The cysteme-finder plugin before 1.4 for WordPress has unrestricted file upload because of incorrect session tracking.
File Upload vulnerability in unauthenticated session found in OpenText™ iManager 3.2.6.0200. The vulnerability could allow ant attacker to upload a file without authentication.
Unrestricted Upload of File with Dangerous Type vulnerability in Asghar Hatampoor BuddyPress Cover allows Code Injection.This issue affects BuddyPress Cover: from n/a through 2.1.4.2.
IBM Analytics Content Hub 2.0, 2.1, 2.2, and 2.3 could be vulnerable to malicious file upload by not validating the type of file uploaded to Explore Content. Attackers can make use of this weakness and upload malicious executable files into the system, and it can be sent to victim for performing further attacks.
The Return Refund and Exchange For WooCommerce WordPress plugin before 4.0.9 does not validate attachment files to be uploaded via an AJAX action available to unauthenticated users, which could allow them to upload arbitrary files such as PHP and lead to RCE
Remote Code Execution in Clinic's Patient Management System v 1.0 allows Attacker to Upload arbitrary php webshell via profile picture upload functionality in users.php
Delta Electronics DIAEnergie Version 1.7.5 and prior allows unrestricted file uploads, which may allow an attacker to remotely execute code.
Simple College Website v1.0 was discovered to contain an arbitrary file write vulnerability via the function file_put_contents(). This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.
ARTWARE CMS parameter of image upload function does not filter the type of upload files which allows remote attackers can upload arbitrary files without logging in, and further execute code unrestrictedly.
Gin-vue-admin is a backstage management system based on vue and gin, which separates the front and rear of the full stack. Versions prior to 2.5.4 contain a file upload ability. The affected code fails to validate fileMd5 and fileName parameters, resulting in an arbitrary file being read. This issue is patched in 2.5.4b. There are no known workarounds.
Arbitrary file upload vulnerability in php uploader
An arbitrary file upload vulnerability in Zhongcheng Kexin Ticketing Management Platform 20.04 allows attackers to execute arbitrary code via uploading a crafted file.
The Booking calendar, Appointment Booking System WordPress plugin before 3.2.2 does not validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as PHP and achieve RCE
Roxy Fileman 1.4.6 allows Remote Code Execution via a .phar upload, because the default FORBIDDEN_UPLOADS value in conf.json only blocks .php, .php4, and .php5 files. (Visiting any .phar file invokes the PHP interpreter in some realistic web-server configurations.)
ZFile v4.1.1 was discovered to contain an arbitrary file upload vulnerability via the component /file/upload/1.
The WooCommerce Refund And Exchange with RMA - Warranty Management, Refund Policy, Manage User Wallet theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'ced_rnx_order_exchange_attach_files' function in all versions up to, and including, 3.2.6. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
Certain models of ASUS routers have an arbitrary firmware upload vulnerability. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary system commands on the device.
An issue discovered in Rawchen blog-ssm v1.0 allows remote attacker to escalate privileges and execute arbitrary commands via the component /upFile.
File upload vulnerability in Pro Gamma Instant Developer RD3 22.5 r23, r30, and possibly earlier versions, allows attackers to execute arbitrary code.
The ACF-Frontend-Display plugin through 2015-07-03 for WordPress has arbitrary file upload via an action=upload request to js/blueimp-jQuery-File-Upload-d45deb1/server/php/index.php.
jizhiCMS 2.5 suffers from a File upload vulnerability.
The executable file warning was not presented when downloading .xrm-ms files. *Note: This issue only affected Windows operating systems. Other operating systems are unaffected.* This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10.
Roothub v2.5 was discovered to contain an arbitrary file upload vulnerability via the customPath parameter in the upload() function. This vulnerability allows attackers to execute arbitrary code via a crafted JSP file.
The Showbiz Pro plugin through 1.7.1 for WordPress has PHP code execution by uploading a .php file within a ZIP archive.
