The Download Plugin plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the dpwap_plugin_locInstall function in all versions up to, and including, 2.2.8. This makes it possible for authenticated attackers, with Administrator-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
In Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary file upload vulnerability that could allow an attacker to upload an ASP script file to a webserver when logged in as manager user, which can lead to arbitrary code execution.
Artica Pandora FMS 7.44 allows arbitrary file upload (leading to remote command execution) via the File Manager feature.
Nagios XI 5.7.5 and earlier allows authenticated admins to upload arbitrary files due to improper validation of the rename functionality in custom-includes component, which leads to remote code execution by uploading php files.
File Upload vulnerability found in KiteCMS v.1.1 allows a remote attacker to execute arbitrary code via the uploadFile function.
A vulnerability was found in SourceCodester Prison Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /Admin/add-admin.php of the component Avatar Handler. The manipulation of the argument avatar leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259631.
A vulnerability classified as problematic was found in SourceCodester Storage Unit Rental Management System 1.0. This vulnerability affects unknown code of the file classes/Users.php?f=save. The manipulation leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-223552.
An authenticated arbitrary file upload vulnerability in the /uploads/ endpoint of CMS Made Simple Foundation File Manager v2.2.22 allows attackers with Administrator privileges to execute arbitrary code via uploading a crafted PHP file.
A vulnerability was found in Meizhou Qingyunke QYKCMS 4.3.0. It has been classified as problematic. This affects an unknown part of the file /admin_system/api.php of the component Update Handler. The manipulation of the argument downurl leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-223287.
A vulnerability was found in SourceCodester Prison Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /Admin/edit-photo.php of the component Avatar Handler. The manipulation of the argument avatar leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-259630 is the identifier assigned to this vulnerability.
A vulnerability was found in SourceCodester Gadget Works Online Ordering System 1.0. It has been classified as problematic. This affects an unknown part of the file admin/products/controller.php?action=add of the component Products Handler. The manipulation of the argument filename leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-223215.
Yoga Class Registration System version 1.0 allows an administrator to execute commands on the server. This is possible because the application does not correctly validate the thumbnails of the classes uploaded by the administrators.
baserCMS before version 4.4.1 is affected by Remote Code Execution (RCE). Code may be executed by logging in as a system administrator and uploading an executable script file such as a PHP file. The Edit template component is vulnerable. The issue is fixed in version 4.4.1.
The Ultra Addons for Contact Form 7 plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'save_options' function in all versions up to, and including, 3.5.12. This makes it possible for authenticated attackers, with Administrator-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
The Mozart FM Transmitter web management interface on version WEBMOZZI-00287, contains an unrestricted file upload vulnerability in the /patch.php endpoint. An attacker with administrative credentials can upload arbitrary files (e.g., PHP webshells), which are stored in the /patch/ directory. This allows the attacker to execute arbitrary commands on the server, potentially leading to full system compromise.
The Make Connector plugin for WordPress is vulnerable to arbitrary file uploads due to misconfigured file type validation in the 'upload_media' function in all versions up to, and including, 1.5.10. This makes it possible for authenticated attackers, with Administrator-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
Ulearn version a5a7ca20de859051ea0470542844980a66dfc05d allows an attacker with administrator permissions to obtain remote code execution on the server through the image upload functionality. This occurs because the application does not validate that the uploaded image is actually an image.
The CSV Me plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'csv_me_options_page' function in all versions up to, and including, 2.0. This makes it possible for authenticated attackers, with Administrator-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
QDocs Smart School Management System 7.1 allows authenticated users with roles such as "accountant" or "admin" to bypass file type restrictions in the media upload feature by abusing the alternate YouTube URL option. This logic flaw permits uploading of arbitrary PHP files, which are stored in a web-accessible directory.
An unrestricted file upload vulnerability exists in the Product Image section of the VirtueMart backend. Authenticated attackers can upload files with arbitrary extensions, including executable or malicious files, potentially leading to remote code execution or other security impacts depending on server configuration.
The ZYREX POPUP WordPress plugin through 1.0 does not validate the type of files uploaded when creating a popup, allowing a high privileged user (such as an Administrator) to upload arbitrary files, even when modifying the file system is disallowed, such as in a multisite install.
A vulnerability was found in Guizhou 115cms 4.2. It has been classified as problematic. Affected is an unknown function of the file /admin/content/index. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-222738 is the identifier assigned to this vulnerability.
The Migration, Backup, Staging – WPvivid Backup & Migration plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'wpvivid_upload_import_files' function in all versions up to, and including, 0.9.116. This makes it possible for authenticated attackers, with Administrator-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. NOTE: Uploaded files are only accessible on WordPress instances running on the NGINX web server as the existing .htaccess within the target file upload folder prevents access on Apache servers.
