Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-4310

Summary
Assigner-VulDB
Assigner Org ID-1af790b2-7ee1-4545-860a-a788eba489b5
Published At-06 May, 2025 | 03:31
Updated At-06 May, 2025 | 14:22
Rejected At-
Credits

itsourcecode Content Management System add_topic.php unrestricted upload

A vulnerability classified as critical has been found in itsourcecode Content Management System 1.0. This affects an unknown part of the file /admin/add_topic.php?category=BBS. The manipulation of the argument Cover Image leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:VulDB
Assigner Org ID:1af790b2-7ee1-4545-860a-a788eba489b5
Published At:06 May, 2025 | 03:31
Updated At:06 May, 2025 | 14:22
Rejected At:
▼CVE Numbering Authority (CNA)
itsourcecode Content Management System add_topic.php unrestricted upload

A vulnerability classified as critical has been found in itsourcecode Content Management System 1.0. This affects an unknown part of the file /admin/add_topic.php?category=BBS. The manipulation of the argument Cover Image leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Affected Products
Vendor
ITSourceCodeitsourcecode
Product
Content Management System
Versions
Affected
  • 1.0
Problem Types
TypeCWE IDDescription
CWECWE-434Unrestricted Upload
CWECWE-284Improper Access Controls
Type: CWE
CWE ID: CWE-434
Description: Unrestricted Upload
Type: CWE
CWE ID: CWE-284
Description: Improper Access Controls
Metrics
VersionBase scoreBase severityVector
4.05.1MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
3.14.7MEDIUM
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
3.04.7MEDIUM
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
2.05.8N/A
AV:N/AC:L/Au:M/C:P/I:P/A:P
Version: 4.0
Base score: 5.1
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
Version: 3.1
Base score: 4.7
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
Version: 3.0
Base score: 4.7
Base severity: MEDIUM
Vector:
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
Version: 2.0
Base score: 5.8
Base severity: N/A
Vector:
AV:N/AC:L/Au:M/C:P/I:P/A:P
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
reporter
XuepengZ (VulDB User)
Timeline
EventDate
Advisory disclosed2025-05-05 00:00:00
VulDB entry created2025-05-05 02:00:00
VulDB entry last update2025-05-05 15:00:59
Event: Advisory disclosed
Date: 2025-05-05 00:00:00
Event: VulDB entry created
Date: 2025-05-05 02:00:00
Event: VulDB entry last update
Date: 2025-05-05 15:00:59
Replaced By
Rejected Reason
References
HyperlinkResource
https://vuldb.com/?id.307413
vdb-entry
technical-description
https://vuldb.com/?ctiid.307413
signature
permissions-required
https://vuldb.com/?submit.564206
third-party-advisory
https://github.com/ZhaoxuepengS/CVE-vul/issues/1
exploit
issue-tracking
https://itsourcecode.com/
product
Hyperlink: https://vuldb.com/?id.307413
Resource:
vdb-entry
technical-description
Hyperlink: https://vuldb.com/?ctiid.307413
Resource:
signature
permissions-required
Hyperlink: https://vuldb.com/?submit.564206
Resource:
third-party-advisory
Hyperlink: https://github.com/ZhaoxuepengS/CVE-vul/issues/1
Resource:
exploit
issue-tracking
Hyperlink: https://itsourcecode.com/
Resource:
product
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/ZhaoxuepengS/CVE-vul/issues/1
exploit
Hyperlink: https://github.com/ZhaoxuepengS/CVE-vul/issues/1
Resource:
exploit
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cna@vuldb.com
Published At:06 May, 2025 | 04:16
Updated At:13 May, 2025 | 20:21

