Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2023-5919

Summary
Assigner-VulDB
Assigner Org ID-1af790b2-7ee1-4545-860a-a788eba489b5
Published At-02 Nov, 2023 | 13:31
Updated At-27 Feb, 2025 | 18:51
Rejected At-
Credits

SourceCodester Company Website CMS Create Blog Page createblog unrestricted upload

A vulnerability was found in SourceCodester Company Website CMS 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /dashboard/createblog of the component Create Blog Page. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-244310 is the identifier assigned to this vulnerability.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:VulDB
Assigner Org ID:1af790b2-7ee1-4545-860a-a788eba489b5
Published At:02 Nov, 2023 | 13:31
Updated At:27 Feb, 2025 | 18:51
Rejected At:
▼CVE Numbering Authority (CNA)
SourceCodester Company Website CMS Create Blog Page createblog unrestricted upload

A vulnerability was found in SourceCodester Company Website CMS 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /dashboard/createblog of the component Create Blog Page. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-244310 is the identifier assigned to this vulnerability.

Affected Products
Vendor
SourceCodesterSourceCodester
Product
Company Website CMS
Modules
  • Create Blog Page
Versions
Affected
  • 1.0
Problem Types
TypeCWE IDDescription
CWECWE-434CWE-434 Unrestricted Upload
Type: CWE
CWE ID: CWE-434
Description: CWE-434 Unrestricted Upload
Metrics
VersionBase scoreBase severityVector
3.14.7MEDIUM
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
3.04.7MEDIUM
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
2.05.8N/A
AV:N/AC:L/Au:M/C:P/I:P/A:P
Version: 3.1
Base score: 4.7
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
Version: 3.0
Base score: 4.7
Base severity: MEDIUM
Vector:
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
Version: 2.0
Base score: 5.8
Base severity: N/A
Vector:
AV:N/AC:L/Au:M/C:P/I:P/A:P
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
analyst
pursuithappiness (VulDB User)
Timeline
EventDate
Advisory disclosed2023-11-02 00:00:00
VulDB entry created2023-11-02 01:00:00
VulDB entry last update2023-11-02 09:22:39
Event: Advisory disclosed
Date: 2023-11-02 00:00:00
Event: VulDB entry created
Date: 2023-11-02 01:00:00
Event: VulDB entry last update
Date: 2023-11-02 09:22:39
Replaced By
Rejected Reason
References
HyperlinkResource
https://vuldb.com/?id.244310
vdb-entry
https://vuldb.com/?ctiid.244310
signature
permissions-required
https://www.jianshu.com/p/a451953f36f1?v=1698808954608
exploit
Hyperlink: https://vuldb.com/?id.244310
Resource:
vdb-entry
Hyperlink: https://vuldb.com/?ctiid.244310
Resource:
signature
permissions-required
Hyperlink: https://www.jianshu.com/p/a451953f36f1?v=1698808954608
Resource:
exploit
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://vuldb.com/?id.244310
vdb-entry
x_transferred
https://vuldb.com/?ctiid.244310
signature
permissions-required
x_transferred
https://www.jianshu.com/p/a451953f36f1?v=1698808954608
exploit
x_transferred
Hyperlink: https://vuldb.com/?id.244310
Resource:
vdb-entry
x_transferred
Hyperlink: https://vuldb.com/?ctiid.244310
Resource:
signature
permissions-required
x_transferred
Hyperlink: https://www.jianshu.com/p/a451953f36f1?v=1698808954608
Resource:
exploit
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cna@vuldb.com
Published At:02 Nov, 2023 | 14:15
Updated At:17 May, 2024 | 02:33

