A vulnerability was found in kkFileView 4.4.0. It has been classified as critical. This affects an unknown part of the file /fileUpload. The manipulation of the argument File leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
A vulnerability, which was classified as critical, was found in zzskzy Warehouse Refinement Management System 3.1. Affected is the function ProcessRequest of the file /AcceptZip.ashx. The manipulation of the argument file leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
A vulnerability was found in hansunCMS 1.4.3. It has been declared as critical. This vulnerability affects unknown code of the file /ueditor/net/controller.ashx?action=catchimage. The manipulation leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-227230 is the identifier assigned to this vulnerability.
A vulnerability has been found in SourceCodester Online Pizza Ordering System 1.0 and classified as critical. This vulnerability affects unknown code of the file admin/ajax.php?action=save_settings. The manipulation of the argument img leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-227236.
A vulnerability was identified in h-moses moga-mall up to 392d631a5ef15962a9bddeeb9f1269b9085473fa. This vulnerability affects the function addProduct of the file src/main/java/com/ms/product/controller/PmsProductController.java. Such manipulation of the argument objectName leads to unrestricted upload. The attack may be performed from remote. This product utilizes a rolling release system for continuous delivery, and as such, version information for affected or updated releases is not disclosed.
A security vulnerability has been detected in code-projects Student File Management System 1.0. This affects an unknown part of the file /save_file.php. Such manipulation of the argument File leads to unrestricted upload. The attack can be executed remotely. The exploit has been disclosed publicly and may be used.
A security vulnerability has been detected in code-projects College Notes Uploading System 1.0. Impacted is an unknown function of the file /dashboard/userprofile.php. The manipulation of the argument image leads to unrestricted upload. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used.
A vulnerability has been found in shishuocms 1.1 and classified as critical. This vulnerability affects the function handleRequest of the file src/main/java/com/shishuo/cms/action/manage/ManageUpLoadAction.java. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
A vulnerability has been found in Zorlan SkyCaiji 2.9 and classified as critical. This vulnerability affects the function fileAction of the file vendor/skycaiji/app/admin/controller/Tool.php. The manipulation of the argument save_data leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
A vulnerability has been found in kefaming mayi up to 1.3.9 and classified as critical. This vulnerability affects the function Upload of the file app/tools/controller/File.php. The manipulation of the argument File leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
A vulnerability classified as critical has been found in itsourcecode Content Management System 1.0. This affects an unknown part of the file /admin/add_topic.php?category=BBS. The manipulation of the argument Cover Image leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Unrestricted Upload of File with Dangerous Type vulnerability in FTP function on Mitsubishi Electric Corporation MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series EtherNet/IP module FX5-ENET/IP allows a remote unauthenticated attacker to cause information disclosure, tampering, deletion or destruction via file upload/download. As a result, the attacker may be able to exploit this for further attacks.
A vulnerability has been found in osuuu LightPicture 1.2.2 and classified as critical. This vulnerability affects the function upload of the file /app/controller/Api.php. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
A vulnerability classified as critical was found in IBOS 4.5.5. This vulnerability affects unknown code of the component htaccess Handler. The manipulation leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-224632.
A vulnerability classified as critical was found in OTCMS 6.0.1. Affected by this vulnerability is an unknown functionality of the file sysCheckFile.php?mudi=sql. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-224749 was assigned to this vulnerability.
A vulnerability, which was classified as critical, was found in SourceCodester Online Computer and Laptop Store 1.0. This affects an unknown part of the file php-ocls\admin\system_info\index.php. The manipulation of the argument img leads to unrestricted upload. It is possible to initiate the attack remotely. The identifier VDB-224841 was assigned to this vulnerability.
A vulnerability was found in Simple Art Gallery 1.0. It has been declared as critical. This vulnerability affects the function sliderPicSubmit of the file adminHome.php. The manipulation leads to unrestricted upload. The attack can be initiated remotely. VDB-223126 is the identifier assigned to this vulnerability.
A vulnerability, which was classified as critical, was found in code-projects Simple Online Hotel Reservation System 1.0. Affected is an unknown function of the file add_room.php. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. VDB-223554 is the identifier assigned to this vulnerability.
A vulnerability, which was classified as critical, was found in RockOA 2.3.2. This affects the function runAction of the file acloudCosAction.php.SQL. The manipulation of the argument fileid leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-223401 was assigned to this vulnerability.
A vulnerability, which was classified as critical, has been found in zj1983 zz up to 2024-8. This issue affects some unknown processing of the file src/main/java/com/futvan/z/system/zfile/ZfileAction.upload. The manipulation of the argument file leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
A vulnerability was found in SourceCodester Simple and Beautiful Shopping Cart System 1.0 and classified as critical. This issue affects some unknown processing of the file upload.php. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-224627.
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability has been found in UpThemes Theme DesignFolio Plus 1.2 on WordPress and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of the patch is 53f6ae62878076f99718e5feb589928e83c879a9. It is recommended to apply a patch to fix this issue. The identifier VDB-221809 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
A vulnerability classified as critical has been found in SourceCodester Simple Music Player 1.0. Affected is an unknown function of the file save_music.php. The manipulation of the argument filename leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-223362 is the identifier assigned to this vulnerability.
A vulnerability was found in xzjie cms up to 1.0.3 and classified as critical. This issue affects some unknown processing of the file /api/upload. The manipulation of the argument uploadFile leads to unrestricted upload. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-223367.
A vulnerability has been found in SourceCodester Online Computer and Laptop Store 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/?page=user of the component Avatar Handler. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-225319.
A vulnerability classified as critical has been found in Simple and Beautiful Shopping Cart System 1.0. This affects an unknown part of the file uploadera.php. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-223551.