A vulnerability classified as critical has been found in itsourcecode Content Management System 1.0. This affects an unknown part of the file /admin/add_topic.php?category=BBS. The manipulation of the argument Cover Image leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.05.1MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Secondary3.14.7MEDIUM
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
Primary3.16.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Secondary2.05.8MEDIUM
AV:N/AC:L/Au:M/C:P/I:P/A:P
Type: Secondary
Version: 4.0
Base score: 5.1
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Secondary
Version: 3.1
Base score: 4.7
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
Type: Primary
Version: 3.1
Base score: 6.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Type: Secondary
Version: 2.0
Base score: 5.8
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:M/C:P/I:P/A:P
CPE Matches
emiloi
emiloi
>>content_management_system>>1.0
cpe:2.3:a:emiloi:content_management_system:1.0:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-284Secondarycna@vuldb.com
CWE-434Secondarycna@vuldb.com
CWE-434Primarynvd@nist.gov
CWE ID: CWE-284
Type: Secondary
Source: cna@vuldb.com
CWE ID: CWE-434
Type: Secondary
Source: cna@vuldb.com
CWE ID: CWE-434
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/ZhaoxuepengS/CVE-vul/issues/1cna@vuldb.com
Exploit
Issue Tracking
Third Party Advisory
https://itsourcecode.com/cna@vuldb.com
Product
https://vuldb.com/?ctiid.307413cna@vuldb.com
Permissions Required
VDB Entry
https://vuldb.com/?id.307413cna@vuldb.com
Third Party Advisory
VDB Entry
https://vuldb.com/?submit.564206cna@vuldb.com
Third Party Advisory
VDB Entry
https://github.com/ZhaoxuepengS/CVE-vul/issues/1134c704f-9b21-4f2e-91b3-4a467353bcc0
Exploit
Issue Tracking
Third Party Advisory
Hyperlink: https://github.com/ZhaoxuepengS/CVE-vul/issues/1
Source: cna@vuldb.com
Resource:
Exploit
Issue Tracking
Third Party Advisory
Hyperlink: https://itsourcecode.com/
Source: cna@vuldb.com
Resource:
Product
Hyperlink: https://vuldb.com/?ctiid.307413
Source: cna@vuldb.com
Resource:
Permissions Required
VDB Entry
Hyperlink: https://vuldb.com/?id.307413
Source: cna@vuldb.com
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://vuldb.com/?submit.564206
Source: cna@vuldb.com
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://github.com/ZhaoxuepengS/CVE-vul/issues/1
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Resource:
Exploit
Issue Tracking
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

564Records found
CVE-2023-6308
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.19% / 40.70%
||
7 Day CHG~0.00%
Published-27 Nov, 2023 | 01:31
Updated-02 Aug, 2024 | 08:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Xiamen Four-Faith Video Surveillance Management System Apache Struts unrestricted upload

A vulnerability, which was classified as critical, has been found in Xiamen Four-Faith Video Surveillance Management System 2016/2017. Affected by this issue is some unknown functionality of the component Apache Struts. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-246134 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-four-faithXiamen Four-Faith
Product-video_surveillance_management_systemVideo Surveillance Management System
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-10999
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.1||MEDIUM
EPSS-0.24% / 47.49%
||
7 Day CHG+0.02%
Published-08 Nov, 2024 | 08:00
Updated-04 Jun, 2025 | 18:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CodeAstro Real Estate Management System About Us Page aboutadd.php unrestricted upload

A vulnerability classified as problematic has been found in CodeAstro Real Estate Management System 1.0. Affected is an unknown function of the file /aboutadd.php of the component About Us Page. The manipulation of the argument aimage leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-CodeAstro
Product-real_estate_management_systemReal Estate Management Systemreal_estate_management_system
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-10413
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.23% / 46.04%
||
7 Day CHG+0.04%
Published-27 Oct, 2024 | 09:31
Updated-29 Oct, 2024 | 20:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Online Hotel Reservation System update.php upload unrestricted upload

A vulnerability, which was classified as critical, has been found in SourceCodester Online Hotel Reservation System 1.0. Affected by this issue is the function upload of the file /guest/update.php. The manipulation of the argument image leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-janobeSourceCodester
Product-online_hotel_reservation_systemOnline Hotel Reservation System
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-10353
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.18% / 39.37%
||
7 Day CHG~0.00%
Published-24 Oct, 2024 | 23:31
Updated-30 Oct, 2024 | 16:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Online Exam System admin-dashboard access control

A vulnerability classified as critical has been found in SourceCodester Online Exam System 1.0. Affected is an unknown function of the file /admin-dashboard. The manipulation leads to improper access controls. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. This affects a different product and is a different issue than CVE-2024-40480.

