Deserialization of Untrusted Data vulnerability in wpeverest Everest Forms - Frontend Listing everest-forms-frontend-listing allows Object Injection.This issue affects Everest Forms - Frontend Listing: from n/a through <= 1.0.5.
The Everest Forms – Contact Form, Quiz, Survey, Newsletter & Payment Form Builder for WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.1.1 via deserialization of untrusted input from the 'field_value' parameter. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software, which means this vulnerability has no impact unless another plugin or theme containing a POP chain is installed on the site. If a POP chain is present via an additional plugin or theme installed on the target system, it may allow the attacker to perform actions like delete arbitrary files, retrieve sensitive data, or execute code depending on the POP chain present.
A SQL injection vulnerability exists in WPEverest Everest Forms plugin for WordPress through 1.4.9. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system via includes/evf-entry-functions.php
The User Registration WordPress plugin before 2.2.4.1 does not properly restrict the files to be uploaded via an AJAX action available to both unauthenticated and authenticated users, which could allow unauthenticated users to upload PHP files for example.
The KiotViet Sync plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the create_media() function in all versions up to, and including, 1.8.5. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
A security flaw has been discovered in code-projects Simple Food Ordering System 1.0. This issue affects some unknown processing of the file /addproduct.php. Performing manipulation of the argument photo results in unrestricted upload. The attack may be initiated remotely. The exploit has been released to the public and may be exploited.
A vulnerability was identified in projectworlds Online Notes Sharing Platform 1.0. Affected by this issue is some unknown functionality of the file /dashboard/userprofile.php. Such manipulation of the argument image leads to unrestricted upload. The attack may be performed from remote. The exploit is publicly available and might be used.
A vulnerability has been identified in Desigo PXC00-E.D V4.10 (All versions < V4.10.111), Desigo PXC00-E.D V5.00 (All versions < V5.0.171), Desigo PXC00-E.D V5.10 (All versions < V5.10.69), Desigo PXC00-E.D V6.00 (All versions < V6.0.204), Desigo PXC00/64/128-U V4.10 (All versions < V4.10.111 only with web module), Desigo PXC00/64/128-U V5.00 (All versions < V5.0.171 only with web module), Desigo PXC00/64/128-U V5.10 (All versions < V5.10.69 only with web module), Desigo PXC00/64/128-U V6.00 (All versions < V6.0.204 only with web module), Desigo PXC001-E.D V4.10 (All versions < V4.10.111), Desigo PXC001-E.D V5.00 (All versions < V5.0.171), Desigo PXC001-E.D V5.10 (All versions < V5.10.69), Desigo PXC001-E.D V6.00 (All versions < V6.0.204), Desigo PXC100-E.D V4.10 (All versions < V4.10.111), Desigo PXC100-E.D V5.00 (All versions < V5.0.171), Desigo PXC100-E.D V5.10 (All versions < V5.10.69), Desigo PXC100-E.D V6.00 (All versions < V6.0.204), Desigo PXC12-E.D V4.10 (All versions < V4.10.111), Desigo PXC12-E.D V5.00 (All versions < V5.0.171), Desigo PXC12-E.D V5.10 (All versions < V5.10.69), Desigo PXC12-E.D V6.00 (All versions < V6.0.204), Desigo PXC200-E.D V4.10 (All versions < V4.10.111), Desigo PXC200-E.D V5.00 (All versions < V5.0.171), Desigo PXC200-E.D V5.10 (All versions < V5.10.69), Desigo PXC200-E.D V6.00 (All versions < V6.0.204), Desigo PXC22-E.D V4.10 (All versions < V4.10.111), Desigo PXC22-E.D V5.00 (All versions < V5.0.171), Desigo PXC22-E.D V5.10 (All versions < V5.10.69), Desigo PXC22-E.D V6.00 (All versions < V6.0.204), Desigo PXC22.1-E.D V4.10 (All versions < V4.10.111), Desigo PXC22.1-E.D V5.00 (All versions < V5.0.171), Desigo PXC22.1-E.D V5.10 (All versions < V5.10.69), Desigo PXC22.1-E.D V6.00 (All versions < V6.0.204), Desigo PXC36.1-E.D V4.10 (All versions < V4.10.111), Desigo PXC36.1-E.D V5.00 (All versions < V5.0.171), Desigo PXC36.1-E.D V5.10 (All versions < V5.10.69), Desigo PXC36.1-E.D V6.00 (All versions < V6.0.204), Desigo PXC50-E.D V4.10 (All versions < V4.10.111), Desigo PXC50-E.D V5.00 (All versions < V5.0.171), Desigo PXC50-E.D V5.10 (All versions < V5.10.69), Desigo PXC50-E.D V6.00 (All versions < V6.0.204), Desigo PXM20-E V4.10 (All versions < V4.10.111), Desigo PXM20-E V5.00 (All versions < V5.0.171), Desigo PXM20-E V5.10 (All versions < V5.10.69), Desigo PXM20-E V6.00 (All versions < V6.0.204). A remote attacker with network access to the device could potentially upload a new firmware image to the devices without prior authentication.
