Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-8166

Summary
Assigner-VulDB
Assigner Org ID-1af790b2-7ee1-4545-860a-a788eba489b5
Published At-26 Aug, 2024 | 14:31
Updated At-26 Aug, 2024 | 15:36
Rejected At-
Credits

Ruijie EG2000K index.php unrestricted upload

A vulnerability has been found in Ruijie EG2000K 11.1(6)B2 and classified as critical. This vulnerability affects unknown code of the file /tool/index.php?c=download&a=save. The manipulation of the argument content leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:VulDB
Assigner Org ID:1af790b2-7ee1-4545-860a-a788eba489b5
Published At:26 Aug, 2024 | 14:31
Updated At:26 Aug, 2024 | 15:36
Rejected At:
▼CVE Numbering Authority (CNA)
Ruijie EG2000K index.php unrestricted upload

A vulnerability has been found in Ruijie EG2000K 11.1(6)B2 and classified as critical. This vulnerability affects unknown code of the file /tool/index.php?c=download&a=save. The manipulation of the argument content leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Affected Products
Vendor
Ruijie Networks Co., Ltd.Ruijie
Product
EG2000K
Versions
Affected
  • 11.1(6)B2
Problem Types
TypeCWE IDDescription
CWECWE-434CWE-434 Unrestricted Upload
Type: CWE
CWE ID: CWE-434
Description: CWE-434 Unrestricted Upload
Metrics
VersionBase scoreBase severityVector
4.05.1MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
3.14.7MEDIUM
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
3.04.7MEDIUM
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
2.05.8N/A
AV:N/AC:L/Au:M/C:P/I:P/A:P
Version: 4.0
Base score: 5.1
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
Version: 3.1
Base score: 4.7
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
Version: 3.0
Base score: 4.7
Base severity: MEDIUM
Vector:
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
Version: 2.0
Base score: 5.8
Base severity: N/A
Vector:
AV:N/AC:L/Au:M/C:P/I:P/A:P
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
reporter
qiuhui (VulDB User)
Timeline
EventDate
Advisory disclosed2024-08-26 00:00:00
VulDB entry created2024-08-26 02:00:00
VulDB entry last update2024-08-26 09:30:21
Event: Advisory disclosed
Date: 2024-08-26 00:00:00
Event: VulDB entry created
Date: 2024-08-26 02:00:00
Event: VulDB entry last update
Date: 2024-08-26 09:30:21
Replaced By
Rejected Reason
References
HyperlinkResource
https://vuldb.com/?id.275764
vdb-entry
technical-description
https://vuldb.com/?ctiid.275764
signature
permissions-required
https://vuldb.com/?submit.393750
third-party-advisory
https://github.com/qiuhuihk/cve/blob/main/ruijie.md
exploit
Hyperlink: https://vuldb.com/?id.275764
Resource:
vdb-entry
technical-description
Hyperlink: https://vuldb.com/?ctiid.275764
Resource:
signature
permissions-required
Hyperlink: https://vuldb.com/?submit.393750
Resource:
third-party-advisory
Hyperlink: https://github.com/qiuhuihk/cve/blob/main/ruijie.md
Resource:
exploit
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Vendor
Ruijie Networks Co., Ltd.ruijie
Product
eg2000k_firmware
CPEs
  • cpe:2.3:o:ruijie:eg2000k_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • 11.1\(6\)b2
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cna@vuldb.com
Published At:26 Aug, 2024 | 15:15
Updated At:27 Aug, 2024 | 13:03