A vulnerability was found in SourceCodester Company Website CMS 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /dashboard/createblog of the component Create Blog Page. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-244310 is the identifier assigned to this vulnerability.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.2HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Secondary3.14.7MEDIUM
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
Secondary2.05.8MEDIUM
AV:N/AC:L/Au:M/C:P/I:P/A:P
Type: Primary
Version: 3.1
Base score: 7.2
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 4.7
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
Type: Secondary
Version: 2.0
Base score: 5.8
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:M/C:P/I:P/A:P
CPE Matches
company_website_cms_project
company_website_cms_project
>>company_website_cms>>1.0
cpe:2.3:a:company_website_cms_project:company_website_cms:1.0:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-434Primarycna@vuldb.com
CWE ID: CWE-434
Type: Primary
Source: cna@vuldb.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://vuldb.com/?ctiid.244310cna@vuldb.com
Permissions Required
Third Party Advisory
https://vuldb.com/?id.244310cna@vuldb.com
Third Party Advisory
https://www.jianshu.com/p/a451953f36f1?v=1698808954608cna@vuldb.com
Exploit
Third Party Advisory
Hyperlink: https://vuldb.com/?ctiid.244310
Source: cna@vuldb.com
Resource:
Permissions Required
Third Party Advisory
Hyperlink: https://vuldb.com/?id.244310
Source: cna@vuldb.com
Resource:
Third Party Advisory
Hyperlink: https://www.jianshu.com/p/a451953f36f1?v=1698808954608
Source: cna@vuldb.com
Resource:
Exploit
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

592Records found
CVE-2024-9975
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.26% / 49.31%
||
7 Day CHG~0.00%
Published-15 Oct, 2024 | 11:00
Updated-16 Oct, 2024 | 13:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Drag and Drop Image Upload upload.php unrestricted upload

A vulnerability was found in SourceCodester Drag and Drop Image Upload 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /upload.php. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-remyandradeSourceCodester
Product-drag_and_drop_image_uploadDrag and Drop Image Uploaddrag_and_drop_image_upload
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-8170
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.57% / 67.63%
||
7 Day CHG~0.00%
Published-26 Aug, 2024 | 15:31
Updated-27 Aug, 2024 | 16:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Zipped Folder Manager App add-folder.php unrestricted upload

A vulnerability classified as problematic has been found in SourceCodester Zipped Folder Manager App 1.0. This affects an unknown part of the file /endpoint/add-folder.php. The manipulation of the argument folder leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-remyandradeSourceCodester
Product-zipped_folder_manager_appZipped Folder Manager Appzipped_folder_manager_app
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-8342
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.41% / 60.27%
||
7 Day CHG~0.00%
Published-30 Aug, 2024 | 15:31
Updated-04 Sep, 2024 | 16:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Petshop Management System add_client.php unrestricted upload

A vulnerability, which was classified as critical, has been found in SourceCodester Petshop Management System 1.0. This issue affects some unknown processing of the file /controllers/add_client.php. The manipulation of the argument image_profile leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-nelzkie15SourceCodester
Product-petshop_management_systemPetshop Management Systempetshop_management_system
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-8341
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.39% / 59.39%
||
7 Day CHG~0.00%
Published-30 Aug, 2024 | 15:00
Updated-04 Sep, 2024 | 16:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Petshop Management System add_user.php unrestricted upload

A vulnerability classified as critical was found in SourceCodester Petshop Management System 1.0. This vulnerability affects unknown code of the file /controllers/add_user.php. The manipulation of the argument avatar leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-nelzkie15SourceCodester
Product-pet_shop_management_systemPetshop Management Systempetshop_management_system
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-6801
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.19% / 41.55%
||
7 Day CHG+0.06%
Published-17 Jul, 2024 | 01:31
Updated-01 Aug, 2024 | 21:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Online Student Management System add-students.php unrestricted upload

A vulnerability, which was classified as critical, has been found in SourceCodester Online Student Management System 1.0. This issue affects some unknown processing of the file /add-students.php. The manipulation of the argument image leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-271703.

Action-Not Available
Vendor-janobeSourceCodester
Product-online_student_management_systemOnline Student Management Systemonline_student_management_system
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-6280
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.11% / 30.18%
||
7 Day CHG~0.00%
Published-24 Jun, 2024 | 03:00
Updated-06 Sep, 2024 | 16:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Simple Online Bidding System unrestricted upload

A vulnerability was found in SourceCodester Simple Online Bidding System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/ajax.php?action=save_settings. The manipulation of the argument img leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-269493 was assigned to this vulnerability.