Action-Not Available
Vendor-oretnom23SourceCodester
Product-online_exam_systemOnline Exam System
CWE ID-CWE-284
Improper Access Control
CVE-2024-11000
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.1||MEDIUM
EPSS-0.16% / 37.79%
||
7 Day CHG+0.01%
Published-08 Nov, 2024 | 08:00
Updated-04 Jun, 2025 | 18:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CodeAstro Real Estate Management System About Us Page aboutedit.php unrestricted upload

A vulnerability classified as problematic was found in CodeAstro Real Estate Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /aboutedit.php of the component About Us Page. The manipulation of the argument aimage leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-CodeAstro
Product-real_estate_management_systemReal Estate Management Systemreal_estate_management_system
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-10293
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.24% / 47.27%
||
7 Day CHG~0.00%
Published-23 Oct, 2024 | 16:00
Updated-30 Oct, 2024 | 13:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ZZCMS functions.php Ebak_SetGotoPak unrestricted upload

A vulnerability was found in ZZCMS 2023. It has been classified as critical. Affected is the function Ebak_SetGotoPak of the file 3/Ebbak5.1/upload/class/functions.php. The manipulation of the argument file leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-zzcmsn/azzcms
Product-zzcmsZZCMSzzcms
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-10766
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.20% / 42.12%
||
7 Day CHG~0.00%
Published-04 Nov, 2024 | 17:31
Updated-06 Nov, 2024 | 14:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Codezips Free Exam Hall Seating Management System save_user.php unrestricted upload

A vulnerability, which was classified as critical, has been found in Codezips Free Exam Hall Seating Management System 1.0. This issue affects some unknown processing of the file /pages/save_user.php. The manipulation of the argument image leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The initial researcher disclosure contains confusing vulnerability classes and file names.

Action-Not Available
Vendor-CodeZips
Product-free_exam_hall_seating_management_systemFree Exam Hall Seating Management Systemfree_exam_hall_seating_management_system
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CWE ID-CWE-266
Incorrect Privilege Assignment
CVE-2024-11122
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.10% / 28.33%
||
7 Day CHG+0.01%
Published-12 Nov, 2024 | 12:31
Updated-27 Aug, 2025 | 20:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
上海灵当信息科技有限公司 Lingdang CRM index.php unrestricted upload

A vulnerability, which was classified as critical, has been found in 上海灵当信息科技有限公司 Lingdang CRM up to 8.6.4.3. Affected by this issue is some unknown functionality of the file /crm/wechatSession/index.php?msgid=1&operation=upload. The manipulation of the argument file leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-51mis上海灵当信息科技有限公司shanghai_lingdang_information_technology
Product-lingdang_crmLingdang CRMlingdang_crm
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-10993
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.18% / 40.37%
||
7 Day CHG+0.01%
Published-08 Nov, 2024 | 05:31
Updated-18 Nov, 2024 | 18:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Codezips Online Institute Management System manage_website.php unrestricted upload

A vulnerability, which was classified as critical, was found in Codezips Online Institute Management System 1.0. Affected is an unknown function of the file /manage_website.php. The manipulation of the argument website_image leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-CodeZips
Product-online_institute_management_systemOnline Institute Management Systemonline_institute_management_system
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-10764
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.17% / 39.15%
||
7 Day CHG~0.00%
Published-04 Nov, 2024 | 15:31
Updated-06 Nov, 2024 | 14:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Codezips Online Institute Management System save_user.php unrestricted upload

A vulnerability classified as critical has been found in Codezips Online Institute Management System 1.0. This affects an unknown part of the file /pages/save_user.php. The manipulation of the argument image leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-CodeZips
Product-online_institute_management_systemOnline Institute Management Systemonline_institute_management_system
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CWE ID-CWE-266
Incorrect Privilege Assignment
CVE-2024-10994
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.17% / 39.03%
||
7 Day CHG+0.01%
Published-08 Nov, 2024 | 06:00
Updated-18 Nov, 2024 | 18:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Codezips Online Institute Management System edit_user.php unrestricted upload

A vulnerability has been found in Codezips Online Institute Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /edit_user.php. The manipulation of the argument image leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-CodeZips
Product-online_institute_management_systemOnline Institute Management Systemonline_institute_management_system
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-2148
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.11% / 29.51%
||
7 Day CHG~0.00%
Published-03 Mar, 2024 | 17:00
Updated-02 Jan, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Online Mobile Management Store Users.php unrestricted upload

A vulnerability classified as critical has been found in SourceCodester Online Mobile Management Store 1.0. This affects an unknown part of the file /classes/Users.php. The manipulation of the argument img leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-255501 was assigned to this vulnerability.