A vulnerability has been found in Ruijie EG2000K 11.1(6)B2 and classified as critical. This vulnerability affects unknown code of the file /tool/index.php?c=download&a=save. The manipulation of the argument content leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.05.1MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary3.14.9MEDIUM
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Secondary3.14.7MEDIUM
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
Secondary2.05.8MEDIUM
AV:N/AC:L/Au:M/C:P/I:P/A:P
Type: Secondary
Version: 4.0
Base score: 5.1
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Primary
Version: 3.1
Base score: 4.9
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Type: Secondary
Version: 3.1
Base score: 4.7
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
Type: Secondary
Version: 2.0
Base score: 5.8
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:M/C:P/I:P/A:P
CPE Matches
Ruijie Networks Co., Ltd.
ruijie
>>eg2000k_firmware>>11.1\(6\)b2
cpe:2.3:o:ruijie:eg2000k_firmware:11.1\(6\)b2:*:*:*:*:*:*:*
Ruijie Networks Co., Ltd.
ruijie
>>eg2000k>>-
cpe:2.3:h:ruijie:eg2000k:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-434Primarycna@vuldb.com
CWE ID: CWE-434
Type: Primary
Source: cna@vuldb.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/qiuhuihk/cve/blob/main/ruijie.mdcna@vuldb.com
Exploit
Third Party Advisory
https://vuldb.com/?ctiid.275764cna@vuldb.com
Permissions Required
https://vuldb.com/?id.275764cna@vuldb.com
Third Party Advisory
VDB Entry
https://vuldb.com/?submit.393750cna@vuldb.com
Third Party Advisory
VDB Entry
Hyperlink: https://github.com/qiuhuihk/cve/blob/main/ruijie.md
Source: cna@vuldb.com
Resource:
Exploit
Third Party Advisory
Hyperlink: https://vuldb.com/?ctiid.275764
Source: cna@vuldb.com
Resource:
Permissions Required
Hyperlink: https://vuldb.com/?id.275764
Source: cna@vuldb.com
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://vuldb.com/?submit.393750
Source: cna@vuldb.com
Resource:
Third Party Advisory
VDB Entry

Change History

0
Information is not available yet

Similar CVEs

116Records found
CVE-2024-9855
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.1||MEDIUM
EPSS-0.26% / 48.71%
||
7 Day CHG~0.00%
Published-11 Oct, 2024 | 12:31
Updated-30 Jul, 2025 | 15:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
07FLYCMS/07FLY-CMS/07FlyCRM Module Plug-In sysmodule_1 uploadFile unrestricted upload

A vulnerability was found in 07FLYCMS, 07FLY-CMS and 07FlyCRM 1.3.8. It has been declared as critical. Affected by this vulnerability is the function uploadFile of the file /admin/SysModule/upload/ajaxmodel/upload/uploadfilepath/sysmodule_1 of the component Module Plug-In Handler. The manipulation of the argument file leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The affected product is known with different names like 07FLYCMS, 07FLY-CMS, and 07FlyCRM. It was not possible to reach out to the vendor before assigning a CVE due to a not working mail address.

Action-Not Available
Vendor-n/a07FLY
Product-07flycmscustomer_relationship_management07FLY-CMS07FlyCRM07FLYCMS07fly-cms
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-9280
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.1||MEDIUM
EPSS-0.23% / 45.52%
||
7 Day CHG~0.00%
Published-27 Sep, 2024 | 12:00
Updated-04 Oct, 2024 | 18:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
kalvinGit kvf-admin FileUploadKit.java fileUpload unrestricted upload

A vulnerability has been found in kalvinGit kvf-admin up to f12a94dc1ebb7d1c51ee978a85e4c7ed75c620ff and classified as critical. This vulnerability affects the function fileUpload of the file FileUploadKit.java. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available.

Action-Not Available
Vendor-kvf-admin_projectkalvinGitkalvingit
Product-kvf-adminkvf-adminkvf-admin
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-9904
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.1||MEDIUM
EPSS-0.29% / 52.11%
||
7 Day CHG~0.00%
Published-13 Oct, 2024 | 01:31
Updated-30 Jul, 2025 | 15:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
07FLYCMS/07FLY-CMS/07FlyCRM pictureUpload unrestricted upload

A vulnerability classified as critical was found in 07FLYCMS, 07FLY-CMS and 07FlyCRM up to 1.2.0. This vulnerability affects the function pictureUpload of the file /admin/File/pictureUpload. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The affected product is known with different names like 07FLYCMS, 07FLY-CMS, and 07FlyCRM. It was not possible to reach out to the vendor before assigning a CVE due to a not working mail address.