The Easy Upload Files During Checkout plugin for WordPress is vulnerable to arbitrary JavaScript file uploads due to missing file type validation in the 'file_during_checkout' function in all versions up to, and including, 2.9.8. This makes it possible for unauthenticated attackers to upload arbitrary JavaScript files on the affected site's server which may make remote code execution possible.
A security vulnerability has been detected in code-projects Simple Food Ordering System 1.0. Impacted is an unknown function of the file /editproduct.php. Such manipulation of the argument photo leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed publicly and may be used.
An issue was discovered on Zebra (formerly Motorola Solutions) Fixed RFID Reader FX9500 devices. An unauthenticated attacker can upload arbitrary files to the filesystem that can then be accessed through the web interface. This can lead to information disclosure and code execution. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
A vulnerability was detected in ProjectsAndPrograms School Management System up to 6b6fae5426044f89c08d0dd101c7fa71f9042a59. Affected is an unknown function of the file /assets/changeSllyabus.php. The manipulation of the argument File results in unrestricted upload. The attack may be launched remotely. The exploit is now public and may be used. This product operates on a rolling release basis, ensuring continuous delivery. Consequently, there are no version details for either affected or updated releases.
The midi-Synth plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type and file extension validation in the 'export' AJAX action in all versions up to, and including, 1.1.0. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible granted the attacker can obtain a valid nonce. The nonce is exposed in frontend JavaScript making it trivially accessible to unauthenticated attackers.
Frauscher Sensortechnik GmbH FDS102 for FAdC R2 and FAdCi R2 v2.8.0 to v2.9.1 are vulnerable to malicious code upload without authentication by using the configuration upload function. This could lead to a complete compromise of the FDS102 device.
ARTWARE CMS parameter of image upload function does not filter the type of upload files which allows remote attackers can upload arbitrary files without logging in, and further execute code unrestrictedly.
A vulnerability has been found in LearnHouse up to 98dfad76aad70711a8113f6c1fdabfccf10509ca. Impacted is an unknown function of the file /api/v1/courses/ of the component Course Thumbnail Handler. The manipulation of the argument thumbnail leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The vendor was contacted early about this disclosure but did not respond in any way.
A security vulnerability has been detected in ProjectsAndPrograms School Management System up to 6b6fae5426044f89c08d0dd101c7fa71f9042a59. This impacts an unknown function of the file /assets/createNotice.php. The manipulation of the argument File leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. This product uses a rolling release model to deliver continuous updates. As a result, specific version information for affected or updated releases is not available.
The WavePlayer WordPress plugin before 3.8.0 does not have authorization in an AJAX action as well as does not validate the file to be copied locally, allowing unauthenticated users to upload arbitrary file on the server and lead to RCE
Document Management System developed by Excellent Infotek has an Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server.
ClipBucket version 2.6 and earlier contains a critical vulnerability in the ofc_upload_image.php script located at /admin_area/charts/ofc-library/. This endpoint allows unauthenticated users to upload arbitrary files, including executable PHP scripts. Once uploaded, the attacker can access the file via a predictable path and trigger remote code execution.
A flaw has been found in ProjectsAndPrograms School Management System up to 6b6fae5426044f89c08d0dd101c7fa71f9042a59. Affected by this vulnerability is an unknown functionality of the file /assets/uploadNotes.php. This manipulation of the argument File causes unrestricted upload. Remote exploitation of the attack is possible. The exploit has been published and may be used. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided.
A vulnerability was found in code-projects Student Crud Operation up to 3.3. This vulnerability affects the function move_uploaded_file of the file add.php of the component Add Student Page/Edit Student Page. Performing manipulation results in unrestricted upload. The attack can be initiated remotely. The exploit has been made public and could be used.
licenseUpload.php in Centreon Web before 2.8.27 allows attackers to upload arbitrary files via a POST request.
An issue was discovered in Foxit PhantomPDF before 8.3.6. It allows arbitrary application execution via an embedded executable file in a PDF portfolio, aka FG-VD-18-029.
ismartgate PRO 1.5.9 is vulnerable to malicious file uploads via the form for uploading sounds to garage doors. The magic bytes for WAV must be used.
