Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-40425

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-16 Jul, 2024 | 00:00
Updated At-02 Aug, 2024 | 04:33
Rejected At-
Credits

File Upload vulnerability in Nanjin Xingyuantu Technology Co Sparkshop (Spark Mall B2C Mall v.1.1.6 and before allows a remote attacker to execute arbitrary code via the contorller/common.php component.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:16 Jul, 2024 | 00:00
Updated At:02 Aug, 2024 | 04:33
Rejected At:
▼CVE Numbering Authority (CNA)

File Upload vulnerability in Nanjin Xingyuantu Technology Co Sparkshop (Spark Mall B2C Mall v.1.1.6 and before allows a remote attacker to execute arbitrary code via the contorller/common.php component.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://gist.github.com/J1rrY-learn/26524d4714a81cf2d64583069e96f765
N/A
Hyperlink: https://gist.github.com/J1rrY-learn/26524d4714a81cf2d64583069e96f765
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CISA ADP Vulnrichment
Affected Products
Vendor
nanjing_xingyuantu_technology
Product
sparkshop
CPEs
  • cpe:2.3:a:nanjing_xingyuantu_technology:sparkshop:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 through 1.1.6 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-434CWE-434 Unrestricted Upload of File with Dangerous Type
Type: CWE
CWE ID: CWE-434
Description: CWE-434 Unrestricted Upload of File with Dangerous Type
Metrics
VersionBase scoreBase severityVector
3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
2. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://gist.github.com/J1rrY-learn/26524d4714a81cf2d64583069e96f765
x_transferred
Hyperlink: https://gist.github.com/J1rrY-learn/26524d4714a81cf2d64583069e96f765
Resource:
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:16 Jul, 2024 | 18:15
Updated At:28 Apr, 2025 | 14:46

File Upload vulnerability in Nanjin Xingyuantu Technology Co Sparkshop (Spark Mall B2C Mall v.1.1.6 and before allows a remote attacker to execute arbitrary code via the contorller/common.php component.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CPE Matches
sparkshop
sparkshop
>>sparkshop>>Versions before 1.1.7(exclusive)
cpe:2.3:a:sparkshop:sparkshop:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-434Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-434
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://gist.github.com/J1rrY-learn/26524d4714a81cf2d64583069e96f765cve@mitre.org
Broken Link
https://gist.github.com/J1rrY-learn/26524d4714a81cf2d64583069e96f765af854a3a-2127-422b-91ae-364da2661108
Broken Link
Hyperlink: https://gist.github.com/J1rrY-learn/26524d4714a81cf2d64583069e96f765
Source: cve@mitre.org
Resource:
Broken Link
Hyperlink: https://gist.github.com/J1rrY-learn/26524d4714a81cf2d64583069e96f765
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link

Change History

0
Information is not available yet

Similar CVEs

1189Records found
CVE-2022-43305
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.53% / 67.53%
||
7 Day CHG~0.00%
Published-07 Nov, 2022 | 00:00
Updated-05 May, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The d8s-python for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-algorithms package. The affected version of d8s-htm is 0.1.0.

Action-Not Available
Vendor-democritusn/a
Product-d8s-pythonn/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2022-43265
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.87% / 75.49%
||
7 Day CHG~0.00%
Published-15 Nov, 2022 | 00:00
Updated-30 Apr, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An arbitrary file upload vulnerability in the component /pages/save_user.php of Canteen Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file.

Action-Not Available
Vendor-n/amayuri_k
Product-canteen_management_systemn/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2022-43303
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.53% / 67.53%
||
7 Day CHG~0.00%
Published-07 Nov, 2022 | 00:00
Updated-05 May, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The d8s-strings for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-uuids package. The affected version of d8s-htm is 0.1.0.