Action-Not Available
Vendor-oretnom23SourceCodester
Product-simple_online_bidding_systemSimple Online Bidding Systemsimple_online_bidding_system
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-6439
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.12% / 31.61%
||
7 Day CHG-0.02%
Published-02 Jul, 2024 | 11:00
Updated-01 Aug, 2024 | 21:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Home Owners Collection Management System unrestricted upload

A vulnerability was found in SourceCodester Home Owners Collection Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /classes/Users.php?f=save. The manipulation of the argument img leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-270167.

Action-Not Available
Vendor-home_owners_collection_management_system_projectSourceCodester
Product-home_owners_collection_management_systemHome Owners Collection Management Systemhome_owners_collection_management_system
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-4927
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.17% / 37.95%
||
7 Day CHG+0.02%
Published-16 May, 2024 | 02:31
Updated-09 Dec, 2024 | 22:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Simple Online Bidding System unrestricted upload

A vulnerability was found in SourceCodester Simple Online Bidding System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /simple-online-bidding-system/admin/ajax.php?action=save_product. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-264463.

Action-Not Available
Vendor-oretnom23SourceCodester
Product-simple_online_bidding_systemSimple Online Bidding Systemsimple_online_bidding_system
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-4966
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.22% / 44.57%
||
7 Day CHG+0.03%
Published-16 May, 2024 | 08:00
Updated-10 Feb, 2025 | 13:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester SchoolWebTech home.php unrestricted upload

A vulnerability was found in SourceCodester SchoolWebTech 1.0. It has been classified as critical. Affected is an unknown function of the file /improve/home.php. The manipulation of the argument image leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-264534 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-sinamjacksonSourceCodester
Product-schoolwebtechSchoolWebTech
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-4921
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.27% / 50.19%
||
7 Day CHG~0.00%
Published-16 May, 2024 | 00:31
Updated-10 Feb, 2025 | 13:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Employee and Visitor Gate Pass Logging System unrestricted upload

A vulnerability classified as critical has been found in SourceCodester Employee and Visitor Gate Pass Logging System 1.0. Affected is an unknown function of the file /employee_gatepass/classes/Users.php?f=ssave. The manipulation of the argument img leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-264456.

Action-Not Available
Vendor-SourceCodesteroretnom23
Product-employee_and_visitor_gate_pass_logging_systemEmployee and Visitor Gate Pass Logging Systememployee_visitor_gatepass_logging_system
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-4920
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.27% / 50.18%
||
7 Day CHG~0.00%
Published-16 May, 2024 | 00:00
Updated-10 Feb, 2025 | 13:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Online Discussion Forum Site registerH.php unrestricted upload

A vulnerability was found in SourceCodester Online Discussion Forum Site 1.0. It has been rated as critical. This issue affects some unknown processing of the file registerH.php. The manipulation of the argument ima leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-264455.

Action-Not Available
Vendor-SourceCodesterrazormist
Product-online_discussion_forum_siteOnline Discussion Forum Siteonline_discussion_forum_site
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-4809
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.19% / 41.40%
||
7 Day CHG+0.03%
Published-13 May, 2024 | 00:31
Updated-11 Feb, 2025 | 15:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Open Source Clinic Management System setting.php unrestricted upload

A vulnerability has been found in SourceCodester Open Source Clinic Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file setting.php. The manipulation of the argument logo leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263929 was assigned to this vulnerability.

Action-Not Available
Vendor-nikhil-bhaleraoSourceCodester
Product-open_source_clinic_management_systemOpen Source Clinic Management System
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-4349
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-7.3||HIGH
EPSS-0.20% / 41.82%
||
7 Day CHG~0.00%
Published-30 Apr, 2024 | 23:00
Updated-27 Aug, 2025 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Pisay Online E-Learning System controller.php unrestricted upload

A vulnerability has been found in SourceCodester Pisay Online E-Learning System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /lesson/controller.php. The manipulation of the argument file leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-262489 was assigned to this vulnerability.

Action-Not Available
Vendor-donbermoySourceCodester
Product-pisay_online_e-learning_systemPisay Online E-Learning System
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-3948
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.19% / 41.08%
||
7 Day CHG~0.00%
Published-18 Apr, 2024 | 11:00
Updated-10 Feb, 2025 | 19:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Home Clean Service System Photo student.add.php unrestricted upload

A vulnerability was found in SourceCodester Home Clean Service System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file \admin\student.add.php of the component Photo Handler. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-261440.