Action-Not Available
Vendor-n/azero_takeoff07FLY
Product-07flycmscustomer_relationship_management07FLY-CMS07FlyCRM07FLYCMS07fly-cms07flycms07flycrm
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-9816
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.1||MEDIUM
EPSS-0.26% / 48.71%
||
7 Day CHG~0.00%
Published-10 Oct, 2024 | 22:00
Updated-17 Oct, 2024 | 14:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Codezips Tourist Management System change-image.php unrestricted upload

A vulnerability was found in Codezips Tourist Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/change-image.php. The manipulation of the argument packageimage leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-CodeZips
Product-tourist_management_systemTourist Management Systemtourist_management_system
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-9815
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.1||MEDIUM
EPSS-0.26% / 48.71%
||
7 Day CHG~0.00%
Published-10 Oct, 2024 | 21:31
Updated-17 Oct, 2024 | 14:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Codezips Tourist Management System create-package.php unrestricted upload

A vulnerability has been found in Codezips Tourist Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/create-package.php. The manipulation of the argument packageimage leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-CodeZips
Product-tourist_management_systemTourist Management Systemtourist_management_system
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-9903
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.1||MEDIUM
EPSS-0.26% / 48.71%
||
7 Day CHG~0.00%
Published-12 Oct, 2024 | 23:00
Updated-30 Jul, 2025 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
07FLYCMS/07FLY-CMS/07FlyCRM fileUpload unrestricted upload

A vulnerability classified as critical has been found in 07FLYCMS, 07FLY-CMS and 07FlyCRM up to 1.2.0. This affects the function fileUpload of the file /admin/File/fileUpload. The manipulation of the argument file leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The affected product is known with different names like 07FLYCMS, 07FLY-CMS, and 07FlyCRM. It was not possible to reach out to the vendor before assigning a CVE due to a not working mail address.

Action-Not Available
Vendor-n/azero_takeoff07FLY
Product-07flycmscustomer_relationship_management07FLY-CMS07FlyCRM07FLYCMS07fly-cms07flycms07flycrm
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2022-1837
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.7||MEDIUM
EPSS-0.81% / 73.24%
||
7 Day CHG~0.00%
Published-24 May, 2022 | 05:25
Updated-15 Apr, 2025 | 14:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Home Clean Services Management System unrestricted upload

A vulnerability was found in Home Clean Services Management System 1.0. It has been rated as critical. Affected by this issue is register.php?link=registerand. The manipulation with the input <?php phpinfo();?> leads to code execution. The attack may be launched remotely but demands an authentication. Exploit details have been disclosed to the public.

Action-Not Available
Vendor-home_clean_services_management_system_projectunspecified
Product-home_clean_services_management_systemHome Clean Services Management System
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-7917
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.1||MEDIUM
EPSS-0.26% / 48.82%
||
7 Day CHG~0.00%
Published-18 Aug, 2024 | 22:31
Updated-21 Aug, 2024 | 12:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DouPHP Favicon system.php unrestricted upload

A vulnerability, which was classified as critical, has been found in DouPHP 1.7 Release 20220822. Affected by this issue is some unknown functionality of the file /admin/system.php of the component Favicon Handler. The manipulation of the argument site_favicon leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-doucon/adouphp
Product-douphpDouPHPdouphp
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-6647
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.1||MEDIUM
EPSS-0.06% / 17.85%
||
7 Day CHG~0.00%
Published-10 Jul, 2024 | 18:00
Updated-01 Aug, 2024 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Croogo Setting Theme unrestricted upload

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical has been found in Croogo up to 4.0.7. This affects an unknown part of the file admin/settings/settings/prefix/Theme of the component Setting Handler. The manipulation of the argument Content-Type leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-271053 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Action-Not Available
Vendor-n/acroogo
Product-Croogocroogo
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-9278
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.1||MEDIUM
EPSS-0.05% / 14.20%
||
7 Day CHG~0.00%
Published-27 Sep, 2024 | 11:00
Updated-27 Sep, 2024 | 14:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
HuankeMao SCRM Administrator Backend WxkConfig.php upload_domain_verification_file unrestricted upload