Action-Not Available
Vendor-democritusn/a
Product-d8s-stringsn/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2012-5190
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-10.75% / 93.43%
||
7 Day CHG~0.00%
Published-21 Jan, 2020 | 15:21
Updated-06 Aug, 2024 | 20:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Prizm Content Connect 5.1 has an Arbitrary File Upload Vulnerability

Action-Not Available
Vendor-accusoftn/a
Product-prizm_content_connectn/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2022-4328
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-9.8||CRITICAL
EPSS-69.27% / 98.67%
||
7 Day CHG-10.04%
Published-06 Mar, 2023 | 13:34
Updated-04 Mar, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WooCommerce Checkout Field Manager < 18.0 - Unauthenticated Arbitrary File Upload

The WooCommerce Checkout Field Manager WordPress plugin before 18.0 does not validate files to be uploaded, which could allow unauthenticated attackers to upload arbitrary files such as PHP on the server

Action-Not Available
Vendor-najeebmediaUnknown
Product-woocommerce_checkout_field_managerWooCommerce Checkout Field Manager
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2022-4273
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-7.3||HIGH
EPSS-0.36% / 58.09%
||
7 Day CHG~0.00%
Published-03 Dec, 2022 | 00:00
Updated-03 Aug, 2024 | 01:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Human Resource Management System Content-Type employee.php unrestricted upload

A vulnerability, which was classified as critical, has been found in SourceCodester Human Resource Management System 1.0. This issue affects some unknown processing of the file /hrm/controller/employee.php of the component Content-Type Handler. The manipulation of the argument pfimg leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-214769 was assigned to this vulnerability.

Action-Not Available
Vendor-oretnom23SourceCodester
Product-human_resource_management_systemHuman Resource Management Systemhuman_resource_management_system
CWE ID-CWE-266
Incorrect Privilege Assignment
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2022-4272
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.36% / 58.35%
||
7 Day CHG~0.00%
Published-03 Dec, 2022 | 00:00
Updated-15 Apr, 2025 | 13:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
FeMiner wms unrestricted upload

A vulnerability, which was classified as critical, has been found in FeMiner wms. Affected by this issue is some unknown functionality of the file /product/savenewproduct.php?flag=1. The manipulation of the argument upfile leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-214760.

Action-Not Available
Vendor-warehouse_management_system_projectFeMiner
Product-warehouse_management_systemwms
CWE ID-CWE-266
Incorrect Privilege Assignment
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2022-42443
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-2.2||LOW
EPSS-0.06% / 19.37%
||
7 Day CHG~0.00%
Published-17 Feb, 2024 | 16:10
Updated-22 Jan, 2025 | 17:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Trusteer for mobile file upload

An undisclosed issue in Trusteer iOS SDK for mobile versions prior to 5.7 and Trusteer Android SDK for mobile versions prior to 5.7 may allow uploading of files. IBM X-Force ID: 238535.

Action-Not Available
Vendor-IBM Corporation
Product-trusteer_ios_sdk_for_mobiletrusteer_android_sdk_for_mobileTrusteer iOS SDKTrusteer Android SDK
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2022-43234
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.80% / 74.29%
||
7 Day CHG~0.00%
Published-16 Nov, 2022 | 00:00
Updated-30 Apr, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An arbitrary file upload vulnerability in the /attachments component of Hoosk v1.8 allows attackers to execute arbitrary code via a crafted PHP file.

Action-Not Available
Vendor-hooskn/a
Product-hooskn/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2022-42698
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.8||CRITICAL
EPSS-0.84% / 74.96%
||
7 Day CHG~0.00%
Published-18 Nov, 2022 | 22:15
Updated-28 Apr, 2026 | 16:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Api2Cart Bridge Connector plugin <= 1.1.0 - Arbitrary File Upload vulnerability

Unauth. Arbitrary File Upload vulnerability in WordPress Api2Cart Bridge Connector plugin <= 1.1.0 on WordPress.

Action-Not Available
Vendor-api2cartAPI2Cart
Product-api2cart_bridge_connectorApi2Cart Bridge Connector (WordPress plugin)
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2022-4276
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.23% / 45.81%
||
7 Day CHG~0.00%
Published-03 Dec, 2022 | 00:00
Updated-15 Apr, 2025 | 13:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
House Rental System POST Request tenant-engine.php unrestricted upload

A vulnerability was found in House Rental System and classified as critical. Affected by this issue is some unknown functionality of the file tenant-engine.php of the component POST Request Handler. The manipulation of the argument id_photo leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-214772.