Action-Not Available
Vendor-library_system_projectSourceCodester
Product-library_systemHome Clean Service Systemhome_cleaning_service_system
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-3129
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.08% / 24.08%
||
7 Day CHG~0.00%
Published-01 Apr, 2024 | 16:00
Updated-21 Nov, 2024 | 09:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Image Accordion Gallery App add-image.php unrestricted upload

A vulnerability was found in SourceCodester Image Accordion Gallery App 1.0. It has been classified as critical. This affects an unknown part of the file /endpoint/add-image.php. The manipulation of the argument image_name leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-258873 was assigned to this vulnerability.

Action-Not Available
Vendor-SourceCodester
Product-Image Accordion Gallery Appimage_accordion_gallery_app
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-2930
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-7.3||HIGH
EPSS-0.33% / 54.87%
||
7 Day CHG~0.00%
Published-26 Mar, 2024 | 23:31
Updated-18 Feb, 2025 | 17:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Music Gallery Site unrestricted upload

A vulnerability was found in SourceCodester Music Gallery Site 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file classes/Master.php?f=save_music. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-258001 was assigned to this vulnerability.

Action-Not Available
Vendor-SourceCodesteroretnom23
Product-music_gallery_siteMusic Gallery Sitemusic_gallery_site
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-2849
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.08% / 24.04%
||
7 Day CHG~0.00%
Published-23 Mar, 2024 | 17:31
Updated-18 Feb, 2025 | 16:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Simple File Manager unrestricted upload

A vulnerability classified as critical was found in SourceCodester Simple File Manager 1.0. This vulnerability affects unknown code. The manipulation of the argument photo leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-257770 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-ganeshrktSourceCodester
Product-simple_file_manager_web_appSimple File Managersimple_file_manager
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-2690
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.14% / 34.68%
||
7 Day CHG~0.00%
Published-20 Mar, 2024 | 10:00
Updated-18 Feb, 2025 | 16:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Online Discussion Forum Site uupdate.php unrestricted upload

A vulnerability was found in SourceCodester Online Discussion Forum Site 1.0. It has been classified as critical. Affected is an unknown function of the file /uupdate.php. The manipulation of the argument ima leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257388.

Action-Not Available
Vendor-SourceCodesterrazormist
Product-online_discussion_forum_siteOnline Discussion Forum Siteonline_discussion_forum_site
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-2604
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.08% / 24.08%
||
7 Day CHG~0.00%
Published-18 Mar, 2024 | 21:00
Updated-10 Apr, 2025 | 20:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester File Manager App update-file.php unrestricted upload

A vulnerability was found in SourceCodester File Manager App 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /endpoint/update-file.php. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-257182 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-SourceCodester
Product-File Manager Appfile_management_app
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-1875
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.13% / 32.94%
||
7 Day CHG~0.00%
Published-25 Feb, 2024 | 23:31
Updated-10 Dec, 2024 | 19:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Complaint Management System Lodge Complaint Section register-complaint.php unrestricted upload

A vulnerability was found in SourceCodester Complaint Management System 1.0 and classified as critical. This issue affects some unknown processing of the file users/register-complaint.php of the component Lodge Complaint Section. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-254723.

Action-Not Available
Vendor-razormistSourceCodester
Product-complaint_management_systemComplaint Management Systemcomplaint_management_system
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-1598
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.07% / 21.72%
||
7 Day CHG~0.00%
Published-23 Feb, 2025 | 23:31
Updated-28 Feb, 2025 | 19:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Best Church Management Software asset_crud.php unrestricted upload

A vulnerability was found in SourceCodester Best Church Management Software 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/app/asset_crud.php. The manipulation of the argument photo1 leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-SourceCodestermayuri_k
Product-best_church_management_softwareBest Church Management Software
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2023-1739
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.07% / 20.60%
||
7 Day CHG~0.00%
Published-30 Mar, 2023 | 20:31
Updated-02 Aug, 2024 | 05:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Simple and Beautiful Shopping Cart System upload.php unrestricted upload

A vulnerability was found in SourceCodester Simple and Beautiful Shopping Cart System 1.0 and classified as critical. This issue affects some unknown processing of the file upload.php. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-224627.