Action-Not Available
Vendor-oretnom23SourceCodester
Product-online_mobile_store_management_systemOnline Mobile Management Storeonline_mobile_management_store
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-10765
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.17% / 39.15%
||
7 Day CHG~0.00%
Published-04 Nov, 2024 | 15:31
Updated-06 Nov, 2024 | 14:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Codezips Online Institute Management System profile.php unrestricted upload

A vulnerability classified as critical was found in Codezips Online Institute Management System up to 1.0. This vulnerability affects unknown code of the file /profile.php. The manipulation of the argument old_image leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-CodeZips
Product-online_institute_management_systemOnline Institute Management Systemonline_institute_management_system
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CWE ID-CWE-266
Incorrect Privilege Assignment
CVE-2024-10292
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.24% / 47.27%
||
7 Day CHG~0.00%
Published-23 Oct, 2024 | 15:31
Updated-30 Oct, 2024 | 13:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ZZCMS ChangeTable.php unrestricted upload

A vulnerability was found in ZZCMS 2023 and classified as critical. This issue affects some unknown processing of the file 3/Ebak5.1/upload/ChangeTable.php. The manipulation of the argument savefilename leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-zzcmsn/azzcms
Product-zzcmsZZCMSzzcms
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-10420
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.24% / 47.33%
||
7 Day CHG+0.04%
Published-27 Oct, 2024 | 15:31
Updated-29 Oct, 2024 | 00:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Attendance and Payroll System update.php upload unrestricted upload

A vulnerability classified as critical has been found in SourceCodester Attendance and Payroll System 1.0. This affects the function upload of the file /marimar/guest/update.php. The manipulation of the argument image leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-nurhodelta17SourceCodester
Product-attendance_and_payroll_systemAttendance and Payroll System
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-10410
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-2.64% / 85.14%
||
7 Day CHG+0.38%
Published-27 Oct, 2024 | 03:31
Updated-29 Oct, 2024 | 20:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Online Hotel Reservation System controller.php upload unrestricted upload

A vulnerability classified as critical was found in SourceCodester Online Hotel Reservation System 1.0. Affected by this vulnerability is the function upload of the file /admin/mod_room/controller.php?action=add. The manipulation of the argument image leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-janobeSourceCodester
Product-online_hotel_reservation_systemOnline Hotel Reservation Systemonline_hotel_reservation_system
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-1008
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.7||MEDIUM
EPSS-0.07% / 23.16%
||
7 Day CHG~0.00%
Published-29 Jan, 2024 | 16:00
Updated-18 Oct, 2024 | 14:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Employee Management System Profile Page edit-photo.php unrestricted upload

A vulnerability was found in SourceCodester Employee Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file edit-photo.php of the component Profile Page. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252277 was assigned to this vulnerability.

Action-Not Available
Vendor-razormistSourceCodester
Product-employee_management_systemEmployee Management System
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-0194
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.19% / 41.67%
||
7 Day CHG~0.00%
Published-02 Jan, 2024 | 20:31
Updated-03 Jun, 2025 | 14:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CodeAstro Internet Banking System Profile Picture pages_account.php unrestricted upload

A vulnerability, which was classified as critical, has been found in CodeAstro Internet Banking System up to 1.0. This issue affects some unknown processing of the file pages_account.php of the component Profile Picture Handler. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249509 was assigned to this vulnerability.

Action-Not Available
Vendor-CodeAstro
Product-internet_banking_systemInternet Banking System
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-0185
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.7||MEDIUM
EPSS-0.06% / 19.93%
||
7 Day CHG~0.00%
Published-02 Jan, 2024 | 00:00
Updated-14 Nov, 2024 | 19:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
RRJ Nueva Ecija Engineer Online Portal Avatar dasboard_teacher.php unrestricted upload

A vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1.0. It has been rated as critical. This issue affects some unknown processing of the file dasboard_teacher.php of the component Avatar Handler. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249443.

Action-Not Available
Vendor-niaRRJ
Product-rrj_nueva_ecija_engineer_online_portalNueva Ecija Engineer Online Portal
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2022-3129
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.09% / 26.15%
||
7 Day CHG~0.00%
Published-07 Sep, 2022 | 19:50
Updated-15 Apr, 2025 | 13:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
codeprojects Online Driving School registration.php unrestricted upload

A vulnerability was found in codeprojects Online Driving School. It has been rated as critical. Affected by this issue is some unknown functionality of the file /registration.php. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-207872.