A vulnerability classified as critical has been found in ChestnutCMS up to 1.5.2. This affects the function uploadFile of the file /dev-api/cms/file/upload. The manipulation of the argument file leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
A vulnerability has been found in SourceCodester Online Pizza Ordering System 1.0 and classified as critical. Affected by this vulnerability is the function save_menu. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-222979.
A flaw has been found in liweiyi ChestnutCMS up to 1.5.8. This vulnerability affects the function FilenameUtils.getExtension of the file /dev-api/common/upload of the component Filename Handler. Executing manipulation of the argument File can lead to unrestricted upload. The attack may be launched remotely. The exploit has been published and may be used.
A vulnerability was detected in Bdtask Flight Booking Software up to 3.1. This affects an unknown part of the file /b2c/package-information of the component Package Information Module. The manipulation results in unrestricted upload. The attack can be launched remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
** UNSUPPORTED WHEN ASSIGNED ** ** DISPUTED ** A vulnerability has been found in cyberaz0r WebRAT up to 20191222 and classified as critical. This vulnerability affects the function download_file of the file Server/api.php. The manipulation of the argument name leads to unrestricted upload. The attack can be initiated remotely. The real existence of this vulnerability is still doubted at the moment. The patch is identified as 0c394a795b9c10c07085361e6fcea286ee793701. It is recommended to apply a patch to fix this issue. VDB-257782 is the identifier assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: The issue, discovered in a 20-stars GitHub project (now private) by its author, had CVE requested by a third party 4 years post-resolution, referencing the fix commit (now a broken link). Due to minimal attention and usage, it should not be eligible for CVE according to the project maintainer.
A vulnerability has been found in codeprojects Pharmacy Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file add.php of the component Avatar Image Handler. The manipulation leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-221494 is the identifier assigned to this vulnerability.
A vulnerability was found in SourceCodester Image Accordion Gallery App 1.0. It has been classified as critical. This affects an unknown part of the file /endpoint/add-image.php. The manipulation of the argument image_name leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-258873 was assigned to this vulnerability.
File Upload vulnerability in the function for employees to upload avatars in Code-Projects Simple School Management System v1.0 allows attackers to run arbitrary code via upload of crafted file.
A security vulnerability has been detected in code-projects Online Hotel Reservation System 1.0. This affects an unknown function of the file /admin/addexec.php. Such manipulation of the argument image leads to unrestricted upload. The attack can be executed remotely. The exploit has been disclosed publicly and may be used.
A vulnerability was found in UCMS 1.6 and classified as critical. This issue affects some unknown processing of the file sadmin/fileedit.php of the component System File Management Module. The manipulation of the argument file leads to unrestricted upload. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-222683.
A security vulnerability has been detected in Selleo Mentingo up to 2025.08.27. The affected element is an unknown function of the component Profile Picture Handler. The manipulation of the argument userAvatar leads to unrestricted upload. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
A security vulnerability has been detected in zhuimengshaonian wisdom-education up to 1.0.4. Impacted is the function uploadFile of the file src/main/java/com/education/core/controller/UploadController.java. Such manipulation of the argument File leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used.
A vulnerability classified as critical has been found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0. Affected is an unknown function of the file /admin/update-rooms.php. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-256968. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
A vulnerability, which was classified as critical, has been found in 74CMS 3.28.0. Affected by this issue is the function sendCompanyLogo of the file /controller/company/Index.php#sendCompanyLogo of the component Company Logo Handler. The manipulation of the argument imgBase64 leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257060.
A vulnerability was found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/rooms.php. The manipulation leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-256966 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
A weakness has been identified in code-projects Online Hotel Reservation System 1.0. The impacted element is an unknown function of the file /admin/editpicexec.php. This manipulation of the argument image causes unrestricted upload. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be exploited.
A vulnerability was found in kuangstudy KuangSimpleBBS 1.0. It has been declared as critical. Affected by this vulnerability is the function fileUpload of the file src/main/java/com/kuang/controller/QuestionController.java. The manipulation of the argument editormd-image-file leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
A vulnerability, which was classified as critical, was found in zhenfeng13 My-BBS 1.0. This affects the function Upload of the file src/main/java/com/my/bbs/controller/common/UploadController.java of the component Endpoint. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
A vulnerability classified as critical was found in SourceCodester Web-based Pharmacy Product Management System 1.0. This vulnerability affects unknown code of the file /edit-product.php. The manipulation of the argument Avatar leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
A security flaw has been discovered in projectworlds Advanced Library Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /edit_book.php. The manipulation of the argument image results in unrestricted upload. It is possible to launch the attack remotely. The exploit has been released to the public and may be exploited.
A vulnerability was identified in itsourcecode Open Source Job Portal 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/user/controller.php?action=photos. The manipulation of the argument photo leads to unrestricted upload. The attack is possible to be carried out remotely. The exploit is publicly available and might be used.
A vulnerability was detected in Selleo Mentingo 2025.08.27. The impacted element is an unknown function of the component Content-Type Handler. The manipulation of the argument userAvatar results in unrestricted upload. The attack may be performed from remote. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
A vulnerability was determined in academico-sis academico up to d9a9e2636fbf7e5845ee086bcb03ca62faceb6ab. Affected by this issue is some unknown functionality of the file /edit-photo of the component Profile Picture Handler. This manipulation causes unrestricted upload. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized. This product adopts a rolling release strategy to maintain continuous delivery The vendor was contacted early about this disclosure but did not respond in any way.
A vulnerability has been found in Yonyou U8 Cloud up to 5.1sp. The impacted element is an unknown function of the file /service/NCloudGatewayServlet of the component Request Header Handler. Such manipulation of the argument ts/sign leads to unrestricted upload. The attack may be performed from remote. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.