Action-Not Available
Vendor-simple_and_beautiful_shopping_cart_system_projectSourceCodester
Product-simple_and_beautiful_shopping_cart_systemSimple and Beautiful Shopping Cart System
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2023-1479
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.07% / 20.88%
||
7 Day CHG~0.00%
Published-18 Mar, 2023 | 08:25
Updated-02 Aug, 2024 | 05:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Simple Music Player save_music.php unrestricted upload

A vulnerability classified as critical has been found in SourceCodester Simple Music Player 1.0. Affected is an unknown function of the file save_music.php. The manipulation of the argument filename leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-223362 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-simple_music_player_projectSourceCodester
Product-simple_music_playerSimple Music Player
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-5377
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.11% / 30.92%
||
7 Day CHG~0.00%
Published-26 May, 2024 | 21:00
Updated-10 Feb, 2025 | 13:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Vehicle Management System newvehicle.php unrestricted upload

A vulnerability was found in SourceCodester Vehicle Management System 1.0. It has been classified as critical. This affects an unknown part of the file /newvehicle.php. The manipulation of the argument file leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-266289 was assigned to this vulnerability.

Action-Not Available
Vendor-warrendaloyanSourceCodester
Product-vehicle_management_systemVehicle Management Systemvehicle_service_management_system
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-5145
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.09% / 26.34%
||
7 Day CHG~0.00%
Published-20 May, 2024 | 22:31
Updated-10 Feb, 2025 | 13:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Vehicle Management System HTTP POST Request newdriver.php unrestricted upload

A vulnerability was found in SourceCodester Vehicle Management System up to 1.0 and classified as critical. This issue affects some unknown processing of the file /newdriver.php of the component HTTP POST Request Handler. The manipulation of the argument file leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-265289 was assigned to this vulnerability.

Action-Not Available
Vendor-warrendaloyanSourceCodester
Product-vehicle_management_systemVehicle Management System
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-5047
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.21% / 44.06%
||
7 Day CHG~0.00%
Published-17 May, 2024 | 13:31
Updated-10 Feb, 2025 | 14:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Student Management System controller.php unrestricted upload

A vulnerability classified as critical has been found in SourceCodester Student Management System 1.0. Affected is an unknown function of the file /student/controller.php. The manipulation of the argument photo leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-264744.

Action-Not Available
Vendor-kabir-m-alhasanSourceCodester
Product-student_management_systemStudent Management System
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-4945
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.18% / 40.48%
||
7 Day CHG+0.03%
Published-16 May, 2024 | 05:00
Updated-10 Feb, 2025 | 13:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Best Courier Management System view_parcel.php unrestricted upload

A vulnerability was found in SourceCodester Best Courier Management System 1.0. It has been classified as problematic. Affected is an unknown function of the file view_parcel.php. The manipulation of the argument id leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-264480.

Action-Not Available
Vendor-mayuri_kSourceCodester
Product-best_courier_management_systemBest Courier Management System
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-4820
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.17% / 38.11%
||
7 Day CHG~0.00%
Published-13 May, 2024 | 14:00
Updated-11 Feb, 2025 | 15:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Online Computer and Laptop Store unrestricted upload

A vulnerability was found in SourceCodester Online Computer and Laptop Store 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /classes/SystemSettings.php?f=update_settings. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263941 was assigned to this vulnerability.

Action-Not Available
Vendor-oretnom23SourceCodester
Product-online_computer_and_laptop_storeOnline Computer and Laptop Store
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-4946
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.29% / 52.30%
||
7 Day CHG~0.00%
Published-16 May, 2024 | 05:31
Updated-10 Feb, 2025 | 13:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Online Art Gallery Management System adminHome.php unrestricted upload

A vulnerability was found in SourceCodester Online Art Gallery Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file admin/adminHome.php. The manipulation of the argument sliderpic leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-264481 was assigned to this vulnerability.