Action-Not Available
Vendor-house_rental_system_projectunspecified
Product-house_rental_systemHouse Rental System
CWE ID-CWE-266
Incorrect Privilege Assignment
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2022-43304
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.53% / 67.53%
||
7 Day CHG~0.00%
Published-07 Nov, 2022 | 00:00
Updated-05 May, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The d8s-timer for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-uuids package. The affected version of d8s-htm is 0.1.0.

Action-Not Available
Vendor-democritusn/a
Product-d8s-timern/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2022-43074
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.80% / 74.29%
||
7 Day CHG~0.00%
Published-10 Nov, 2022 | 00:00
Updated-01 May, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

AyaCMS v3.1.2 was discovered to contain an arbitrary file upload vulnerability via the component /admin/fst_upload.inc.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.

Action-Not Available
Vendor-ayacms_projectn/a
Product-ayacmsn/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2022-42971
Matching Score-4
Assigner-Schneider Electric
ShareView Details
Matching Score-4
Assigner-Schneider Electric
CVSS Score-9.8||CRITICAL
EPSS-2.58% / 85.76%
||
7 Day CHG-0.77%
Published-01 Feb, 2023 | 00:00
Updated-05 Feb, 2025 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists that could cause remote code execution when the attacker uploads a malicious JSP file. Affected Products: APC Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GA), APC Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 - Versions prior to V2.5-GA-01-22261), Schneider Electric Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GS), Schneider Electric Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 - Versions prior to V2.5-GS-01-22261)

Action-Not Available
Vendor-Microsoft CorporationSchneider Electric SE
Product-windows_server_2016apc_easy_ups_online_monitoring_softwareeasy_ups_online_monitoring_softwarewindows_7windows_11windows_10windows_server_2022windows_server_2019Schneider Electric Easy UPS Online Monitoring SoftwareAPC Easy UPS Online Monitoring Software
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2021-26473
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.74% / 73.23%
||
7 Day CHG~0.00%
Published-08 Jun, 2021 | 18:38
Updated-16 Sep, 2024 | 22:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unauthenticated arbitrary file upload and command execution in Vembu products

In VembuBDR before 4.2.0.1 and VembuOffsiteDR before 4.2.0.1 the http API located at /sgwebservice_o.php action logFilePath allows an attacker to write arbitrary files in the context of the web server process. These files can then be executed remotely by calling the file via the web server.

Action-Not Available
Vendor-vembun/a
Product-offsite_drbdr_suiten/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2022-41573
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-9.98% / 93.14%
||
7 Day CHG~0.00%
Published-07 Jan, 2025 | 00:00
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Ovidentia 8.3. The file upload feature does not prevent the uploading of executable files. A user can upload a .png file containing PHP code and then rename it to have the .php extension. It will then be accessible at an images/common/ URI for remote code execution.

Action-Not Available
Vendor-n/a
Product-n/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2022-41380
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.87% / 75.46%
||
7 Day CHG~0.00%
Published-11 Oct, 2022 | 00:00
Updated-20 May, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The d8s-yaml package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-file-system package. The affected version is 0.1.0.

Action-Not Available
Vendor-democritusn/a
Product-d8s-yamln/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2022-41381
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.87% / 75.46%
||
7 Day CHG~0.00%
Published-11 Oct, 2022 | 00:00
Updated-20 May, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The d8s-utility package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-file-system package. The affected version is 0.1.0.

Action-Not Available
Vendor-democritusn/a
Product-d8s-utilityn/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2022-42044
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.47% / 64.99%
||
7 Day CHG~0.00%
Published-11 Oct, 2022 | 00:00
Updated-19 May, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The d8s-asns package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-html package. The affected version is 0.1.0.

Action-Not Available
Vendor-democritusn/a
Product-d8s-asnsn/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2022-41705
Matching Score-4
Assigner-Fluid Attacks
ShareView Details
Matching Score-4
Assigner-Fluid Attacks
CVSS Score-9.8||CRITICAL
EPSS-5.95% / 90.75%
||
7 Day CHG~0.00%
Published-25 Nov, 2022 | 00:00
Updated-29 Apr, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Badaso version 2.6.3 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application does not properly validate the data uploaded by users.

Action-Not Available
Vendor-uatechn/a
Product-badasoBadaso
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2022-42043
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.47% / 64.99%
||
7 Day CHG~0.00%
Published-11 Oct, 2022 | 00:00
Updated-19 May, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The d8s-xml package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-html package. The affected version is 0.1.0.

