Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-7705

Summary
Assigner-VulDB
Assigner Org ID-1af790b2-7ee1-4545-860a-a788eba489b5
Published At-12 Aug, 2024 | 22:31
Updated At-13 Aug, 2024 | 16:07
Rejected At-
Credits

Fujian mwcms Image Upload uploadeditor.html uploadeditor unrestricted upload

A vulnerability was found in Fujian mwcms 1.0.0. It has been declared as critical. Affected by this vulnerability is the function uploadeditor of the file /uploadeditor.html?action=uploadimage of the component Image Upload. The manipulation of the argument upfile leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:VulDB
Assigner Org ID:1af790b2-7ee1-4545-860a-a788eba489b5
Published At:12 Aug, 2024 | 22:31
Updated At:13 Aug, 2024 | 16:07
Rejected At:
▼CVE Numbering Authority (CNA)
Fujian mwcms Image Upload uploadeditor.html uploadeditor unrestricted upload

A vulnerability was found in Fujian mwcms 1.0.0. It has been declared as critical. Affected by this vulnerability is the function uploadeditor of the file /uploadeditor.html?action=uploadimage of the component Image Upload. The manipulation of the argument upfile leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Affected Products
Vendor
Fujian
Product
mwcms
Modules
  • Image Upload
Versions
Affected
  • 1.0.0
Problem Types
TypeCWE IDDescription
CWECWE-434CWE-434 Unrestricted Upload
Type: CWE
CWE ID: CWE-434
Description: CWE-434 Unrestricted Upload
Metrics
VersionBase scoreBase severityVector
4.05.1MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
3.14.7MEDIUM
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
3.04.7MEDIUM
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
2.05.8N/A
AV:N/AC:L/Au:M/C:P/I:P/A:P
Version: 4.0
Base score: 5.1
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
Version: 3.1
Base score: 4.7
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
Version: 3.0
Base score: 4.7
Base severity: MEDIUM
Vector:
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
Version: 2.0
Base score: 5.8
Base severity: N/A
Vector:
AV:N/AC:L/Au:M/C:P/I:P/A:P
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

reporter
Dee.Mirage (VulDB User)
Timeline
EventDate
Advisory disclosed2024-08-12 00:00:00
VulDB entry created2024-08-12 02:00:00
VulDB entry last update2024-08-12 18:12:05
Event: Advisory disclosed
Date: 2024-08-12 00:00:00
Event: VulDB entry created
Date: 2024-08-12 02:00:00
Event: VulDB entry last update
Date: 2024-08-12 18:12:05
Replaced By

Rejected Reason

References
HyperlinkResource
https://vuldb.com/?id.274183
vdb-entry
technical-description
https://vuldb.com/?ctiid.274183
signature
permissions-required
https://vuldb.com/?submit.385617
third-party-advisory
https://github.com/DeepMountains/Mirage/blob/main/CVE12-1.md
exploit
Hyperlink: https://vuldb.com/?id.274183
Resource:
vdb-entry
technical-description
Hyperlink: https://vuldb.com/?ctiid.274183
Resource:
signature
permissions-required
Hyperlink: https://vuldb.com/?submit.385617
Resource:
third-party-advisory
Hyperlink: https://github.com/DeepMountains/Mirage/blob/main/CVE12-1.md
Resource:
exploit
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Vendor
fujian
Product
mwcms
CPEs
  • cpe:2.3:a:fujian:mwcms:1.0.0:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • 1.0.0
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cna@vuldb.com
Published At:12 Aug, 2024 | 23:15
Updated At:16 Sep, 2024 | 16:15

A vulnerability was found in Fujian mwcms 1.0.0. It has been declared as critical. Affected by this vulnerability is the function uploadeditor of the file /uploadeditor.html?action=uploadimage of the component Image Upload. The manipulation of the argument upfile leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.05.1MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary3.15.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Secondary3.14.7MEDIUM
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
Secondary2.05.8MEDIUM
AV:N/AC:L/Au:M/C:P/I:P/A:P
Type: Secondary
Version: 4.0
Base score: 5.1
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Primary
Version: 3.1
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Type: Secondary
Version: 3.1
Base score: 4.7
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
Type: Secondary
Version: 2.0
Base score: 5.8
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:M/C:P/I:P/A:P
CPE Matches