Action-Not Available
Vendor-online_driving_school_project_projectcodeprojectsSource Code & Projects
Product-online_driving_school_projectOnline Driving School
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-0939
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-87.72% / 99.43%
||
7 Day CHG~0.00%
Published-26 Jan, 2024 | 18:31
Updated-29 May, 2025 | 15:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Byzoro Smart S210 Management Platform uploadfile.php unrestricted upload

A vulnerability has been found in Byzoro Smart S210 Management Platform up to 20240117 and classified as critical. This vulnerability affects unknown code of the file /Tool/uploadfile.php. The manipulation of the argument file_upload leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252184. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-byzoroByzoro
Product-smart_s210smart_s210_firmwareSmart S210 Management Platform
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-4926
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.1||MEDIUM
EPSS-0.05% / 16.81%
||
7 Day CHG~0.00%
Published-19 May, 2025 | 09:31
Updated-19 May, 2025 | 14:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PHPGurukul Car Rental Project post-avehical.php unrestricted upload

A vulnerability was found in PHPGurukul Car Rental Project 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/post-avehical.php. The manipulation of the argument img1/img2/img3/img4/img5 leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-PHPGurukul LLP
Product-Car Rental Project
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-0468
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.08% / 23.59%
||
7 Day CHG~0.00%
Published-12 Jan, 2024 | 20:31
Updated-27 Aug, 2024 | 20:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Fighting Cock Information System new-father.php unrestricted upload

A vulnerability has been found in code-projects Fighting Cock Information System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/action/new-father.php. The manipulation of the argument image leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250573 was assigned to this vulnerability.

Action-Not Available
Vendor-Source Code & Projects
Product-fighting_cock_information_systemFighting Cock Information System
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-10161
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.27% / 49.74%
||
7 Day CHG~0.00%
Published-20 Oct, 2024 | 00:31
Updated-21 Oct, 2024 | 21:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PHPGurukul Boat Booking System Update Boat Image Page change-image.php unrestricted upload

A vulnerability, which was classified as critical, was found in PHPGurukul Boat Booking System 1.0. This affects an unknown part of the file change-image.php of the component Update Boat Image Page. The manipulation of the argument image leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-PHPGurukul LLP
Product-boat_booking_systemBoat Booking Systemboat_booking_system
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-0783
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-2.53% / 84.85%
||
7 Day CHG~0.00%
Published-22 Jan, 2024 | 17:31
Updated-30 May, 2025 | 14:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Project Worlds Online Admission System documents.php unrestricted upload

A vulnerability was found in Project Worlds Online Admission System 1.0 and classified as critical. This issue affects some unknown processing of the file documents.php. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-251699.

Action-Not Available
Vendor-online_admission_system_projectProjectworlds
Product-online_admission_systemOnline Admission System
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-0415
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.17% / 38.48%
||
7 Day CHG~0.00%
Published-11 Jan, 2024 | 17:31
Updated-26 Aug, 2024 | 18:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DeShang DSMall Image URL TaobaoExport.php access control

A vulnerability classified as critical was found in DeShang DSMall up to 6.1.0. Affected by this vulnerability is an unknown functionality of the file application/home/controller/TaobaoExport.php of the component Image URL Handler. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250435.

Action-Not Available
Vendor-csdeshangDeShang
Product-dsmallDSMall
CWE ID-CWE-284
Improper Access Control
CVE-2024-0192
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.16% / 37.38%
||
7 Day CHG~0.00%
Published-02 Jan, 2024 | 20:00
Updated-17 Jun, 2025 | 20:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
RRJ Nueva Ecija Engineer Online Portal Add Downloadable downloadable.php unrestricted upload

A vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file downloadable.php of the component Add Downloadable. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249505 was assigned to this vulnerability.