A vulnerability, which was classified as critical, has been found in HuankeMao SCRM up to 0.0.3. Affected by this issue is the function upload_domain_verification_file of the file WxkConfig.php of the component Administrator Backend. The manipulation of the argument domain_verification_file leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-HuankeMaohuankemao
Product-SCRMscrm
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2023-1559
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.7||MEDIUM
EPSS-0.05% / 16.29%
||
7 Day CHG~0.00%
Published-22 Mar, 2023 | 11:31
Updated-02 Aug, 2024 | 05:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Storage Unit Rental Management System unrestricted upload

A vulnerability classified as problematic was found in SourceCodester Storage Unit Rental Management System 1.0. This vulnerability affects unknown code of the file classes/Users.php?f=save. The manipulation leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-223552.

Action-Not Available
Vendor-storage_unit_rental_management_system_projectSourceCodester
Product-storage_unit_rental_management_systemStorage Unit Rental Management System
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2023-0943
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.7||MEDIUM
EPSS-0.68% / 70.63%
||
7 Day CHG~0.00%
Published-21 Feb, 2023 | 19:59
Updated-02 Aug, 2024 | 05:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Best POS Management System Image save_settings unrestricted upload

A vulnerability, which was classified as problematic, has been found in SourceCodester Best POS Management System 1.0. This issue affects the function save_settings of the file index.php?page=site_settings of the component Image Handler. The manipulation of the argument img with the input ../../shell.php leads to unrestricted upload. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-221591.

Action-Not Available
Vendor-best_pos_management_system_projectSourceCodester
Product-best_pos_management_systemBest POS Management System
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-7706
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.1||MEDIUM
EPSS-0.10% / 28.84%
||
7 Day CHG~0.00%
Published-12 Aug, 2024 | 22:31
Updated-22 Aug, 2024 | 13:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Fujian mwcms uploadfile.html uploadimage unrestricted upload

A vulnerability was found in Fujian mwcms 1.0.0. It has been rated as critical. Affected by this issue is the function uploadimage of the file /uploadfile.html. The manipulation of the argument upfile leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-mainwwwFujianfujian
Product-mwcmsmwcmsmwcms
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-5043
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.1||MEDIUM
EPSS-0.08% / 25.45%
||
7 Day CHG~0.00%
Published-17 May, 2024 | 11:31
Updated-05 Mar, 2025 | 18:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Emlog Pro setting.php unrestricted upload

A vulnerability was found in Emlog Pro 2.3.4 and classified as critical. Affected by this issue is some unknown functionality of the file admin/setting.php. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-264740. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-emlogn/aemlog_pro_project
Product-emlogEmlog Proemlog_pro
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-4681
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.1||MEDIUM
EPSS-0.26% / 49.00%
||
7 Day CHG~0.00%
Published-09 May, 2024 | 17:00
Updated-20 Feb, 2025 | 20:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Campcodes Legal Case Management System Setting general-setting unrestricted upload

A vulnerability, which was classified as critical, was found in Campcodes Legal Case Management System 1.0. Affected is an unknown function of the file /admin/general-setting of the component Setting Handler. The manipulation of the argument favicon/logo leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-263622 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-CampCodes
Product-legal_case_management_systemLegal Case Management System
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-2754
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.7||MEDIUM
EPSS-0.06% / 19.43%
||
7 Day CHG~0.00%
Published-21 Mar, 2024 | 07:00
Updated-18 Feb, 2025 | 16:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Complete E-Commerce Site users_photo.php unrestricted upload

A vulnerability classified as critical has been found in SourceCodester Complete E-Commerce Site 1.0. Affected is an unknown function of the file /admin/users_photo.php. The manipulation of the argument photo leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257544.

Action-Not Available
Vendor-donbermoySourceCodester
Product-complete_e-commerce_siteComplete E-Commerce Sitecomplete_ecommerce_site
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
  • Previous
  • 1
  • 2
  • 3
  • Next
Details not found