mainwww
mainwww
>>mwcms>>1.0.0
cpe:2.3:a:mainwww:mwcms:1.0.0:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-434Primarycna@vuldb.com
CWE ID: CWE-434
Type: Primary
Source: cna@vuldb.com
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://github.com/DeepMountains/Mirage/blob/main/CVE12-1.mdcna@vuldb.com
Broken Link
https://vuldb.com/?ctiid.274183cna@vuldb.com
Permissions Required
VDB Entry
https://vuldb.com/?id.274183cna@vuldb.com
Permissions Required
VDB Entry
https://vuldb.com/?submit.385617cna@vuldb.com
Third Party Advisory
VDB Entry
Hyperlink: https://github.com/DeepMountains/Mirage/blob/main/CVE12-1.md
Source: cna@vuldb.com
Resource:
Broken Link
Hyperlink: https://vuldb.com/?ctiid.274183
Source: cna@vuldb.com
Resource:
Permissions Required
VDB Entry
Hyperlink: https://vuldb.com/?id.274183
Source: cna@vuldb.com
Resource:
Permissions Required
VDB Entry
Hyperlink: https://vuldb.com/?submit.385617
Source: cna@vuldb.com
Resource:
Third Party Advisory
VDB Entry

Change History

0
Information is not available yet

Similar CVEs

102Records found

CVE-2023-1185
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.7||MEDIUM
EPSS-0.06% / 19.01%
||
7 Day CHG~0.00%
Published-06 Mar, 2023 | 07:06
Updated-02 Aug, 2024 | 05:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ECshop New Product unrestricted upload

A vulnerability, which was classified as problematic, was found in ECshop up to 4.1.8. This affects an unknown part of the component New Product Handler. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-222357 was assigned to this vulnerability.

Action-Not Available
Vendor-shopexn/a
Product-ecshopECshop
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-25994
Matching Score-4
Assigner-CERT@VDE
ShareView Details
Matching Score-4
Assigner-CERT@VDE
CVSS Score-5.3||MEDIUM
EPSS-0.24% / 46.32%
||
7 Day CHG+0.09%
Published-12 Mar, 2024 | 08:10
Updated-24 Jan, 2025 | 07:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PHOENIX CONTACT: Unintended script file upload in CHARX Series

An unauthenticated remote attacker can upload a arbitrary script file due to improper input validation. The upload destination is fixed and is write only.

Action-Not Available
Vendor-Phoenix Contact GmbH & Co. KG
Product-charx_sec-3000_firmwarecharx_sec-3000charx_sec-3150_firmwarecharx_sec-3150charx_sec-3050charx_sec-3100_firmwarecharx_sec-3050_firmwarecharx_sec-3100CHARX SEC-3000CHARX SEC-3050CHARX SEC-3150CHARX SEC-3100charx_sec_3100charx_sec_3150charx_sec_3050charx_sec_3000
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2022-4732
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-4.7||MEDIUM
EPSS-0.87% / 74.33%
||
7 Day CHG~0.00%
Published-24 Dec, 2022 | 00:00
Updated-10 Apr, 2025 | 20:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unrestricted Upload of File with Dangerous Type in microweber/microweber

Unrestricted Upload of File with Dangerous Type in GitHub repository microweber/microweber prior to 1.3.2.

Action-Not Available
Vendor-Microweber (‘Microweber Academy’ Foundation)
Product-microwebermicroweber/microweber
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-5131
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.1||MEDIUM
EPSS-0.07% / 22.80%
||
7 Day CHG~0.00%
Published-24 May, 2025 | 20:31
Updated-03 Jun, 2025 | 15:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tmall Demo uploadCategoryImage unrestricted upload

A vulnerability was found in Tmall Demo up to 20250505. It has been declared as critical. This vulnerability affects the function uploadCategoryImage of the file tmall/admin/uploadCategoryImage. The manipulation of the argument File leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-project_teamTmall
Product-tmall_demoDemo
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-5130
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.1||MEDIUM
EPSS-0.05% / 16.79%
||
7 Day CHG~0.00%
Published-24 May, 2025 | 20:00
Updated-16 Jun, 2025 | 17:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tmall Demo uploadProductImage unrestricted upload

A vulnerability was found in Tmall Demo up to 20250505. It has been classified as critical. This affects the function uploadProductImage of the file tmall/admin/uploadProductImage. The manipulation of the argument File leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-project_teamTmall
Product-tmall_demoDemo
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-4926
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.1||MEDIUM
EPSS-0.05% / 16.79%
||
7 Day CHG~0.00%
Published-19 May, 2025 | 09:31
Updated-19 May, 2025 | 14:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PHPGurukul Car Rental Project post-avehical.php unrestricted upload

