Total
1156 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-31090 | 1 Unlimited-elements | 1 Unlimited Elements For Elementor | 2025-02-05 | N/A | 9.9 CRITICAL |
| Unrestricted Upload of File with Dangerous Type vulnerability in Unlimited Elements Unlimited Elements For Elementor (Free Widgets, Addons, Templates) allows Upload a Web Shell to a Web Server.This issue affects Unlimited Elements For Elementor (Free Widgets, Addons, Templates): from n/a through 1.5.60. | |||||
| CVE-2023-33930 | 1 Unlimited-elements | 1 Unlimited Elements For Elementor | 2025-02-05 | N/A | 9.1 CRITICAL |
| Unrestricted Upload of File with Dangerous Type vulnerability in Unlimited Elements Unlimited Elements For Elementor (Free Widgets, Addons, Templates) allows Code Injection.This issue affects Unlimited Elements For Elementor (Free Widgets, Addons, Templates): from n/a through 1.5.66. | |||||
| CVE-2023-29721 | 1 Sofawiki Project | 1 Sofawiki | 2025-01-31 | N/A | 9.8 CRITICAL |
| SofaWiki <= 3.8.9 has a file upload vulnerability that leads to command execution. | |||||
| CVE-2023-29631 | 1 Joommasters | 1 Jms Slider | 2025-01-31 | N/A | 9.8 CRITICAL |
| PrestaShop jmsslider 1.6.0 is vulnerable to Incorrect Access Control via ajax_jmsslider.php. | |||||
| CVE-2023-28409 | 1 Mw Wp Form Project | 1 Mw Wp Form | 2025-01-31 | N/A | 9.8 CRITICAL |
| Unrestricted upload of file with dangerous type exists in MW WP Form versions v4.4.2 and earlier, which may allow a remote unauthenticated attacker to upload an arbitrary file. | |||||
| CVE-2023-27397 | 1 Microengine | 1 Mailform | 2025-01-31 | N/A | 9.8 CRITICAL |
| Unrestricted upload of file with dangerous type exists in MicroEngine Mailform version 1.1.0 to 1.1.8. If the product's file upload function and server save option are enabled, a remote attacker may save an arbitrary file on the server and execute it. | |||||
| CVE-2023-29268 | 1 Tibco | 1 Spotfire Statistics Services | 2025-01-30 | N/A | 9.8 CRITICAL |
| The Splus Server component of TIBCO Software Inc.'s TIBCO Spotfire Statistics Services contains a vulnerability that allows an unauthenticated remote attacker to upload or modify arbitrary files within the web server directory on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Statistics Services: versions 11.4.10 and below, versions 11.5.0, 11.6.0, 11.6.1, 11.6.2, 11.7.0, 11.8.0, 11.8.1, 12.0.0, 12.0.1, and 12.0.2, versions 12.1.0 and 12.2.0. | |||||
| CVE-2024-13448 | 1 Themerex | 1 Addons | 2025-01-30 | N/A | 9.8 CRITICAL |
| The ThemeREX Addons plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'trx_addons_uploads_save_data' function in all versions up to, and including, 2.32.3. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. | |||||
| CVE-2023-29635 | 1 Antabot White-jotter Project | 1 Antabot White-jotter | 2025-01-30 | N/A | 9.8 CRITICAL |
| File upload vulnerability in Antabot White-Jotter v0.2.2, allows remote attackers to execute malicious code via the file parameter to function coversUpload. | |||||
| CVE-2023-30185 | 1 Crmeb | 1 Crmeb | 2025-01-29 | N/A | 9.8 CRITICAL |
| CRMEB v4.4 to v4.6 was discovered to contain an arbitrary file upload vulnerability via the component \attachment\SystemAttachmentServices.php. | |||||
| CVE-2023-30264 | 1 Cltphp | 1 Cltphp | 2025-01-29 | N/A | 9.8 CRITICAL |
| CLTPHP <=6.0 is vulnerable to Unrestricted Upload of File with Dangerous Type via application/admin/controller/Template.php:update. | |||||
| CVE-2023-30090 | 1 Sem-cms | 1 Semcms | 2025-01-29 | N/A | 9.8 CRITICAL |
| Semcms Shop v4.2 was discovered to contain an arbitrary file uplaod vulnerability via the component SEMCMS_Upfile.php. This vulnerability allows attackers to execute arbitrary code via uploading a crafted PHP file. | |||||
| CVE-2023-30122 | 1 Online Food Ordering System Project | 1 Online Food Ordering System | 2025-01-29 | N/A | 9.8 CRITICAL |
| An arbitrary file upload vulnerability in the component /admin/ajax.php?action=save_menu of Online Food Ordering System v2.0 allows attackers to execute arbitrary code via uploading a crafted PHP file. | |||||
| CVE-2023-48777 | 1 Elementor | 1 Website Builder | 2025-01-28 | N/A | 9.9 CRITICAL |
| Unrestricted Upload of File with Dangerous Type vulnerability in Elementor.Com Elementor Website Builder.This issue affects Elementor Website Builder: from 3.3.0 through 3.18.1. | |||||
| CVE-2023-31689 | 1 Wcms | 1 Wcms | 2025-01-28 | N/A | 9.8 CRITICAL |
| In Wcms 0.3.2, an attacker can send a crafted request from a vulnerable web application backend server /wcms/wex/html.php via the finish parameter and the textAreaCode parameter. It can write arbitrary strings into custom file names and upload any files, and write malicious code to execute scripts to trigger command execution. | |||||
| CVE-2023-31903 | 1 Freeguppy | 1 Guppy | 2025-01-27 | N/A | 9.8 CRITICAL |
| GuppY CMS 6.00.10 is vulnerable to Unrestricted File Upload which allows remote attackers to execute arbitrary code by uploading a php file. | |||||
| CVE-2022-4774 | 1 Bitapps | 1 Bit Form | 2025-01-24 | N/A | 9.8 CRITICAL |
| The Bit Form WordPress plugin before 1.9 does not validate the file types uploaded via it's file upload form field, allowing unauthenticated users to upload arbitrary files types such as PHP or HTML files to the server, leading to Remote Code Execution. | |||||
| CVE-2023-30247 | 1 Storage Unit Rental Management System Project | 1 Storage Unit Rental Management System | 2025-01-24 | N/A | 9.8 CRITICAL |
| File Upload vulnerability found in Oretnom23 Storage Unit Rental Management System v.1.0 allows a remote attacker to execute arbitrary code via the update_settings parameter. | |||||
| CVE-2024-13091 | 1 Wpbot | 1 Wpot | 2025-01-24 | N/A | 9.8 CRITICAL |
| The WPBot Pro Wordpress Chatbot plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'qcld_wpcfb_file_upload' function in all versions up to, and including, 13.5.4. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. Note: The exploit requires thee ChatBot Conversational Forms plugin and the Conversational Form Builder Pro addon plugin. | |||||
| CVE-2023-30333 | 1 Perfree | 1 Perfreeblog | 2025-01-23 | N/A | 9.8 CRITICAL |
| An arbitrary file upload vulnerability in the component /admin/ThemeController.java of PerfreeBlog v3.1.2 allows attackers to execute arbitrary code via a crafted file. | |||||