File Upload vulnerability in balerocms-src 0.8.3 allows remote attackers to run arbitrary code via rich text editor on /admin/main/mod-blog page.
e107 CMS version 3.2.1 contains a critical file upload vulnerability that allows authenticated administrators to override arbitrary server files through path traversal. The vulnerability exists in the Media Manager's remote URL upload functionality (image.php) where the upload_caption parameter is not properly sanitized. An attacker with administrative privileges can use directory traversal sequences (../../../) in the upload_caption field to overwrite critical system files outside the intended upload directory. This can lead to complete compromise of the web application by overwriting configuration files, executable scripts, or other critical system components. The vulnerability was discovered by Hubert Wojciechowski and affects the image.php component in the admin interface.
Zoho ManageEngine Applications Manager 14710 and before allows an authenticated admin user to upload a vulnerable jar in a specific location, which leads to remote code execution.
e107 CMS version 3.2.1 contains a file upload vulnerability that allows authenticated administrative users to bypass upload restrictions and execute PHP files. Attackers can upload malicious PHP files to parent directories by manipulating the upload URL parameter, enabling remote code execution through the Media Manager import feature.
e107 CMS version 3.2.1 contains a file upload vulnerability that allows authenticated administrators to override server files through the Media Manager import functionality. Attackers can exploit the upload mechanism by manipulating the upload URL parameter to overwrite existing files like top.php in the web application directory.
A Shell Upload vulnerability in Tourism Management System 2.0 allows an attacker to upload and execute arbitrary PHP shell scripts on the server, leading to remote code execution and unauthorized access to the system. This can result in the compromise of sensitive data and system functionality.
File upload vulnerability in CMS Made Simple through 2.2.15 allows remote authenticated attackers to gain a webshell via a crafted phar file.
Remote Code Execution vulnerability in GetSimpleCMS before 3.3.16 in admin/upload.php via phar filess.
File Upload vulnerability found in Online Travel Agency System v.1.0 allows a remote attacker to execute arbitrary code via a crafted PHP file to the artical.php.
Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in arbitrary code execution. A high-privilege attacker could exploit this vulnerability by uploading a malicious file to the system, which could then be executed. Exploitation of this issue does not require user interaction.
Unrestricted Upload of File with Dangerous Type vulnerability in Jordy Meow AI Engine: ChatGPT Chatbot.This issue affects AI Engine: ChatGPT Chatbot: from n/a through 2.2.63.
Unrestricted Upload of File with Dangerous Type in GitHub repository microweber/microweber prior to 1.3.2.
Some Dahua software products have a vulnerability of unrestricted upload of file. After obtaining the permissions of administrators, by sending a specific crafted packet to the vulnerable interface, an attacker can upload arbitrary files.
In AeroCms v0.0.1, there is an arbitrary file upload vulnerability at /admin/posts.php?source=edit_post , through which we can upload webshell and control the web server.
An arbitrary file upload vulnerability in the Server Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary code via a crafted PHP file.
An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0. Remote code execution can occur through ClientUploader by an authenticated admin user. An authenticated admin user can upload files through the ClientUploader utility, and traverse to any other directory for remote code execution.
An arbitrary file upload vulnerability in /queuing/admin/ajax.php?action=save_settings of Dynamic Transaction Queuing System v1.0 allows attackers to execute arbitrary code via a crafted PHP file.
In b2evolution 7.2.5, if configured with admins_can_manipulate_sensitive_files, arbitrary file upload is allowed for admins, leading to command execution. NOTE: the vendor's position is that this is "very obviously a feature not an issue and if you don't like that feature it is very obvious how to disable it."
The Upload Visualization plugin in the Microstrategy Web 10.4 admin panel allows an administrator to upload a ZIP archive containing files with arbitrary extensions and data. (This is also exploitable via SSRF). Note: The ability to upload visualization plugins requires administrator privileges.
The VikRentCar Car Rental Management System plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the do_updatecar and createcar functions in all versions up to, and including, 1.4.3. This makes it possible for authenticated attackers, with Administrator-level access and above, to upload arbitrary files on the affected site's server, which may make remote code execution possible.
The BookingPress plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient filename validation in the 'bookingpress_process_upload' function in all versions up to, and including 1.0.87. This allows an authenticated attacker with administrator-level capabilities or higher to upload arbitrary files on the affected site's server, enabling remote code execution.
Online Leave Management System v1.0 was discovered to contain an arbitrary file upload vulnerability at /leave_system/classes/SystemSettings.php?f=update_settings. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.
An arbitrary file upload vulnerability in the image upload function of Canteen Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file.
Unrestricted Upload of File with Dangerous Type vulnerability in vcita Online Booking & Scheduling Calendar for WordPress by vcita allows Using Malicious Files. This issue affects Online Booking & Scheduling Calendar for WordPress by vcita: from n/a through 4.5.3.
Canteen Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via /youthappam/php_action/editProductImage.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.
Emlog Pro 1.6.0 plugins upload suffers from a remote code execution (RCE) vulnerability.
Canteen Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via ip/youthappam/php_action/editFile.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.