A vulnerability was found in PHPGurukul Car Rental Project 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/post-avehical.php. The manipulation of the argument img1/img2/img3/img4/img5 leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-PHPGurukul LLP
Product-Car Rental Project
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-5059
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.1||MEDIUM
EPSS-0.05% / 16.79%
||
7 Day CHG~0.00%
Published-21 May, 2025 | 22:31
Updated-28 May, 2025 | 02:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Campcodes Online Shopping Portal edit-subcategory.php unrestricted upload

A vulnerability classified as critical has been found in Campcodes Online Shopping Portal 1.0. This affects an unknown part of the file /admin/edit-subcategory.php. The manipulation of the argument productimage1/productimage2/productimage3 leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-CampCodes
Product-online_shopping_portalOnline Shopping Portal
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2023-1442
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.7||MEDIUM
EPSS-0.05% / 13.49%
||
7 Day CHG~0.00%
Published-17 Mar, 2023 | 06:28
Updated-22 Nov, 2024 | 21:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Meizhou Qingyunke QYKCMS Update api.php unrestricted upload

A vulnerability was found in Meizhou Qingyunke QYKCMS 4.3.0. It has been classified as problematic. This affects an unknown part of the file /admin_system/api.php of the component Update Handler. The manipulation of the argument downurl leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-223287.

Action-Not Available
Vendor-qykcmsMeizhou Qingyunke
Product-qykcmsQYKCMS
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2023-0257
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.7||MEDIUM
EPSS-0.04% / 12.80%
||
7 Day CHG~0.00%
Published-12 Jan, 2023 | 21:09
Updated-02 Aug, 2024 | 05:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Online Food Ordering System Menu Form unrestricted upload

A vulnerability was found in SourceCodester Online Food Ordering System 2.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /fos/admin/index.php?page=menu of the component Menu Form. The manipulation of the argument Image with the input <?php system($_GET['c']); ?> leads to unrestricted upload. The attack can be launched remotely. The identifier VDB-218185 was assigned to this vulnerability.

Action-Not Available
Vendor-online_food_ordering_system_projectSourceCodester
Product-online_food_ordering_systemOnline Food Ordering System
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2022-4232
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.7||MEDIUM
EPSS-0.04% / 10.79%
||
7 Day CHG+0.01%
Published-30 Nov, 2022 | 00:00
Updated-03 Aug, 2024 | 01:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Event Registration System unrestricted upload

A vulnerability, which was classified as critical, was found in SourceCodester Event Registration System 1.0. Affected is an unknown function. The manipulation of the argument cmd leads to unrestricted upload. It is possible to launch the attack remotely. VDB-214590 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-rinvizleSourceCodester
Product-event_registration_systemEvent Registration System
CWE ID-CWE-266
Incorrect Privilege Assignment
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-1918
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.7||MEDIUM
EPSS-0.02% / 4.60%
||
7 Day CHG~0.00%
Published-27 Feb, 2024 | 13:00
Updated-17 Dec, 2024 | 19:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Byzoro Smart S42 Management Platform userattestation.php unrestricted upload

A vulnerability has been found in Byzoro Smart S42 Management Platform up to 20240219 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /useratte/userattestation.php. The manipulation of the argument hidwel leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-254839. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-byzoroByzoro
Product-smart_s42_management_platformSmart S42 Management Platform
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-2059
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.7||MEDIUM
EPSS-0.05% / 16.55%
||
7 Day CHG~0.00%
Published-01 Mar, 2024 | 11:31
Updated-10 Dec, 2024 | 23:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Petrol Pump Management Software service_crud.php unrestricted upload

A vulnerability was found in SourceCodester Petrol Pump Management Software 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/app/service_crud.php. The manipulation of the argument photo leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-255374 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-mayuri_kSourceCodester
Product-petrol_pump_managementPetrol Pump Management Softwarepetrol_pump_management
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-1818
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.7||MEDIUM
EPSS-0.05% / 16.55%
||
7 Day CHG~0.00%
Published-23 Feb, 2024 | 14:31
Updated-07 Dec, 2024 | 02:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CodeAstro Membership Management System Logo unrestricted upload

A vulnerability was found in CodeAstro Membership Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /uploads/ of the component Logo Handler. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-254606 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-CodeAstro
Product-membership_management_systemMembership Management Systemmembership_management_system
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-1921
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.7||MEDIUM
EPSS-0.12% / 32.03%
||
7 Day CHG~0.00%
Published-27 Feb, 2024 | 15:00
Updated-18 Dec, 2024 | 18:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
osuuu LightPicture Setup.php unrestricted upload

A vulnerability, which was classified as critical, was found in osuuu LightPicture up to 1.2.2. Affected is an unknown function of the file /app/controller/Setup.php. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-254856.