Action-Not Available
Vendor-niaRRJ
Product-rrj_nueva_ecija_engineer_online_portalNueva Ecija Engineer Online Portal
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-0933
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.08% / 23.59%
||
7 Day CHG~0.00%
Published-26 Jan, 2024 | 17:00
Updated-29 May, 2025 | 15:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Niushop B2B2C Upload.php unrestricted upload

A vulnerability was found in Niushop B2B2C V5 and classified as critical. Affected by this issue is some unknown functionality of the file \app\model\Upload.php. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252140. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-niushopNiushop
Product-b2b2c_multi-businessB2B2C
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2023-6850
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.23% / 45.35%
||
7 Day CHG~0.00%
Published-16 Dec, 2023 | 08:31
Updated-07 Oct, 2024 | 14:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
kalcaddle KodExplorer API Endpoint unrestricted upload

A vulnerability was found in kalcaddle KodExplorer up to 4.51.03. It has been declared as critical. This vulnerability affects unknown code of the file /index.php?pluginApp/to/yzOffice/getFile of the component API Endpoint Handler. The manipulation of the argument path/file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.52.01 is able to address this issue. The patch is identified as 5cf233f7556b442100cf67b5e92d57ceabb126c6. It is recommended to upgrade the affected component. VDB-248218 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-kodcloudkalcaddle
Product-kodexplorerKodExplorer
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2023-7212
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.7||MEDIUM
EPSS-0.05% / 13.68%
||
7 Day CHG+0.01%
Published-07 Jan, 2024 | 16:31
Updated-03 Jun, 2025 | 14:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DeDeCMS Backend file_class.php unrestricted upload

A vulnerability classified as critical has been found in DeDeCMS up to 5.7.112. Affected is an unknown function of the file file_class.php of the component Backend. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249768. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-n/aDedeCMS
Product-dedecmsDeDeCMS
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2023-6887
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.08% / 23.59%
||
7 Day CHG~0.00%
Published-17 Dec, 2023 | 00:31
Updated-27 Aug, 2024 | 16:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
saysky ForestBlog Image Upload img unrestricted upload

A vulnerability classified as critical has been found in saysky ForestBlog up to 20220630. This affects an unknown part of the file /admin/upload/img of the component Image Upload Handler. The manipulation of the argument filename leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-248247.

Action-Not Available
Vendor-forestblog_projectsaysky
Product-forestblogForestBlog
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-1918
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.7||MEDIUM
EPSS-0.02% / 4.61%
||
7 Day CHG~0.00%
Published-27 Feb, 2024 | 13:00
Updated-17 Dec, 2024 | 19:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Byzoro Smart S42 Management Platform userattestation.php unrestricted upload

A vulnerability has been found in Byzoro Smart S42 Management Platform up to 20240219 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /useratte/userattestation.php. The manipulation of the argument hidwel leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-254839. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-byzoroByzoro
Product-smart_s42_management_platformSmart S42 Management Platform
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2023-6574
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.02% / 3.65%
||
7 Day CHG~0.00%
Published-07 Dec, 2023 | 19:31
Updated-02 Aug, 2024 | 08:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Byzoro Smart S20 HTTP POST Request updateos.php unrestricted upload

A vulnerability was found in Byzoro Smart S20 up to 20231120 and classified as critical. Affected by this issue is some unknown functionality of the file /sysmanage/updateos.php of the component HTTP POST Request Handler. The manipulation of the argument 1_file_upload leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-247154 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-byzoroByzoro
Product-smart_s20_firmwaresmart_s20Smart S20
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-2059
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.7||MEDIUM
EPSS-0.05% / 16.56%
||
7 Day CHG~0.00%
Published-01 Mar, 2024 | 11:31
Updated-10 Dec, 2024 | 23:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Petrol Pump Management Software service_crud.php unrestricted upload

A vulnerability was found in SourceCodester Petrol Pump Management Software 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/app/service_crud.php. The manipulation of the argument photo leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-255374 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-mayuri_kSourceCodester
Product-petrol_pump_managementPetrol Pump Management Softwarepetrol_pump_management
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2023-7036
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.7||MEDIUM
EPSS-0.18% / 39.59%
||
7 Day CHG~0.00%
Published-21 Dec, 2023 | 16:00
Updated-02 Aug, 2024 | 08:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
automad Content Type FileCollectionController.php upload unrestricted upload

A vulnerability was found in automad up to 1.10.9. It has been classified as problematic. This affects the function upload of the file FileCollectionController.php of the component Content Type Handler. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-248685 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-automadn/a
Product-automadautomad
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-7150
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.7||MEDIUM
EPSS-0.13% / 33.18%
||
7 Day CHG~0.00%
Published-29 Dec, 2023 | 04:00
Updated-20 Nov, 2024 | 21:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Campcodes Chic Beauty Salon Product product-list.php unrestricted upload

A vulnerability classified as critical was found in Campcodes Chic Beauty Salon 20230703. Affected by this vulnerability is an unknown functionality of the file product-list.php of the component Product Handler. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249157 was assigned to this vulnerability.