The Open eClass platform (formerly known as GUnet eClass) is a complete Course Management System. An arbitrary file upload vulnerability in the "save" functionality of the H5P module enables unauthenticated users to upload arbitrary files on the server's filesystem. This may lead in unrestricted RCE on the backend server, since the upload location is accessible from the internet. This vulnerability is fixed in 3.16.
The Salon booking system plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the SLN_Action_Ajax_ImportAssistants function along with missing authorization checks in all versions up to, and including, 10.2. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
The d8s-archives for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-strings package. The affected version is 0.1.0.
The Ebook Store plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ebook_store_save_form function in all versions up to, and including, 5.8012. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
The dzs-zoomsounds plugin through 2.0 for WordPress has admin/upload.php arbitrary file upload.
File Upload vulnerability in openeclass v.3.15 and before allows an attacker to execute arbitrary code via a crafted file to the certbadge.php endpoint.
The Listingo WordPress theme before 3.2.7 does not validate files to be uploaded via an AJAX action available to unauthenticated users, which could allow them to upload arbitrary files and lead to RCE
An issue was discovered in SEMCMS v.4.8, allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information via the upload.php file.
The d8s-xml for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-strings package. The affected version is 0.1.0.
Unrestricted Upload of File with Dangerous Type vulnerability in Copymatic Copymatic – AI Content Writer & Generator.This issue affects Copymatic – AI Content Writer & Generator: from n/a through 1.6.
A vulnerability was found in SourceCodester Music Gallery Site 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file classes/Master.php?f=save_music. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-258001 was assigned to this vulnerability.
A File Upload vulnerability in DedeCMS v5.7 allows a local attacker to execute arbitrary code via a crafted payload.
** UNSUPPORTED WHEN ASSIGNED ** The remote code execution vulnerability in the CGI program “file_upload-cgi” in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0 could allow an unauthenticated attacker to execute arbitrary code by uploading a crafted configuration file to a vulnerable device.
Cuppa CMS v1.0 was discovered to contain an arbitrary file upload vulnerability via the File Manager.
In MISP before 2.4.187, add_misp_export in app/Controller/EventsController.php does not properly check for a valid file upload.
The d8s-netstrings for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-strings package. The affected version is 0.1.0.
A vulnerability classified as critical was found in SourceCodester Simple File Manager 1.0. This vulnerability affects unknown code. The manipulation of the argument photo leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-257770 is the identifier assigned to this vulnerability.
OpenVPN plug-ins on Windows with OpenVPN 2.6.9 and earlier could be loaded from any directory, which allows an attacker to load an arbitrary plug-in which can be used to interact with the privileged OpenVPN interactive service.
Airflow-Diagrams v2.1.0 was discovered to contain an arbitrary file upload vulnerability in the unsafe_load function at cli.py. This vulnerability allows attackers to execute arbitrary code via uploading a crafted YML file.
An issue in Mblog Blog system v.3.5.0 allows an attacker to execute arbitrary code via a crafted file to the theme management feature.
A file upload vulnerability exists in the storage feature of pagekit 1.0.18, which allows an attacker to upload malicious files
72crm 9.0 has an Arbitrary file upload vulnerability.
File Upload vulnerability in magicflue v.7.0 and before allows a remote attacker to execute arbitrary code via a crafted request to the messageid parameter of the mail/mailupdate.jsp endpoint.
The Everest Forms – Contact Forms, Quiz, Survey, Newsletter & Payment Form Builder for WordPress plugin for WordPress is vulnerable to arbitrary file upload, read, and deletion due to missing file type and path validation in the 'format' method of the EVF_Form_Fields_Upload class in all versions up to, and including, 3.0.9.4. This makes it possible for unauthenticated attackers to upload, read, and delete arbitrary files on the affected site's server which may make remote code execution, sensitive information disclosure, or a site takeover possible.
A vulnerability was found in code-projects Simple Photo Gallery 1.0. It has been classified as critical. Affected is an unknown function of the file /upload-photo.php. The manipulation of the argument file_img leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
A vulnerability, which was classified as critical, has been found in easyii CMS. This issue affects the function file of the file helpers/Upload.php of the component File Upload Management. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The identifier VDB-212501 was assigned to this vulnerability.