Action-Not Available
Vendor-osuuuosuuu
Product-lightpictureLightPicture
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-20296
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-4.7||MEDIUM
EPSS-0.25% / 48.47%
||
7 Day CHG+0.02%
Published-17 Jul, 2024 | 16:28
Updated-07 Apr, 2025 | 17:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to upload arbitrary files to an affected device. To exploit this vulnerability, an attacker would need at least valid Policy Admin credentials on the affected device. This vulnerability is due to improper validation of files that are uploaded to the web-based management interface. An attacker could exploit this vulnerability by uploading arbitrary files to an affected device. A successful exploit could allow the attacker to store malicious files on the system, execute arbitrary commands on the operating system, and elevate privileges to root.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-identity_services_engineCisco Identity Services Engine Softwareidentity_services_engine_software
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-2058
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.7||MEDIUM
EPSS-0.05% / 16.55%
||
7 Day CHG~0.00%
Published-01 Mar, 2024 | 10:12
Updated-10 Dec, 2024 | 23:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Petrol Pump Management Software product.php unrestricted upload

A vulnerability was found in SourceCodester Petrol Pump Management Software 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/app/product.php. The manipulation of the argument photo leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-255373 was assigned to this vulnerability.

Action-Not Available
Vendor-mayuri_kSourceCodester
Product-petrol_pump_managementPetrol Pump Management Softwarepetrol_pump_management
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-13138
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.1||MEDIUM
EPSS-0.11% / 29.86%
||
7 Day CHG+0.03%
Published-05 Jan, 2025 | 10:31
Updated-10 Jan, 2025 | 21:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
wangl1989 mysiteforme LocalUploadServiceImpl upload unrestricted upload

A vulnerability was found in wangl1989 mysiteforme 1.0. It has been declared as critical. This vulnerability affects the function upload of the file src/main/java/com/mysiteform/admin/service/ipl/LocalUploadServiceImpl. The manipulation of the argument test leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-wangl1989wangl1989
Product-mysiteformemysiteforme
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-1253
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.7||MEDIUM
EPSS-0.10% / 29.03%
||
7 Day CHG~0.00%
Published-06 Feb, 2024 | 17:00
Updated-10 Jun, 2025 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Byzoro Smart S40 Management Platform Import web.php unrestricted upload

A vulnerability, which was classified as critical, has been found in Byzoro Smart S40 Management Platform up to 20240126. Affected by this issue is some unknown functionality of the file /useratte/web.php of the component Import Handler. The manipulation of the argument file_upload leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252992. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-byzoroByzoro
Product-smart_s40smart_s40_firmwareSmart S40 Management Platform
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-11214
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.1||MEDIUM
EPSS-0.18% / 40.34%
||
7 Day CHG~0.00%
Published-14 Nov, 2024 | 16:00
Updated-19 Nov, 2024 | 15:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Best Employee Management System profile.php unrestricted upload

A vulnerability has been found in SourceCodester Best Employee Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/profile.php. The manipulation of the argument website_image leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The initial researcher disclosure contains confusing vulnerability classes.

Action-Not Available
Vendor-mayuri_kSourceCodester
Product-best_employee_management_systemBest Employee Management Systembest_employee_management_system
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2022-3549
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.7||MEDIUM
EPSS-0.15% / 36.53%
||
7 Day CHG~0.00%
Published-17 Oct, 2022 | 00:00
Updated-03 Aug, 2024 | 01:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Simple Cold Storage Management System Avatar unrestricted upload

A vulnerability was found in SourceCodester Simple Cold Storage Management System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /csms/admin/?page=user/manage_user of the component Avatar Handler. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-211049 was assigned to this vulnerability.