Action-Not Available
Vendor-donbermoySourceCodester
Product-online_art_gallery_management_systemOnline Art Gallery Management Systemonline_art_gallery_management_system
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-4500
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.06% / 18.12%
||
7 Day CHG~0.00%
Published-05 May, 2024 | 18:00
Updated-10 Feb, 2025 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Prison Management System edit-photo.php unrestricted upload

A vulnerability was found in SourceCodester Prison Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /Employee/edit-photo.php. The manipulation of the argument userImage leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263104.

Action-Not Available
Vendor-fast5SourceCodester
Product-prison_management_systemPrison Management System
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2022-36580
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.29% / 51.47%
||
7 Day CHG~0.00%
Published-31 Aug, 2022 | 19:44
Updated-03 Aug, 2024 | 10:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An arbitrary file upload vulnerability in the component /admin/products/controller.php?action=add of Online Ordering System v2.3.2 allows attackers to execute arbitrary code via a crafted PHP file.

Action-Not Available
Vendor-online_ordering_system_projectn/a
Product-online_ordering_systemn/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2022-36285
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.2||HIGH
EPSS-1.85% / 82.27%
||
7 Day CHG+1.00%
Published-23 Aug, 2022 | 15:48
Updated-20 Feb, 2025 | 20:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Uploading SVG, WEBP and ICO files plugin <= 1.0.1 - Authenticated Arbitrary File Upload vulnerability

Authenticated Arbitrary File Upload vulnerability in dmitrylitvinov Uploading SVG, WEBP and ICO files plugin <= 1.0.1 at WordPress.

Action-Not Available
Vendor-uploading_svg\,_webp_and_ico_files_projectdmitrylitvinov
Product-uploading_svg\,_webp_and_ico_filesUploading SVG, WEBP and ICO files (WordPress plugin)
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-13908
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-7.2||HIGH
EPSS-0.31% / 53.48%
||
7 Day CHG~0.00%
Published-08 Mar, 2025 | 07:04
Updated-13 Mar, 2025 | 13:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SMTP by BestWebSoft <= 1.1.9 - Authenticated (Administrator+) Arbitrary File Upload

The SMTP by BestWebSoft plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'save_options' function in all versions up to, and including, 1.1.9. This makes it possible for authenticated attackers, with Administrator-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.

Action-Not Available
Vendor-BestWebSoft
Product-smtpSMTP by BestWebSoft
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2022-36769
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-7.2||HIGH
EPSS-0.12% / 31.00%
||
7 Day CHG~0.00%
Published-26 Apr, 2023 | 02:52
Updated-31 Jan, 2025 | 16:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Cloud Pak for Data file upload

IBM Cloud Pak for Data 4.5 and 4.6 could allow a privileged user to upload malicious files of dangerous types that can be automatically processed within the product's environment. IBM X-Force ID: 232034.

Action-Not Available
Vendor-Red Hat, Inc.IBM Corporation
Product-openshiftcloud_pak_for_dataCloud Pak for Data
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2022-36582
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.29% / 51.47%
||
7 Day CHG~0.00%
Published-31 Aug, 2022 | 19:44
Updated-03 Aug, 2024 | 10:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An arbitrary file upload vulnerability in the component /php_action/createProduct.php of Garage Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file.

Action-Not Available
Vendor-n/amayuri_k
Product-garage_management_systemn/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2018-19422
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-81.16% / 99.12%
||
7 Day CHG~0.00%
Published-21 Nov, 2018 | 00:00
Updated-05 Aug, 2024 | 11:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

/panel/uploads in Subrion CMS 4.2.1 allows remote attackers to execute arbitrary PHP code via a .pht or .phar file, because the .htaccess file omits these.

Action-Not Available
Vendor-intelliantsn/a
Product-subrion_cmsn/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2022-36066
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-9.1||CRITICAL
EPSS-1.26% / 78.55%
||
7 Day CHG~0.00%
Published-29 Sep, 2022 | 19:35
Updated-23 Apr, 2025 | 16:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Discourse vulnerable to RCE via admins uploading maliciously zipped file

Discourse is an open source discussion platform. In versions prior to 2.8.9 on the `stable` branch and prior to 2.9.0.beta10 on the `beta` and `tests-passed` branches, admins can upload a maliciously crafted Zip or Gzip Tar archive to write files at arbitrary locations and trigger remote code execution. The problem is patched in version 2.8.9 on the `stable` branch and version 2.9.0.beta10 on the `beta` and `tests-passed` branches. There are no known workarounds.