Action-Not Available
Vendor-CampCodes
Product-chic_beauty_salonChic Beauty Salon
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2023-6576
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.02% / 3.79%
||
7 Day CHG~0.00%
Published-07 Dec, 2023 | 20:31
Updated-02 Aug, 2024 | 08:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Byzoro S210 HTTP POST Request uploadfile.php unrestricted upload

A vulnerability was found in Byzoro S210 up to 20231123. It has been declared as critical. This vulnerability affects unknown code of the file /Tool/uploadfile.php of the component HTTP POST Request Handler. The manipulation of the argument file_upload leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-247156. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-byzoroByzoro
Product-smart_s210smart_s210_firmwareS210
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2023-6794
Matching Score-4
Assigner-Palo Alto Networks, Inc.
ShareView Details
Matching Score-4
Assigner-Palo Alto Networks, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.07% / 21.50%
||
7 Day CHG~0.00%
Published-13 Dec, 2023 | 18:16
Updated-02 Aug, 2024 | 08:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PAN-OS: File Upload Vulnerability in the Web Interface

An arbitrary file upload vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-write administrator with access to the web interface to disrupt system processes and potentially execute arbitrary code with limited privileges on the firewall.

Action-Not Available
Vendor-Palo Alto Networks, Inc.
Product-pan-osCloud NGFWPAN-OSPrisma Access
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2023-7091
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.27% / 50.11%
||
7 Day CHG~0.00%
Published-24 Dec, 2023 | 21:00
Updated-02 Aug, 2024 | 08:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Dreamer CMS uploadFile unrestricted upload

A vulnerability was found in Dreamer CMS 4.1.3. It has been declared as problematic. This vulnerability affects unknown code of the file /upload/uploadFile. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-248938 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-iteachyouDreamer
Product-dreamer_cmsCMS
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2023-7159
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.7||MEDIUM
EPSS-0.11% / 30.20%
||
7 Day CHG~0.00%
Published-29 Dec, 2023 | 07:00
Updated-02 Aug, 2024 | 08:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
gopeak MasterLab User.php update unrestricted upload

A vulnerability was found in gopeak MasterLab up to 3.3.10. It has been declared as critical. Affected by this vulnerability is the function add/update of the file app/ctrl/admin/User.php. The manipulation of the argument avatar leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249181 was assigned to this vulnerability.

Action-Not Available
Vendor-masterlabgopeak
Product-masterlabMasterLab
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2023-6274
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.03% / 8.29%
||
7 Day CHG~0.00%
Published-24 Nov, 2023 | 14:00
Updated-02 Aug, 2024 | 08:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Byzoro Smart S80 PHP File updatelib.php unrestricted upload

A vulnerability was found in Byzoro Smart S80 up to 20231108. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /sysmanage/updatelib.php of the component PHP File Handler. The manipulation of the argument file_upload leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-246103. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-byzoroByzoro
Product-smart_s80_firmwaresmart_s80Smart S80
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2023-5491
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.09% / 25.94%
||
7 Day CHG~0.00%
Published-10 Oct, 2023 | 15:00
Updated-16 Jun, 2025 | 17:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Byzoro Smart S45F Multi-Service Secure Gateway Intelligent Management Platform updatelib.php unrestricted upload

A vulnerability, which was classified as critical, has been found in Byzoro Smart S45F Multi-Service Secure Gateway Intelligent Management Platform up to 20230928. This issue affects some unknown processing of the file /sysmanage/updatelib.php. The manipulation of the argument file_upload leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-241643. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-byzoroByzoro
Product-smart_s45fsmart_s45f_firmwareSmart S45F Multi-Service Secure Gateway Intelligent Management Platform
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2023-5488
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.03% / 8.28%
||
7 Day CHG~0.00%
Published-10 Oct, 2023 | 14:00
Updated-02 Aug, 2024 | 07:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Byzoro Smart S45F Multi-Service Secure Gateway Intelligent Management Platform updatelib.php unrestricted upload