Action-Not Available
Vendor-oretnom23SourceCodester
Product-simple_cold_storage_management_systemSimple Cold Storage Management System
CWE ID-CWE-266
Incorrect Privilege Assignment
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-4310
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.1||MEDIUM
EPSS-0.05% / 13.41%
||
7 Day CHG~0.00%
Published-06 May, 2025 | 03:31
Updated-13 May, 2025 | 20:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
itsourcecode Content Management System add_topic.php unrestricted upload

A vulnerability classified as critical has been found in itsourcecode Content Management System 1.0. This affects an unknown part of the file /admin/add_topic.php?category=BBS. The manipulation of the argument Cover Image leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-emiloiITSourceCode
Product-content_management_systemContent Management System
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-4006
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.1||MEDIUM
EPSS-0.05% / 14.75%
||
7 Day CHG~0.00%
Published-28 Apr, 2025 | 07:00
Updated-29 Apr, 2025 | 13:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
youyiio BeyongCms Document Management Page Upload.html unrestricted upload

A vulnerability classified as critical has been found in youyiio BeyongCms 1.6.0. Affected is an unknown function of the file /admin/theme/Upload.html of the component Document Management Page. The manipulation of the argument File leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-youyiio
Product-BeyongCms
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-3798
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.1||MEDIUM
EPSS-0.07% / 21.04%
||
7 Day CHG~0.00%
Published-19 Apr, 2025 | 10:00
Updated-15 Jul, 2025 | 20:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WCMS Advertisement Image AdvadminController.php sub unrestricted upload

A vulnerability, which was classified as critical, has been found in WCMS 11. This issue affects the function sub of the file app/admin/AdvadminController.php of the component Advertisement Image Handler. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-wcmsn/a
Product-wcmsWCMS
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-3565
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.1||MEDIUM
EPSS-0.07% / 21.82%
||
7 Day CHG~0.00%
Published-14 Apr, 2025 | 12:00
Updated-21 May, 2025 | 19:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
huanfenz/code-projects StudentManager Announcement Management Section uploadArticle.do unrestricted upload

A vulnerability classified as critical was found in huanfenz/code-projects StudentManager 1.0. This vulnerability affects unknown code of the file /upload/uploadArticle.do of the component Announcement Management Section. The manipulation of the argument File leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-huanfenzhuanfenzSource Code & Projects
Product-studentmanagerStudentManager
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-3123
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.1||MEDIUM
EPSS-0.13% / 33.06%
||
7 Day CHG~0.00%
Published-02 Apr, 2025 | 22:31
Updated-28 May, 2025 | 15:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WonderCMS Theme Installation/Plugin Installation installUpdateModuleAction unrestricted upload

A vulnerability, which was classified as critical, has been found in WonderCMS 3.5.0. Affected by this issue is the function installUpdateModuleAction of the component Theme Installation/Plugin Installation. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The vendor explains, that "[t]he philosophy has always been, admin [...] bear responsibility to not install themes/plugins from untrusted sources."

Action-Not Available
Vendor-wondercmsn/a
Product-wondercmsWonderCMS
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2022-2749
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.7||MEDIUM
EPSS-0.31% / 53.31%
||
7 Day CHG~0.00%
Published-11 Aug, 2022 | 04:56
Updated-15 Apr, 2025 | 13:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Gym Management System unrestricted upload

A vulnerability was found in SourceCodester Gym Management System. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /mygym/admin/index.php?view_exercises. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-206017 was assigned to this vulnerability.

Action-Not Available
Vendor-Adrian MercurioSourceCodester
Product-gym_management_systemGym Management System
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-27692
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-4.7||MEDIUM
EPSS-0.34% / 56.38%
||
7 Day CHG~0.00%
Published-02 Apr, 2025 | 00:24
Updated-11 Jul, 2025 | 18:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Wyse Management Suite, versions prior to WMS 5.1, contains an Unrestricted Upload of File with Dangerous Type vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Denial of service, Information disclosure, and Remote execution

Action-Not Available
Vendor-Dell Inc.
Product-wyse_management_suiteWyse Management Suite Repository
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2023-5919
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.7||MEDIUM
EPSS-0.06% / 19.49%
||
7 Day CHG~0.00%
Published-02 Nov, 2023 | 13:31
Updated-27 Feb, 2025 | 18:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Company Website CMS Create Blog Page createblog unrestricted upload

A vulnerability was found in SourceCodester Company Website CMS 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /dashboard/createblog of the component Create Blog Page. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-244310 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-company_website_cms_projectSourceCodester
Product-company_website_cmsCompany Website CMS
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-1590
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.1||MEDIUM
EPSS-0.06% / 19.43%
||
7 Day CHG~0.00%
Published-23 Feb, 2025 | 18:31
Updated-28 Feb, 2025 | 19:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester E-Learning System List of Lessons Page index.php unrestricted upload

A vulnerability was found in SourceCodester E-Learning System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/modules/lesson/index.php of the component List of Lessons Page. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely.