Action-Not Available
Vendor-democritusn/a
Product-d8s-xmln/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2022-42154
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.80% / 74.29%
||
7 Day CHG~0.00%
Published-17 Oct, 2022 | 00:00
Updated-14 May, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An arbitrary file upload vulnerability in the component /apiadmin/upload/attach of 74cmsSE v3.13.0 allows attackers to execute arbitrary code via a crafted PHP file.

Action-Not Available
Vendor-74cmsn/a
Product-74cmssen/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2022-42040
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.47% / 64.99%
||
7 Day CHG~0.00%
Published-11 Oct, 2022 | 00:00
Updated-19 May, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The d8s-algorithms package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-dicts package. The affected version is 0.1.0.

Action-Not Available
Vendor-democritusn/a
Product-d8s-algorithmsn/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2022-41387
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.47% / 64.99%
||
7 Day CHG~0.00%
Published-11 Oct, 2022 | 00:00
Updated-20 May, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The d8s-pdfs package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-urls package. The affected version is 0.1.0.

Action-Not Available
Vendor-democritusn/a
Product-d8s-pdfsn/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2022-41383
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.47% / 64.99%
||
7 Day CHG~0.00%
Published-11 Oct, 2022 | 00:00
Updated-20 May, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The d8s-archives package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-file-system package. The affected version is 0.1.0.

Action-Not Available
Vendor-democritusn/a
Product-d8s-archivesn/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2022-41382
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.37% / 58.97%
||
7 Day CHG~0.00%
Published-11 Oct, 2022 | 00:00
Updated-20 May, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The d8s-json package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-file-system package. The affected version is 0.1.0.

Action-Not Available
Vendor-democritusn/a
Product-d8s-jsonn/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2021-26809
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.78% / 73.94%
||
7 Day CHG~0.00%
Published-17 Feb, 2021 | 14:32
Updated-03 Aug, 2024 | 20:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHPGurukul Car Rental Project version 2.0 suffers from a remote shell upload vulnerability in changeimage1.php.

Action-Not Available
Vendor-n/aPHPGurukul LLP
Product-car_rental_portaln/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2022-41386
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.47% / 64.99%
||
7 Day CHG~0.00%
Published-11 Oct, 2022 | 00:00
Updated-20 May, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The d8s-utility package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-urls package. The affected version is 0.1.0.

Action-Not Available
Vendor-democritusn/a
Product-d8s-utilityn/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2022-41384
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.47% / 64.99%
||
7 Day CHG~0.00%
Published-11 Oct, 2022 | 00:00
Updated-20 May, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The d8s-domains package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-urls package. The affected version is 0.1.0.

Action-Not Available
Vendor-democritusn/a
Product-d8s-domainsn/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2022-41385
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.47% / 64.99%
||
7 Day CHG~0.00%
Published-11 Oct, 2022 | 00:00
Updated-20 May, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The d8s-html package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-urls package. The affected version is 0.1.0.

Action-Not Available
Vendor-democritusn/a
Product-d8s-htmln/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2022-42037
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.47% / 64.99%
||
7 Day CHG~0.00%
Published-11 Oct, 2022 | 00:00
Updated-20 May, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The d8s-asns package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-csv package. The affected version is 0.1.0.

Action-Not Available
Vendor-democritusn/a
Product-d8s-asnsn/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2021-26740
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.85% / 75.17%
||
7 Day CHG~0.00%
Published-01 Nov, 2021 | 15:32
Updated-03 Aug, 2024 | 20:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Arbitrary file upload vulnerability sysupload.php in millken doyocms 2.3 allows attackers to execute arbitrary code.

Action-Not Available
Vendor-doyocms_projectn/a
Product-doyocmsn/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2022-41711
Matching Score-4
Assigner-Fluid Attacks
ShareView Details
Matching Score-4
Assigner-Fluid Attacks
CVSS Score-9.8||CRITICAL
EPSS-10.00% / 93.15%
||
7 Day CHG~0.00%
Published-25 Oct, 2022 | 00:00
Updated-07 May, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Badaso version 2.6.0 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application does not properly validate the data uploaded by users.