A vulnerability was found in Byzoro Smart S45F Multi-Service Secure Gateway Intelligent Management Platform up to 20230928. It has been rated as critical. Affected by this issue is some unknown functionality of the file /sysmanage/updatelib.php. The manipulation of the argument file_upload leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-241640. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-byzoroByzoro
Product-smart_s45fsmart_s45f_firmwareSmart S45F Multi-Service Secure Gateway Intelligent Management Platform
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2023-5812
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.7||MEDIUM
EPSS-0.06% / 19.38%
||
7 Day CHG~0.00%
Published-27 Oct, 2023 | 01:31
Updated-02 Aug, 2024 | 08:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
flusity CMS upload.php handleFileUpload unrestricted upload

A vulnerability has been found in flusity CMS and classified as critical. Affected by this vulnerability is the function handleFileUpload of the file core/tools/upload.php. The manipulation of the argument uploaded_file leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The associated identifier of this vulnerability is VDB-243643.

Action-Not Available
Vendor-flusityflusity
Product-flusityCMS
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2023-5790
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.08% / 24.00%
||
7 Day CHG~0.00%
Published-26 Oct, 2023 | 16:00
Updated-17 Sep, 2024 | 13:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester File Manager App add-file.php unrestricted upload

A vulnerability classified as critical was found in SourceCodester File Manager App 1.0. Affected by this vulnerability is an unknown functionality of the file endpoint/add-file.php. The manipulation of the argument uploadedFileName leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-243595.

Action-Not Available
Vendor-remyandradeSourceCodester
Product-file_manager_appFile Manager App
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2023-5829
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.08% / 24.00%
||
7 Day CHG~0.00%
Published-27 Oct, 2023 | 20:00
Updated-02 Aug, 2024 | 08:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Admission Management System student_avatar.php unrestricted upload

A vulnerability was found in code-projects Admission Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file student_avatar.php. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-243728.

Action-Not Available
Vendor-admission_management_system_projectadmission_management_system_projectSource Code & Projects
Product-admission_management_systemAdmission Management Systemadmission_management_system
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2023-5493
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.64% / 69.56%
||
7 Day CHG~0.00%
Published-10 Oct, 2023 | 16:00
Updated-02 Aug, 2024 | 07:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Byzoro Smart S45F Multi-Service Secure Gateway Intelligent Management Platform web.php unrestricted upload

A vulnerability has been found in Byzoro Smart S45F Multi-Service Secure Gateway Intelligent Management Platform up to 20230928 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /useratte/web.php. The manipulation of the argument file_upload leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-241645 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-byzoroByzoro
Product-smart_s45fsmart_s45f_firmwareSmart S45F Multi-Service Secure Gateway Intelligent Management Platform
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2023-5795
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.08% / 24.00%
||
7 Day CHG~0.00%
Published-26 Oct, 2023 | 17:31
Updated-09 Sep, 2024 | 16:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CodeAstro POS System Profile Picture profil unrestricted upload

A vulnerability was found in CodeAstro POS System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /profil of the component Profile Picture Handler. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-243601 was assigned to this vulnerability.

Action-Not Available
Vendor-martmbithiCodeAstro
Product-pos_systemPOS System
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2023-5490
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.64% / 69.56%
||
7 Day CHG~0.00%
Published-10 Oct, 2023 | 15:00
Updated-02 Aug, 2024 | 07:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Byzoro Smart S45F Multi-Service Secure Gateway Intelligent Management Platform userattestation.php unrestricted upload

A vulnerability classified as critical was found in Byzoro Smart S45F Multi-Service Secure Gateway Intelligent Management Platform up to 20230928. This vulnerability affects unknown code of the file /useratte/userattestation.php. The manipulation of the argument web_img leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-241642 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-byzoroByzoro
Product-smart_s45fsmart_s45f_firmwareSmart S45F Multi-Service Secure Gateway Intelligent Management Platform
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2023-5796
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.08% / 23.59%
||
7 Day CHG~0.00%
Published-26 Oct, 2023 | 17:31
Updated-09 Sep, 2024 | 16:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CodeAstro POS System Logo setting unrestricted upload

A vulnerability was found in CodeAstro POS System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /setting of the component Logo Handler. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-243602 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-martmbithiCodeAstro
Product-pos_systemPOS System
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
  • Previous
  • 1
  • 2
  • ...
  • 5
  • 6
  • 7
  • ...
  • 11
  • 12
  • Next
Details not found