Action-Not Available
Vendor-janobeSourceCodester
Product-e-learning_systemE-Learning System
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-1593
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.1||MEDIUM
EPSS-0.07% / 20.50%
||
7 Day CHG~0.00%
Published-23 Feb, 2025 | 20:00
Updated-28 Feb, 2025 | 18:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Best Employee Management System Profile Picture unrestricted upload

A vulnerability classified as critical has been found in SourceCodester Best Employee Management System 1.0. This affects an unknown part of the file /_hr_soft/assets/uploadImage/Profile/ of the component Profile Picture Handler. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely.

Action-Not Available
Vendor-SourceCodestermayuri_k
Product-best_employee_management_systemBest Employee Management System
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-0346
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.1||MEDIUM
EPSS-0.11% / 29.48%
||
7 Day CHG+0.03%
Published-09 Jan, 2025 | 09:00
Updated-27 Feb, 2025 | 02:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Content Management System Publish News Page publishnews.php unrestricted upload

A vulnerability was found in code-projects Content Management System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/publishnews.php of the component Publish News Page. The manipulation of the argument image leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-Source Code & Projects
Product-content_management_systemContent Management System
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-0582
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.1||MEDIUM
EPSS-0.08% / 24.01%
||
7 Day CHG+0.01%
Published-20 Jan, 2025 | 03:00
Updated-07 Feb, 2025 | 15:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
itsourcecode Farm Management System add-pig.php unrestricted upload

A vulnerability classified as critical was found in itsourcecode Farm Management System up to 1.0. This vulnerability affects unknown code of the file /add-pig.php. The manipulation of the argument pigphoto leads to unrestricted upload. The attack can be initiated remotely.

Action-Not Available
Vendor-ITSourceCodeAngel Jude Reyes Suarez
Product-tailoring_management_systemFarm Management System
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-0722
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.1||MEDIUM
EPSS-0.09% / 26.04%
||
7 Day CHG+0.01%
Published-26 Jan, 2025 | 23:31
Updated-16 Apr, 2025 | 11:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
needyamin image_gallery Cover Image gallery.php unrestricted upload

A vulnerability classified as critical was found in needyamin image_gallery 1.0. This vulnerability affects unknown code of the file /admin/gallery.php of the component Cover Image Handler. The manipulation of the argument image leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-needyaminneedyamin
Product-image_gallery_management_systemimage_gallery
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-0399
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.1||MEDIUM
EPSS-0.09% / 26.13%
||
7 Day CHG~0.00%
Published-12 Jan, 2025 | 23:00
Updated-13 Jan, 2025 | 14:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
StarSea99 starsea-mall uploadController.java UploadController unrestricted upload

A vulnerability was found in StarSea99 starsea-mall 1.0. It has been declared as critical. This vulnerability affects the function UploadController of the file src/main/java/com/siro/mall/controller/common/uploadController.java. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-StarSea99
Product-starsea-mall
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2023-1184
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.7||MEDIUM
EPSS-0.06% / 19.01%
||
7 Day CHG~0.00%
Published-06 Mar, 2023 | 07:04
Updated-02 Aug, 2024 | 05:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ECshop Backup Database database.php unrestricted upload

A vulnerability, which was classified as problematic, has been found in ECshop up to 4.1.8. Affected by this issue is some unknown functionality of the file admin/database.php of the component Backup Database Handler. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-222356.

Action-Not Available
Vendor-shopexn/a
Product-ecshopECshop
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-9855
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.1||MEDIUM
EPSS-0.26% / 48.71%
||
7 Day CHG~0.00%
Published-11 Oct, 2024 | 12:31
Updated-30 Jul, 2025 | 15:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
07FLYCMS/07FLY-CMS/07FlyCRM Module Plug-In sysmodule_1 uploadFile unrestricted upload

A vulnerability was found in 07FLYCMS, 07FLY-CMS and 07FlyCRM 1.3.8. It has been declared as critical. Affected by this vulnerability is the function uploadFile of the file /admin/SysModule/upload/ajaxmodel/upload/uploadfilepath/sysmodule_1 of the component Module Plug-In Handler. The manipulation of the argument file leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The affected product is known with different names like 07FLYCMS, 07FLY-CMS, and 07FlyCRM. It was not possible to reach out to the vendor before assigning a CVE due to a not working mail address.

