Total
1160 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-20735 | 1 8cms | 1 Ljcms | 2024-12-10 | N/A | 9.8 CRITICAL |
| File Upload vulnerability in LJCMS v.4.3.R60321 allows a remote attacker to execute arbitrary code via the ljcms/index.php parameter. | |||||
| CVE-2020-20718 | 1 Pluck-cms | 1 Pluckcms | 2024-12-10 | N/A | 9.8 CRITICAL |
| File Upload vulnerability in PluckCMS v.4.7.10 dev versions allows a remote attacker to execute arbitrary code via a crafted image file to the the save_file() parameter. | |||||
| CVE-2020-21174 | 1 Feehi | 1 Feehicms | 2024-12-10 | N/A | 9.8 CRITICAL |
| File Upload vulenrability in liufee CMS v.2.0.7.1 allows a remote attacker to execute arbitrary code via the image suffix function. | |||||
| CVE-2020-21474 | 1 Nucleuscms | 1 Nucleuscms | 2024-12-10 | N/A | 9.8 CRITICAL |
| File Upload vulnerability in NucleusCMS v.3.71 allows a remote attacker to execute arbitrary code via the /nucleus/plugins/skinfiles/?dir=rsd parameter. | |||||
| CVE-2020-21489 | 1 Feehi | 1 Feehicms | 2024-12-09 | N/A | 9.8 CRITICAL |
| File Upload vulnerability in Feehicms v.2.0.8 allows a remote attacker to execute arbitrary code via the /admin/index.php?r=admin-user%2Fupdate-self component. | |||||
| CVE-2024-53822 | 2024-12-09 | N/A | 10.0 CRITICAL | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in Genetech Pie Register Premium.This issue affects Pie Register Premium: from n/a before 3.8.3.3. | |||||
| CVE-2024-51548 | 2024-12-05 | N/A | 9.9 CRITICAL | ||
| Dangerous File Upload vulnerabilities allow upload of malicious scripts. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 | |||||
| CVE-2024-51366 | 2024-12-04 | N/A | 9.8 CRITICAL | ||
| An arbitrary file upload vulnerability in the component \Roaming\Omega of OmegaT v6.0.1 allows attackers to execute arbitrary code via uploading a crafted .conf file. | |||||
| CVE-2024-52476 | 2024-12-02 | N/A | 10.0 CRITICAL | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in stefanbohacek Fediverse Embeds allows Upload a Web Shell to a Web Server.This issue affects Fediverse Embeds: from n/a through 1.5.3. | |||||
| CVE-2024-11979 | 2024-11-29 | N/A | 9.8 CRITICAL | ||
| DreamMaker from Interinfo has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbitrary files to any directory, leading to arbitrary code execution by uploading webshells. | |||||
| CVE-2024-52490 | 2024-11-28 | N/A | 10.0 CRITICAL | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in Pathomation allows Upload a Web Shell to a Web Server.This issue affects Pathomation: from n/a through 2.5.1. | |||||
| CVE-2024-11082 | 2024-11-28 | N/A | 9.9 CRITICAL | ||
| The Tumult Hype Animations plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the hypeanimations_panel() function in all versions up to, and including, 1.9.15. This makes it possible for authenticated attackers, with Author-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. | |||||
| CVE-2024-9942 | 1 Mojoomla | 1 Wordpress Gym Management System | 2024-11-26 | N/A | 9.8 CRITICAL |
| The WPGYM - Wordpress Gym Management System plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the MJ_gmgt_user_avatar_image_upload() function in all versions up to, and including, 67.1.0. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. | |||||
| CVE-2020-22151 | 1 Thedaylightstudio | 1 Fuel Cms | 2024-11-25 | N/A | 9.8 CRITICAL |
| Permissions vulnerability in Fuel-CMS v.1.4.6 allows a remote attacker to execute arbitrary code via a crafted zip file to the assests parameter of the upload function. | |||||
| CVE-2021-24171 | 1 Vanquish | 1 Woocommerce Upload Files | 2024-11-25 | 7.5 HIGH | 9.8 CRITICAL |
| The WooCommerce Upload Files WordPress plugin before 59.4 ran a single sanitization pass to remove blocked extensions such as .php. It was possible to bypass this and upload a file with a PHP extension by embedding a "blocked" extension within another "blocked" extension in the "wcuf_file_name" parameter. It was also possible to perform a double extension attack and upload files to a different location via path traversal using the "wcuf_current_upload_session_id" parameter. | |||||
| CVE-2024-6220 | 1 Keydatas | 1 Keydatas | 2024-11-21 | N/A | 9.8 CRITICAL |
| The 简数采集器 (Keydatas) plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the keydatas_downloadImages function in all versions up to, and including, 2.5.2. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. | |||||
| CVE-2024-5827 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
| Vanna v0.3.4 is vulnerable to SQL injection in its DuckDB integration exposed to its Flask Web APIs. Attackers can inject malicious SQL training data and generate corresponding queries to write arbitrary files on the victim's file system, such as backdoor.php with contents `<?php system($_GET[0]); ?>`. This can lead to command execution or the creation of backdoors. | |||||
| CVE-2024-49314 | 2024-11-21 | N/A | 10.0 CRITICAL | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in 酱茄 JiangQie Free Mini Program allows Upload a Web Shell to a Web Server.This issue affects JiangQie Free Mini Program: from n/a through 2.5.2. | |||||
| CVE-2024-3912 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
| Certain models of ASUS routers have an arbitrary firmware upload vulnerability. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary system commands on the device. | |||||
| CVE-2024-38736 | 2024-11-21 | N/A | 9.1 CRITICAL | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in Realtyna Realtyna Organic IDX plugin allows Code Injection.This issue affects Realtyna Organic IDX plugin: from n/a through 4.14.13. | |||||