Action-Not Available
Vendor-Civilized Discourse Construction Kit, Inc.
Product-discoursediscourse
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2022-34965
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-2.22% / 83.83%
||
7 Day CHG~0.00%
Published-25 Jul, 2022 | 00:00
Updated-03 Aug, 2024 | 10:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain an arbitrary file upload vulnerability via the component /ossn/administrator/com_installer. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. Note: The project owner believes this is intended behavior of the application as it only allows authenticated admins to upload files.

Action-Not Available
Vendor-openteknikn/aopenteknik
Product-open_source_social_networkn/aopen_source_social_network
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2022-3552
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-7.2||HIGH
EPSS-53.73% / 97.91%
||
7 Day CHG~0.00%
Published-17 Oct, 2022 | 00:00
Updated-12 May, 2025 | 18:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unrestricted Upload of File with Dangerous Type in boxbilling/boxbilling

Unrestricted Upload of File with Dangerous Type in GitHub repository boxbilling/boxbilling prior to 0.0.1.

Action-Not Available
Vendor-boxbillingboxbilling
Product-boxbillingboxbilling/boxbilling
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-2268
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.7||MEDIUM
EPSS-0.06% / 18.34%
||
7 Day CHG~0.00%
Published-07 Mar, 2024 | 22:31
Updated-12 Mar, 2025 | 13:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
keerti1924 Online-Book-Store-Website unrestricted upload

A vulnerability was found in keerti1924 Online-Book-Store-Website 1.0. It has been classified as critical. Affected is an unknown function of the file /product_update.php?update=1. The manipulation of the argument update_image leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-256038 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-keerti1924keerti1924keerti1924
Product-online_bookstore_websiteOnline-Book-Store-Websiteonline_bookstore
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-13723
Matching Score-4
Assigner-KoreLogic Security
ShareView Details
Matching Score-4
Assigner-KoreLogic Security
CVSS Score-7.2||HIGH
EPSS-0.17% / 38.69%
||
7 Day CHG~0.00%
Published-04 Feb, 2025 | 22:02
Updated-06 Feb, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Checkmk NagVis Remote Code Execution

The "NagVis" component within Checkmk is vulnerable to remote code execution. An authenticated attacker with administrative level privileges is able to upload a malicious PHP file and modify specific settings to execute the contents of the file as PHP.

Action-Not Available
Vendor-Checkmk GmbH
Product-NagVis
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-22152
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8||HIGH
EPSS-0.22% / 44.45%
||
7 Day CHG~0.00%
Published-24 Jan, 2024 | 11:48
Updated-23 May, 2025 | 16:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Product Import Export for WooCommerce Plugin <= 2.3.7 is vulnerable to Arbitrary File Upload

Unrestricted Upload of File with Dangerous Type vulnerability in WebToffee Product Import Export for WooCommerce.This issue affects Product Import Export for WooCommerce: from n/a through 2.3.7.

Action-Not Available
Vendor-webtoffeeWebToffee
Product-product_import_export_for_woocommerceProduct Import Export for WooCommerce
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-3521
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.7||MEDIUM
EPSS-0.08% / 24.38%
||
7 Day CHG+0.02%
Published-09 Apr, 2024 | 22:31
Updated-01 Aug, 2024 | 20:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Byzoro Smart S80 Management Platform userattestation.php unrestricted upload

A vulnerability was found in Byzoro Smart S80 Management Platform up to 20240317. It has been rated as critical. Affected by this issue is some unknown functionality of the file /useratte/userattestation.php. The manipulation of the argument web_img leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259892. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Byzorobyzoro
Product-Smart S80 Management Platformsmart_s80
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-5961
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-7.2||HIGH
EPSS-1.28% / 78.78%
||
7 Day CHG~0.00%
Published-03 Jul, 2025 | 13:44
Updated-09 Jul, 2025 | 17:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Migration, Backup, Staging – WPvivid Backup & Migration <= 0.9.116 - Authenticated (Administrator+) Arbitrary File Upload

The Migration, Backup, Staging – WPvivid Backup & Migration plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'wpvivid_upload_import_files' function in all versions up to, and including, 0.9.116. This makes it possible for authenticated attackers, with Administrator-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. NOTE: Uploaded files are only accessible on WordPress instances running on the NGINX web server as the existing .htaccess within the target file upload folder prevents access on Apache servers.