Action-Not Available
Vendor-n/a07FLY
Product-07flycmscustomer_relationship_management07FLY-CMS07FlyCRM07FLYCMS07fly-cms
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-9280
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.1||MEDIUM
EPSS-0.23% / 45.52%
||
7 Day CHG~0.00%
Published-27 Sep, 2024 | 12:00
Updated-04 Oct, 2024 | 18:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
kalvinGit kvf-admin FileUploadKit.java fileUpload unrestricted upload

A vulnerability has been found in kalvinGit kvf-admin up to f12a94dc1ebb7d1c51ee978a85e4c7ed75c620ff and classified as critical. This vulnerability affects the function fileUpload of the file FileUploadKit.java. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available.

Action-Not Available
Vendor-kvf-admin_projectkalvinGitkalvingit
Product-kvf-adminkvf-adminkvf-admin
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-9904
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.1||MEDIUM
EPSS-0.29% / 52.11%
||
7 Day CHG~0.00%
Published-13 Oct, 2024 | 01:31
Updated-30 Jul, 2025 | 15:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
07FLYCMS/07FLY-CMS/07FlyCRM pictureUpload unrestricted upload

A vulnerability classified as critical was found in 07FLYCMS, 07FLY-CMS and 07FlyCRM up to 1.2.0. This vulnerability affects the function pictureUpload of the file /admin/File/pictureUpload. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The affected product is known with different names like 07FLYCMS, 07FLY-CMS, and 07FlyCRM. It was not possible to reach out to the vendor before assigning a CVE due to a not working mail address.

Action-Not Available
Vendor-n/azero_takeoff07FLY
Product-07flycmscustomer_relationship_management07FLY-CMS07FlyCRM07FLYCMS07fly-cms07flycms07flycrm
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-9816
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.1||MEDIUM
EPSS-0.26% / 48.71%
||
7 Day CHG~0.00%
Published-10 Oct, 2024 | 22:00
Updated-17 Oct, 2024 | 14:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Codezips Tourist Management System change-image.php unrestricted upload

A vulnerability was found in Codezips Tourist Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/change-image.php. The manipulation of the argument packageimage leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-CodeZips
Product-tourist_management_systemTourist Management Systemtourist_management_system
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-9815
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.1||MEDIUM
EPSS-0.26% / 48.71%
||
7 Day CHG~0.00%
Published-10 Oct, 2024 | 21:31
Updated-17 Oct, 2024 | 14:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Codezips Tourist Management System create-package.php unrestricted upload

A vulnerability has been found in Codezips Tourist Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/create-package.php. The manipulation of the argument packageimage leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-CodeZips
Product-tourist_management_systemTourist Management Systemtourist_management_system
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-9903
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.1||MEDIUM
EPSS-0.26% / 48.71%
||
7 Day CHG~0.00%
Published-12 Oct, 2024 | 23:00
Updated-30 Jul, 2025 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
07FLYCMS/07FLY-CMS/07FlyCRM fileUpload unrestricted upload

A vulnerability classified as critical has been found in 07FLYCMS, 07FLY-CMS and 07FlyCRM up to 1.2.0. This affects the function fileUpload of the file /admin/File/fileUpload. The manipulation of the argument file leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The affected product is known with different names like 07FLYCMS, 07FLY-CMS, and 07FlyCRM. It was not possible to reach out to the vendor before assigning a CVE due to a not working mail address.

Action-Not Available
Vendor-n/azero_takeoff07FLY
Product-07flycmscustomer_relationship_management07FLY-CMS07FlyCRM07FLYCMS07fly-cms07flycms07flycrm
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-8166
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.1||MEDIUM
EPSS-0.24% / 47.31%
||
7 Day CHG~0.00%
Published-26 Aug, 2024 | 14:31
Updated-27 Aug, 2024 | 13:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Ruijie EG2000K index.php unrestricted upload

A vulnerability has been found in Ruijie EG2000K 11.1(6)B2 and classified as critical. This vulnerability affects unknown code of the file /tool/index.php?c=download&a=save. The manipulation of the argument content leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Ruijie Networks Co., Ltd.
Product-eg2000keg2000k_firmwareEG2000Keg2000k_firmware
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2022-1837
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.7||MEDIUM
EPSS-0.81% / 73.24%
||
7 Day CHG~0.00%
Published-24 May, 2022 | 05:25
Updated-15 Apr, 2025 | 14:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Home Clean Services Management System unrestricted upload

A vulnerability was found in Home Clean Services Management System 1.0. It has been rated as critical. Affected by this issue is register.php?link=registerand. The manipulation with the input <?php phpinfo();?> leads to code execution. The attack may be launched remotely but demands an authentication. Exploit details have been disclosed to the public.