Action-Not Available
Vendor-uatechn/a
Product-badasoBadaso
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2019-18643
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.30% / 79.98%
||
7 Day CHG~0.00%
Published-07 Jan, 2021 | 20:45
Updated-05 Aug, 2024 | 01:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Rock RMS versions before 8.10 and versions 9.0 through 9.3 fails to properly validate files uploaded in the application. The only protection mechanism is a file-extension blacklist that can be bypassed by adding multiple spaces and periods after the file name. This could allow an attacker to upload ASPX code and gain remote code execution on the application. The application typically runs as LocalSystem as mandated in the installation guide. Patched in versions 8.10 and 9.4.

Action-Not Available
Vendor-sparkdevnetworkn/a
Product-rock_rmsn/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2022-41217
Matching Score-4
Assigner-Dutch Institute for Vulnerability Disclosure (DIVD)
ShareView Details
Matching Score-4
Assigner-Dutch Institute for Vulnerability Disclosure (DIVD)
CVSS Score-9.8||CRITICAL
EPSS-0.67% / 71.60%
||
7 Day CHG~0.00%
Published-22 Feb, 2023 | 14:42
Updated-01 Apr, 2025 | 04:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cloudflow - Unauthenticated file upload vulnerability

Cloudflow contains a unauthenticated file upload vulnerability, which makes it possible for an attacker to upload malicious files to the CLOUDFLOW PROOFSCOPE built-in storage.

Action-Not Available
Vendor-hybridsoftwareHybrid Software
Product-cloudflowCloudflow
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2022-42036
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.47% / 64.99%
||
7 Day CHG~0.00%
Published-11 Oct, 2022 | 00:00
Updated-03 Aug, 2024 | 12:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The d8s-urls package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-csv package. The affected version is 0.1.0.

Action-Not Available
Vendor-democritusn/a
Product-d8s-urlsn/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2022-42039
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.47% / 64.99%
||
7 Day CHG~0.00%
Published-11 Oct, 2022 | 00:00
Updated-19 May, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The d8s-lists package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-dicts package. The affected version is 0.1.0.

Action-Not Available
Vendor-democritusn/a
Product-d8s-listsn/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2022-42038
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.47% / 64.99%
||
7 Day CHG~0.00%
Published-11 Oct, 2022 | 00:00
Updated-19 May, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The d8s-ip-addresses package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-csv package. The affected version is 0.1.0.

Action-Not Available
Vendor-democritusn/a
Product-d8s-ip-addressesn/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2022-40050
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.43% / 63.01%
||
7 Day CHG~0.00%
Published-26 Sep, 2022 | 19:11
Updated-21 May, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ZFile v4.1.1 was discovered to contain an arbitrary file upload vulnerability via the component /file/upload/1.

Action-Not Available
Vendor-zfilen/a
Product-zfilen/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2022-40432
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.43% / 62.91%
||
7 Day CHG~0.00%
Published-19 Sep, 2022 | 15:23
Updated-03 Aug, 2024 | 12:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The d8s-strings for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-hypothesis package. The affected version is 0.1.0.

Action-Not Available
Vendor-d8s-strings_projectn/a
Product-d8s-stringsn/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2022-4047
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-9.8||CRITICAL
EPSS-73.30% / 98.82%
||
7 Day CHG~0.00%
Published-26 Dec, 2022 | 12:28
Updated-14 Apr, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Return Refund and Exchange For WooCommerce < 4.0.9 - Unauthenticated Arbitrary File Upload

The Return Refund and Exchange For WooCommerce WordPress plugin before 4.0.9 does not validate attachment files to be uploaded via an AJAX action available to unauthenticated users, which could allow them to upload arbitrary files such as PHP and lead to RCE

Action-Not Available
Vendor-wpswingsUnknown
Product-return_refund_and_exchange_for_woocommerceReturn Refund and Exchange For WooCommerce
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2022-3982
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-9.8||CRITICAL
EPSS-72.00% / 98.77%
||
7 Day CHG~0.00%
Published-12 Dec, 2022 | 17:54
Updated-22 Apr, 2025 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Booking Calendar < 3.2.2 - Unauthenticated Arbitrary File Upload