A PHP File Upload Vulnerability exists in PolarBear CMS 2.5 via upload.php, which could let a malicious user execute arbitrary code.
emlog v5.3.1 and emlog v6.0.0 have a Remote Code Execution vulnerability due to upload of database backup file in admin/data.php.
modules/orderfiles/ajax/upload.php in the Customer Files Upload addon 2018-08-01 for PrestaShop (1.5 through 1.7) allows remote attackers to execute arbitrary code by uploading a php file via modules/orderfiles/upload.php with auptype equal to product (for upload destinations under modules/productfiles), order (for upload destinations under modules/files), or cart (for upload destinations under modules/cartfiles).
The AIHub theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the generate_image function in all versions up to, and including, 1.3.7. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
The Product Options and Price Calculation Formulas for WooCommerce – Uni CPO (Premium) plugin for WordPress is vulnerable to arbitrary file uploads due to misconfigured file type validation in the 'uni_cpo_upload_file' function in all versions up to, and including, 4.9.54. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
A vulnerability was determined in 1000projects Online Student Project Report Submission and Evaluation System 1.0. The affected element is an unknown function of the file /admin/controller/faculty_controller.php. This manipulation of the argument new_image causes unrestricted upload. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized.
Delta Electronics DIAEnergie Version 1.7.5 and prior allows unrestricted file uploads, which may allow an attacker to remotely execute code.
Prizm Content Connect 5.1 has an Arbitrary File Upload Vulnerability
A vulnerability in MagicInfo9 Server allows authorized users to upload HTML files without authentication, leading to Stored XSS, which can result in account takeover This issue affects MagicINFO 9 Server: less than 21.1090.1.
Frontier ichris through 5.18 allows users to upload malicious executable files that might later be downloaded and run by any client user.
An arbitrary file upload vulnerability in the YITH WooCommerce Gift Cards Premium plugin before 3.3.1 for WordPress allows remote attackers to achieve remote code execution on the operating system in the security context of the web server. In order to exploit this vulnerability, an attacker must be able to place a valid Gift Card product into the shopping cart. An uploaded file is placed at a predetermined path on the web server with a user-specified filename and extension. This occurs because the ywgc-upload-picture parameter can have a .php value even though the intention was to only allow uploads of Gift Card images.
SofaWiki <= 3.8.9 has a file upload vulnerability that leads to command execution.
A weakness has been identified in code-projects Online Music Site 1.0. Impacted is an unknown function of the file /Administrator/PHP/AdminUpdateCategory.php. This manipulation of the argument txtimage causes unrestricted upload. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be used for attacks.
A vulnerability, which was classified as critical, has been found in CampCodes Computer Laboratory Management System 1.0. Affected by this issue is some unknown functionality of the file /class/edit/edit. The manipulation of the argument e_photo leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
A security vulnerability has been detected in technical-laohu mpay up to 1.2.4. The impacted element is an unknown function of the component QR Code Image Handler. Such manipulation of the argument codeimg leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed publicly and may be used.
Airleader Master versions 6.381 and prior allow for file uploads without restriction to multiple webpages running maximum privileges. This could allow an unauthenticated user to potentially obtain remote code execution on the server.
A vulnerability was determined in code-projects Online Examination System 1.0. Affected by this issue is some unknown functionality of the file /admin_pic.php. Executing a manipulation can lead to unrestricted upload. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized.
Police Statistics Database System developed by Gotac has an Arbitrary File Upload vulnerability, allowing unauthenticated remote attacker to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server.
Unrestricted file upload vulnerability in the PMB platform, affecting versions 4.0.10 and above. This vulnerability could allow an attacker to upload a file to gain remote access to the machine, being able to access, modify and execute commands freely.
A flaw has been found in projectworlds House Rental and Property Listing 1.0. Impacted is an unknown function of the file /app/register.php?action=reg of the component Signup. This manipulation of the argument image causes unrestricted upload. Remote exploitation of the attack is possible. The exploit has been published and may be used.
A security vulnerability has been detected in code-projects Content Management System 1.0. Impacted is an unknown function of the file /admin/edit_posts.php. The manipulation of the argument image leads to unrestricted upload. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used.
File upload vulnerability in ejinshan v8+ terminal security system allows attackers to upload arbitrary files to arbitrary locations on the server.
A vulnerability has been found in SourceCodester Human Resource Information System 1.0. Affected by this issue is some unknown functionality of the file /Superadmin_Dashboard/process/editemployee_process.php. Such manipulation of the argument employee_file201 leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
A security vulnerability has been detected in Emlog Pro up to 2.5.18. This affects an unknown function of the file /admin/blogger.php?action=update_avatar. Such manipulation of the argument image leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
A vulnerability was found in RemoteClinic up to 2.0. Impacted is an unknown function of the file /staff/edit-my-profile.php. The manipulation of the argument image results in unrestricted upload. The attack may be launched remotely. The exploit has been made public and could be used.