Action-Not Available
Vendor-home_clean_services_management_system_projectunspecified
Product-home_clean_services_management_systemHome Clean Services Management System
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-7917
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.1||MEDIUM
EPSS-0.26% / 48.82%
||
7 Day CHG~0.00%
Published-18 Aug, 2024 | 22:31
Updated-21 Aug, 2024 | 12:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DouPHP Favicon system.php unrestricted upload

A vulnerability, which was classified as critical, has been found in DouPHP 1.7 Release 20220822. Affected by this issue is some unknown functionality of the file /admin/system.php of the component Favicon Handler. The manipulation of the argument site_favicon leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-doucon/adouphp
Product-douphpDouPHPdouphp
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-6595
Matching Score-4
Assigner-GitLab Inc.
ShareView Details
Matching Score-4
Assigner-GitLab Inc.
CVSS Score-3||LOW
EPSS-0.09% / 26.04%
||
7 Day CHG~0.00%
Published-17 Jul, 2024 | 01:30
Updated-17 Sep, 2024 | 15:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Uncontrolled Search Path Element in GitLab

An issue was discovered in GitLab CE/EE affecting all versions starting from 11.8 prior to 16.11.6, starting from 17.0 prior to 17.0.4, and starting from 17.1 prior to 17.1.2 where it was possible to upload an NPM package with conflicting package data.

Action-Not Available
Vendor-GitLab Inc.
Product-gitlabGitLab
CWE ID-CWE-451
User Interface (UI) Misrepresentation of Critical Information
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-6647
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.1||MEDIUM
EPSS-0.06% / 17.85%
||
7 Day CHG~0.00%
Published-10 Jul, 2024 | 18:00
Updated-01 Aug, 2024 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Croogo Setting Theme unrestricted upload

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical has been found in Croogo up to 4.0.7. This affects an unknown part of the file admin/settings/settings/prefix/Theme of the component Setting Handler. The manipulation of the argument Content-Type leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-271053 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Action-Not Available
Vendor-n/acroogo
Product-Croogocroogo
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-9278
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.1||MEDIUM
EPSS-0.05% / 14.20%
||
7 Day CHG~0.00%
Published-27 Sep, 2024 | 11:00
Updated-27 Sep, 2024 | 14:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
HuankeMao SCRM Administrator Backend WxkConfig.php upload_domain_verification_file unrestricted upload

A vulnerability, which was classified as critical, has been found in HuankeMao SCRM up to 0.0.3. Affected by this issue is the function upload_domain_verification_file of the file WxkConfig.php of the component Administrator Backend. The manipulation of the argument domain_verification_file leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-HuankeMaohuankemao
Product-SCRMscrm
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2023-1559
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.7||MEDIUM
EPSS-0.05% / 16.29%
||
7 Day CHG~0.00%
Published-22 Mar, 2023 | 11:31
Updated-02 Aug, 2024 | 05:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Storage Unit Rental Management System unrestricted upload

A vulnerability classified as problematic was found in SourceCodester Storage Unit Rental Management System 1.0. This vulnerability affects unknown code of the file classes/Users.php?f=save. The manipulation leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-223552.

Action-Not Available
Vendor-storage_unit_rental_management_system_projectSourceCodester
Product-storage_unit_rental_management_systemStorage Unit Rental Management System
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2023-0943
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.7||MEDIUM
EPSS-0.68% / 70.63%
||
7 Day CHG~0.00%
Published-21 Feb, 2023 | 19:59
Updated-02 Aug, 2024 | 05:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Best POS Management System Image save_settings unrestricted upload

A vulnerability, which was classified as problematic, has been found in SourceCodester Best POS Management System 1.0. This issue affects the function save_settings of the file index.php?page=site_settings of the component Image Handler. The manipulation of the argument img with the input ../../shell.php leads to unrestricted upload. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-221591.

Action-Not Available
Vendor-best_pos_management_system_projectSourceCodester
Product-best_pos_management_systemBest POS Management System
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-5043
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.1||MEDIUM
EPSS-0.08% / 25.45%
||
7 Day CHG~0.00%
Published-17 May, 2024 | 11:31
Updated-05 Mar, 2025 | 18:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Emlog Pro setting.php unrestricted upload

A vulnerability was found in Emlog Pro 2.3.4 and classified as critical. Affected by this issue is some unknown functionality of the file admin/setting.php. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-264740. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-emlogn/aemlog_pro_project
Product-emlogEmlog Proemlog_pro
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
  • Previous
  • 1
  • 2
  • 3
  • Next
Details not found