Action-Not Available
Vendor-wpvividwpvividplugins
Product-migration\,_backup\,_stagingMigration, Backup, Staging – WPvivid Backup & Migration
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2022-3416
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-7.2||HIGH
EPSS-13.27% / 93.89%
||
7 Day CHG~0.00%
Published-09 Jan, 2023 | 22:13
Updated-09 Apr, 2025 | 19:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WPtouch < 4.3.45 - Admin+ Arbitrary File Upload

The WPtouch WordPress plugin before 4.3.45 does not properly validate images to be uploaded, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to (for example in multisite setup)

Action-Not Available
Vendor-bravenewcodeUnknown
Product-wptouchWPtouch
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2022-34578
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.43% / 61.44%
||
7 Day CHG~0.00%
Published-28 Jul, 2022 | 19:38
Updated-03 Aug, 2024 | 09:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Open Source Point of Sale v3.3.7 was discovered to contain an arbitrary file upload vulnerability via the Update Branding Settings page.

Action-Not Available
Vendor-opensourceposn/a
Product-open_source_point_of_salen/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-13869
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-7.2||HIGH
EPSS-10.15% / 92.82%
||
7 Day CHG~0.00%
Published-22 Feb, 2025 | 12:39
Updated-05 Mar, 2025 | 21:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Migration, Backup, Staging – WPvivid <= 0.9.112 - Authenticated (Admin+) Arbitrary File Upload via wpvivid_upload_file

The Migration, Backup, Staging – WPvivid Backup & Migration plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'upload_files' function in all versions up to, and including, 0.9.112. This makes it possible for authenticated attackers, with Administrator-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. NOTE: Uploaded files are only accessible on WordPress instances running on the NGINX web server as the existing .htaccess within the target file upload folder prevents access on Apache servers.

Action-Not Available
Vendor-wpvividwpvividplugins
Product-wpvivid_backup_\&_migrationMigration, Backup, Staging – WPvivid Backup & Migration
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2021-34685
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-2.7||LOW
EPSS-1.97% / 82.78%
||
7 Day CHG~0.00%
Published-08 Nov, 2021 | 03:37
Updated-04 Aug, 2024 | 00:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

UploadService in Hitachi Vantara Pentaho Business Analytics through 9.1 does not properly verify uploaded user files, which allows an authenticated user to upload various files of different file types. Specifically, a .jsp file is not allowed, but a .jsp. file is allowed (and leads to remote code execution).

Action-Not Available
Vendor-n/aHitachi, Ltd.
Product-vantara_pentahon/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2021-35244
Matching Score-4
Assigner-SolarWinds
ShareView Details
Matching Score-4
Assigner-SolarWinds
CVSS Score-6.8||MEDIUM
EPSS-19.20% / 95.13%
||
7 Day CHG~0.00%
Published-20 Dec, 2021 | 20:08
Updated-16 Sep, 2024 | 22:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unrestricted File Upload Causing Remote Code Execution: Orion Platform 2020.2.6

The "Log alert to a file" action within action management enables any Orion Platform user with Orion alert management rights to write to any file. An attacker with Orion alert management rights could use this vulnerability to perform an unrestricted file upload causing a remote code execution.

Action-Not Available
Vendor-SolarWinds Worldwide, LLC.Microsoft Corporation
Product-windowsorion_platformOrion Platform
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2021-35290
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.21% / 43.27%
||
7 Day CHG~0.00%
Published-24 Feb, 2023 | 00:00
Updated-12 Mar, 2025 | 13:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

File Upload vulnerability in balerocms-src 0.8.3 allows remote attackers to run arbitrary code via rich text editor on /admin/main/mod-blog page.

Action-Not Available
Vendor-balero_cms_projectn/a
Product-balero_cmsn/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • ...
  • 11
  • 12
  • Next
Details not found