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.64% / 69.59%
||
7 Day CHG~0.00%
Published-20 Oct, 2024 | 08:47
Updated-24 Oct, 2024 | 16:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP REST API FNS plugin <= 1.0.0 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Vivek Tamrakar WP REST API FNS allows Upload a Web Shell to a Web Server.This issue affects WP REST API FNS: from n/a through 1.0.0.

Action-Not Available
Vendor-vivektamrakarVivek Tamrakarvivek_tamrakar
Product-wp_rest_api_fnsWP REST API FNSwp_rest_api_fns
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-49314
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.46% / 63.12%
||
7 Day CHG~0.00%
Published-17 Oct, 2024 | 17:19
Updated-18 Oct, 2024 | 12:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress JiangQie Free Mini Program plugin <= 2.5.2 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in 酱茄 JiangQie Free Mini Program allows Upload a Web Shell to a Web Server.This issue affects JiangQie Free Mini Program: from n/a through 2.5.2.

Action-Not Available
Vendor-酱茄zhuige
Product-JiangQie Free Mini Programjiangqie_free_mini_program
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-49327
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.50% / 64.98%
||
7 Day CHG~0.00%
Published-20 Oct, 2024 | 08:48
Updated-24 Oct, 2024 | 16:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Woostagram Connect plugin <= 1.0.2 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Asep Bagja Priandana Woostagram Connect allows Upload a Web Shell to a Web Server.This issue affects Woostagram Connect: from n/a through 1.0.2.

Action-Not Available
Vendor-asepbagjapriandanaAsep Bagja Priandanaasepbagjapriandana
Product-woostagram_connectWoostagram Connectwoostagram_connect
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-49326
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.46% / 63.12%
||
7 Day CHG~0.00%
Published-20 Oct, 2024 | 08:50
Updated-24 Oct, 2024 | 16:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Affiliator plugin <= 2.1.3 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Vasilis Kerasiotis Affiliator allows Upload a Web Shell to a Web Server.This issue affects Affiliator: from n/a through 2.1.3.

Action-Not Available
Vendor-vasiliskerasiotisVasilis Kerasiotisvasiliskerasiotis
Product-affiliatorAffiliatoraffiliator
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
  • Previous
  • 1
  • 2
  • 3
  • Next
Details not found