The Booking calendar, Appointment Booking System WordPress plugin before 3.2.2 does not validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as PHP and achieve RCE

Action-Not Available
Vendor-UnknownWpDevArt
Product-booking_calendarBooking calendar, Appointment Booking System
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2022-40471
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-90.33% / 99.61%
||
7 Day CHG~0.00%
Published-31 Oct, 2022 | 00:00
Updated-06 May, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Remote Code Execution in Clinic's Patient Management System v 1.0 allows Attacker to Upload arbitrary php webshell via profile picture upload functionality in users.php

Action-Not Available
Vendor-n/aoretnom23
Product-clinic\'s_patient_management_systemn/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2022-40087
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.04% / 77.70%
||
7 Day CHG~0.00%
Published-22 Sep, 2022 | 21:29
Updated-27 May, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Simple College Website v1.0 was discovered to contain an arbitrary file write vulnerability via the function file_put_contents(). This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.

Action-Not Available
Vendor-simple_college_website_projectn/a
Product-simple_college_websiten/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2021-25208
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.02% / 77.44%
||
7 Day CHG~0.00%
Published-23 Jul, 2021 | 13:04
Updated-03 Aug, 2024 | 19:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Arbitrary file upload vulnerability in SourceCodester Travel Management System v 1.0 allows attackers to execute arbitrary code via the file upload to updatepackage.php.

Action-Not Available
Vendor-travel_management_system_projectn/a
Product-travel_management_systemn/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2022-40037
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.39% / 80.62%
||
7 Day CHG~0.00%
Published-24 Jan, 2023 | 00:00
Updated-02 Apr, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue discovered in Rawchen blog-ssm v1.0 allows remote attacker to escalate privileges and execute arbitrary commands via the component /upFile.

Action-Not Available
Vendor-javaweb_blog_projectn/a
Product-javaweb_blogn/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2021-24370
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-9.8||CRITICAL
EPSS-79.79% / 99.12%
||
7 Day CHG~0.00%
Published-21 Jun, 2021 | 00:00
Updated-03 Aug, 2024 | 19:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Fancy Product Designer < 4.6.9 - Unauthenticated Arbitrary File Upload and RCE

The Fancy Product Designer WordPress plugin before 4.6.9 allows unauthenticated attackers to upload arbitrary files, resulting in remote code execution.

Action-Not Available
Vendor-radykalUnknown
Product-fancy_product_designerFancy Product Designer
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2011-10004
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.18% / 39.43%
||
7 Day CHG~0.00%
Published-16 Oct, 2023 | 23:31
Updated-16 Sep, 2024 | 15:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
reciply Plugin uploadImage.php unrestricted upload

A vulnerability was found in reciply Plugin up to 1.1.7 on WordPress. It has been rated as critical. This issue affects some unknown processing of the file uploadImage.php. The manipulation leads to unrestricted upload. The attack may be initiated remotely. Upgrading to version 1.1.8 is able to address this issue. The identifier of the patch is e3ff616dc08d3aadff9253f1085e13f677d0c676. It is recommended to upgrade the affected component. The identifier VDB-242189 was assigned to this vulnerability.

Action-Not Available
Vendor-reciply_projectn/a
Product-reciplyreciply Plugin
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2021-25210
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.94% / 76.54%
||
7 Day CHG~0.00%
Published-22 Jul, 2021 | 18:52
Updated-03 Aug, 2024 | 19:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Arbitrary file upload vulnerability in SourceCodester Alumni Management System v 1.0 allows attackers to execute arbitrary code, via the file upload to manage_event.php.

Action-Not Available
Vendor-alumni_management_system_projectn/a
Product-alumni_management_systemn/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2022-40431
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.39% / 60.25%
||
7 Day CHG~0.00%
Published-19 Sep, 2022 | 15:11
Updated-03 Aug, 2024 | 12:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The d8s-pdfs for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-networking package. The affected version is 0.1.0.

Action-Not Available
Vendor-d8s-pdfs_projectn/a
Product-d8s-pdfsn/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
  • Previous
  • 1
  • 2
  • ...
  • 13
  • 14
  • 15
  • ...
  • 23
  • 24
  • Next
Details not found